NIST 800-53 Awareness and Training AT-3(5) Role-based Training Processing Personally Identifiable Information Provide [Assignment: organization-defined personnel or roles] with initial and [Assignment: organization-defined frequency] training in the employment and operation of personally identifiable information processing and transparency controls. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools…
NIST 800-53 Audit and Accountability AU-10(5) Non-repudiation Digital Signatures [Withdrawn: Incorporated into SI-7.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and…
NIST 800-53 System and Information Integrity SI-3(3) Malicious Code Protection Non-privileged Users [Withdrawn: Incorporated into AC-6(10).] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
NIST 800-53 Assessment, Authorization and Monitoring CA-3(5) Information Exchange Restrictions on External System Connections [Withdrawn: Moved to SC-7(5).] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from…
SOC 2 Privacy Additional Criteria for Privacy P1.1 The entity provides notice to data subjects about its privacy practices to meet the entity?s objectives related to privacy. The notice is updated and communicated to data subjects in a timely manner for changes to the entity?s privacy practices including changes in the use of personal information to meet the entity?s objectives related to privacy. Communicates to Data Subjects—Notice is provided to data subjects…
CIS Framework Controls V8_3.12
CIS Framework Controls V8 Data Protection 3.12 Segment Data Processing and Storage Based on Sensitivity Segment data processing and storage based on the sensitivity of the data. Do not process sensitive data on enterprise assets intended for lower sensitivity data. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number…
NIST 800-53 Access Control AC-19(3) Access Control for Mobile Devices Use of Portable Storage Devices with No Identifiable Owner [Withdrawn: Incorporated into MP-7.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…
HIPAA Administrative Safeguards 164.308(a)(4) 4.4. Information Access Management (? 164.308(a)(4)) Standard: Information access management. Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part.Implementation specifications:- Isolating health care clearinghouse functions (Required). If a health care clearinghouse is part of a larger organization the clearinghouse must implement policies and procedures that protect the electronic protected health information of…
NIST 800-53 Contingency Planning CP-9(8) System Backup Cryptographic Protection Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined backup information]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…
NIST 800-53 Personally Identifiable Information Processing and Transparency PT-2(1) Authority to Process Personally Identifiable Information Data Tagging Attach data tags containing [Assignment: organization-defined authorized processing] to [Assignment: organization-defined elements of personally identifiable information]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…
CIS Framework Controls V8 Continuous Vulnerability Management 7.1 Establish and Maintain a Vulnerability Management Process Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually or when significant enterprise changes occur that could impact this Safeguard. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an…
NIST 800-53 Media Protection MP-7 Media Use a. [Selection: Restrict; Prohibit] the use of [Assignment: organization-defined types of system media] on [Assignment: organization-defined systems or system components] using [Assignment: organization-defined controls]; andb. Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter…
NIST 800-53 System and Services Acquisitions SA-9(7) External System Services Organization-controlled Integrity Checking Provide the capability to check the integrity of information while it resides in the external system. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…
NERC CIP-002 through CIP-014 Revision 6_CIP-014-2 R2
NERC CIP-002 through CIP-014 Revision 6 Physical Security CIP-014-2 R2 R2. Each Transmission Owner shall have an unaffiliated third party verify the risk assessment performed under Requirement R1. The verification may occur concurrent with or after the risk assessment performed under Requirement R1. [VRF: Medium; Time-Horizon: Long-term Planning] M2. Examples of acceptable evidence may include but are not limited to dated written or electronic documentation that the Transmission Owner completed an unaffiliated…
PCI (Payment Card Industry Security Standard)_Req 9.1.2
PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Req 9.1.2 9.1.2 Implement physical and/or logical controls to restrict access to publicly accessible network jacks. For example network jacks located in public areas and areas accessible to visitors could be disabled and only enabled when network access is explicitly authorized. Alternatively processes could be implemented to ensure that visitors are escorted at all times in areas with active network…
NIST 800-53 System and Information Integrity SI-8(1) Spam Protection Central Management [Withdrawn: Incorporated into PL-9.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to…
NIST 800-53 Configuration Management CM-13 Data Action Mapping Develop and document a map of system data actions. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built…
NIST 800-53 Identification and Authentication IA-5(12) Authenticator Management Biometric Authentication Performance For biometric-based authentication employ mechanisms that satisfy the following biometric quality requirements [Assignment: organization-defined biometric quality requirements]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…
PCI (Payment Card Industry Security Standard)_Req 1.3.7
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Req 1.3.7 1.3.7 Do not disclose private IP addresses and routing information to unauthorized parties. Note: methods to obscure IP addressing may include but are not limited to: – network address translation (NAT) – placing servers containing cardholder data behind proxy servers/firewalls – removal or filtering of route advertisements for private networks that employ registered addressing…
PCI (Payment Card Industry Security Standard)_Req 7.2.1
PCI (Payment Card Industry Security Standard) Restrict access to cardholder data by business need to know Req 7.2.1 7.2.1 Coverage of all system components Without a mechanism to restrict access based on user’s need to know a user may unknowingly be granted access to cardholder data. Access control systems automate the process of restricting access and assigning privileges. Additionally a default “deny-all” setting ensures no one is granted access until and unless…