NERC CIP-002 through CIP-014 Revision 6_CIP-003-6 R2

Lionfish Cyber Security | July 14th 2022 |

NERC CIP-002 through CIP-014 Revision 6 Security Management Controls CIP-003-6 R2 R2. Each Responsible Entity with at least one asset identified in CIP-002 containing low impact BES Cyber Systems shall implement one or more documented cyber security plan(s) for its low impact BES Cyber Systems that include the sections in Attachment 1. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]Note: An inventory list or discrete identification of low impact BES Cyber Systems…

Read More

PCI (Payment Card Industry Security Standard)_Req 9.5.1

Lionfish Cyber Security | July 13th 2022 |

PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Req 9.5.1 9.5.1 Store media backups in a secure location preferably an off-site facility such as an alternate or backup site or a commercial storage facility. Review the location’s security at least annually. If stored in a non-secured facility backups that contain cardholder data may easily be lost stolen or copied for malicious intent. Periodically reviewing the storage facility enables…

Read More

NERC CIP-002 through CIP-014 Revision 6_CIP-007-6 1.2

Lionfish Cyber Security | July 13th 2022 |

NERC CIP-002 through CIP-014 Revision 6 Ports and Services CIP-007-6 1.2 1.2 Protect against the use of unnecessary physical input/output ports used for network connectivity console commands or Removable Media. M1. Evidence must include the documented processes that collectively include each of the applicable requirement parts in CIP-007-6 Table R1– Ports and Services and additional evidence to demonstrate implementation as described in the Measures column of the table.CIP-007-6 Table R1– Ports and…

Read More

NIST 800-53_SR-4

Lionfish Cyber Security | July 13th 2022 |

NIST 800-53 Supply Chain Risk Management SR-4 Provenance Document monitor and maintain valid provenance of the following systems system components and associated data: [Assignment: organization-defined systems system components and associated data].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…

Read More

NIST 800-53_AC-21

Lionfish Cyber Security | July 13th 2022 |

NIST 800-53 Access Control AC-21 Information Sharing a. Enable authorized users to determine whether access authorizations assigned to a sharing partner match the information?s access and use restrictions for [Assignment: organization-defined information sharing circumstances where user discretion is required]; andb. Employ [Assignment: organization-defined automated mechanisms or manual processes] to assist users in making information sharing and collaboration decisions.   Click here to Start your FREE trial today! Explainer video   What is…

Read More

CMMC v2.0_SC.L1-3.13.5

Lionfish Cyber Security | July 12th 2022 |

CMMC v2.0 3.13 SYSTEM AND COMMUNICATIONS PROTECTION SC.L1-3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones (DMZs). DMZs are typically implemented with boundary control devices and techniques that include routers gateways firewalls virtualization or cloud-based technologies. [SP 800-41] provides guidance on firewalls and firewall policy. [SP 800-125B] provides…

Read More

NIST 800-53_AC-13

Lionfish Cyber Security | July 12th 2022 |

NIST 800-53 Access Control AC-13 Supervision and Review ? Access Control [Withdrawn: Incorporated into AC-2 and AU-6.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built…

Read More

NIST-CSF_ID.RA-5

Lionfish Cyber Security | July 12th 2022 |

NIST-CSF Risk Assessment (ID.RA) ID.RA-5 ID.RA-5: Threats vulnerabilities likelihoods and impacts are used to determine risk NULL   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built…

Read More

PCI (Payment Card Industry Security Standard)_Test 9.6.3

Lionfish Cyber Security | July 12th 2022 |

PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Test 9.6.3 9.6.3 Select a recent sample of several days of offsite tracking logs for all media. From examination of the logs and interviews with responsible personnel verify proper management authorization is obtained whenever media is moved from a secured area (including when media is distributed to individuals). Without a firm process for ensuring that all media movements are approved…

Read More

NIST 800-53_IA-5(9)

Lionfish Cyber Security | July 12th 2022 |

NIST 800-53 Identification and Authentication IA-5(9) Authenticator Management Federated Credential Management Use the following external organizations to federate credentials: [Assignment: organization-defined external organizations].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…

Read More

NIST 800-53_PL-5

Lionfish Cyber Security | July 12th 2022 |

NIST 800-53 Planning PL-5 Privacy Impact Assessment [Withdrawn: Incorporated into RA-8.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top…

Read More

NIST 800-53_AU-9(5)

Lionfish Cyber Security | July 11th 2022 |

NIST 800-53 Audit and Accountability AU-9(5) Protection of Audit Information Dual Authorization Enforce dual authorization for [Selection (one or more): movement; deletion] of [Assignment: organization-defined audit information].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…

Read More

CIS Framework Controls V8_5.5

Lionfish Cyber Security | July 11th 2022 |

CIS Framework Controls V8 Account Management 5.5 Establish and Maintain an Inventory of Service Accounts Establish and maintain an inventory of service accounts. The inventory at a minimum must contain department owner review date and purpose. Perform service account reviews to validate that all active accounts are authorized on a recurring schedule at a minimum quarterly or more frequently.   Click here to Start your FREE trial today! Explainer video   What…

Read More

NIST 800-53_SC-33

Lionfish Cyber Security | July 11th 2022 |

NIST 800-53 System and Communications Protection SC-33 Transmission Preparation Integrity [Withdrawn: Incorporated into SC-8.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized…

Read More

NIST 800-53_SI-6(2)

Lionfish Cyber Security | July 11th 2022 |

NIST 800-53 System and Information Integrity SI-6(2) Security and Privacy Function Verification Automation Support for Distributed Testing Implement automated mechanisms to support the management of distributed security and privacy function testing.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…

Read More

NIST 800-53_AC-4(4)

Lionfish Cyber Security | July 11th 2022 |

NIST 800-53 Access Control AC-4(4) Information Flow Enforcement Flow Control of Encrypted Information Prevent encrypted information from bypassing [Assignment: organization-defined information flow control mechanisms] by [Selection (one or more): decrypting the information; blocking the flow of the encrypted information; terminating communications sessions attempting to pass encrypted information; [Assignment: organization-defined procedure or method]].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t…

Read More

SOC 2_CC1.4

Lionfish Cyber Security | July 10th 2022 |

SOC 2 Security Control Environment CC1.4 COSO Principle 4: The entity demonstrates a commitment to attract develop and retain competent individuals in alignment with objectives. Establishes Policies and Practices—Policies and practices reflect expectations of competence necessary to support the achievement of objectives.Evaluates Competence and Addresses Shortcomings—The board of directors and management evaluate competence across the entity and in outsourced service providers in relation to established policies and practices and act as necessary…

Read More

NIST-CSF_RS.AN-2

Lionfish Cyber Security | July 10th 2022 |

NIST-CSF Analysis (RS.AN) RS.AN-2 RS.AN-2: The impact of the incident is understood NULL   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and…

Read More

NIST 800-171_3.8.4

Lionfish Cyber Security | July 10th 2022 |

NIST 800-171 3.8 MEDIA PROTECTION 3.8.4 Mark media with necessary CUI markings and distribution limitations The term security marking refers to the application or use of human-readable security attributes. System media includes digital and non-digital media. Marking of system media reflects applicable federal laws Executive Orders directives policies and regulations. See [NARA MARK].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You…

Read More

NIST 800-53_MA-5(1)

Lionfish Cyber Security | July 9th 2022 |

NIST 800-53 Maintenance MA-5(1) Maintenance Personnel Individuals Without Appropriate Access (a) Implement procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens that include the following requirements:(1) Maintenance personnel who do not have needed access authorizations clearances or formal access approvals are escorted and supervised during the performance of maintenance and diagnostic activities on the system by approved organizational personnel who are fully cleared have…

Read More

Page 109 of 119