PCI (Payment Card Industry Security Standard)_Req 8.2.2

Lionfish Cyber Security | July 9th 2022 |

PCI (Payment Card Industry Security Standard) Identify and authenticate access to system components Req 8.2.2 8.2.2 Verify user identity before modifying any authentication credential-for example performing password resets provisioning new tokens or generating new keys. Many malicious individuals use “social engineering”-for example calling a help desk and acting as a legitimate user-to have a password changed so they can utilize a user ID. Consider use of a “secret question” that only the…

Read More

PCI (Payment Card Industry Security Standard)_Req 3.3

Lionfish Cyber Security | July 9th 2022 |

PCI (Payment Card Industry Security Standard) Protect stored cardholder data Req 3.3 3.3 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed) such that only personnel with a legitimate business need can see more than the first six/last four digits of the PAN. Note: this requirement does not supersede stricter requirements in place for displays of cardholder data-for example legal or…

Read More

CMMC v2.0_AU.L2-3.3.4

Lionfish Cyber Security | July 9th 2022 |

CMMC v2.0 3.3 AUDIT AND ACCOUNTABILITY AU.L2-3.3.4 Alert in the event of an audit logging process failure. Audit logging process failures include software and hardware errors failures in the audit record capturing mechanisms and audit record storage capacity being reached or exceeded. This requirement applies to each audit record data storage repository (i.e. distinct system component where audit records are stored) the total audit record storage capacity of organizations (i.e. all audit…

Read More

PCI (Payment Card Industry Security Standard)_Req 8.1.6

Lionfish Cyber Security | July 9th 2022 |

PCI (Payment Card Industry Security Standard) Identify and authenticate access to system components Req 8.1.6 8.1.6 Limit repeated access attempts by locking out the user ID after not more than six attempts. Without account-lockout mechanisms in place an attacker can continually attempt to guess a password through manual or automated tools (for example password cracking) until they achieve success and gain access to a user’s account. Note: Testing Procedure 8.1.6.b is an…

Read More

NIST 800-53_SR-12

Lionfish Cyber Security | July 8th 2022 |

NIST 800-53 Supply Chain Risk Management SR-12 Component Disposal Dispose of [Assignment: organization-defined data documentation tools or system components] using the following techniques and methods: [Assignment: organization-defined techniques and methods].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…

Read More

CIS Framework Controls V8_15.5

Lionfish Cyber Security | July 8th 2022 |

CIS Framework Controls V8 Service Provider Management 15.5 Assess Service Providers Assess service providers consistent with the enterprise’s service provider management policy. Assessment scope may vary based on classification(s) and may include review of standardized assessment reports such as Service Organization Control 2 (SOC 2) and Payment Card Industry (PCI) Attestation of Compliance (AoC) customized questionnaires or other appropriately rigorous processes. Reassess service providers annually at a minimum or with new and…

Read More

PCI (Payment Card Industry Security Standard)_Req 12.8.2

Lionfish Cyber Security | July 8th 2022 |

PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Req 12.8.2 12.8.2 Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess or otherwise store process or transmit on behalf of the customer or to the extent that they could impact the security of the customer’s cardholder data environment. Note: The…

Read More

PCI (Payment Card Industry Security Standard)_Test 6.5.5

Lionfish Cyber Security | July 8th 2022 |

PCI (Payment Card Industry Security Standard) Develop and maintain secure systems and applications Test 6.5.5 6.5.5 Examine software-development policies and procedures and interview responsible personnel to verify that improper error handling is addressed by coding techniques that do not leak information via error messages (for example by returning generic rather than specific error details). Applications can unintentionally leak information about their configuration or internal workings or expose privileged information through improper error…

Read More

NIST 800-53_MA-6(3)

Lionfish Cyber Security | July 7th 2022 |

NIST 800-53 Maintenance MA-6(3) Timely Maintenance Automated Support for Predictive Maintenance Transfer predictive maintenance data to a maintenance management system using [Assignment: organization-defined automated mechanisms].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to…

Read More

NIST 800-53_AU-8(2)

Lionfish Cyber Security | July 7th 2022 |

NIST 800-53 Audit and Accountability AU-8(2) Time Stamps Secondary Authoritative Time Source [Withdrawn: Moved to SC-45(2).]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…

Read More

NIST 800-171_3.4.3

Lionfish Cyber Security | July 7th 2022 |

NIST 800-171 3.4 CONFIGURATION MANAGEMENT 3.4.3 Track review approve or disapprove and log changes to organizational systems. Tracking reviewing approving/disapproving and logging changes is called configuration change control. Configuration change control for organizational systems involves the systematic proposal justification implementation testing review and disposition of changes to the systems including system upgrades and modifications. Configuration change control includes changes to baseline configurations for components and configuration items of systems changes to configuration…

Read More

NIST 800-53_SI-7(16)

Lionfish Cyber Security | July 7th 2022 |

NIST 800-53 System and Information Integrity SI-7(16) Software Firmware and Information Integrity Time Limit on Process Execution Without Supervision Prohibit processes from executing without supervision for more than [Assignment: organization-defined time period].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…

Read More

NIST 800-53_AC-4(12)

Lionfish Cyber Security | July 7th 2022 |

NIST 800-53 Access Control AC-4(12) Information Flow Enforcement Data Type Identifiers When transferring information between different security domains use [Assignment: organization-defined data type identifiers] to validate data essential for information flow decisions.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…

Read More

NIST 800-53_SC-5

Lionfish Cyber Security | July 6th 2022 |

NIST 800-53 System and Communications Protection SC-5 Denial-of-service Protection a. [Selection: Protect against; Limit] the effects of the following types of denial-of-service events: [Assignment: organization-defined types of denial-of-service events]; andb. Employ the following controls to achieve the denial-of-service objective: [Assignment: organization-defined controls by type of denial-of-service event].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security…

Read More

NIST 800-53_SA-12(5)

Lionfish Cyber Security | July 6th 2022 |

NIST 800-53 System and Services Acquisitions SA-12(5) Supply Chain Protection Limitation of Harm [Withdrawn: Moved to SR-3(2).]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built…

Read More

NIST 800-53_AU-6(1)

Lionfish Cyber Security | July 5th 2022 |

NIST 800-53 Audit and Accountability AU-6(1) Audit Record Review Analysis and Reporting Automated Process Integration Integrate audit record review analysis and reporting processes using [Assignment: organization-defined automated mechanisms].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…

Read More

NIST 800-53_IA-4(6)

Lionfish Cyber Security | July 5th 2022 |

NIST 800-53 Identification and Authentication IA-4(6) Identifier Management Cross-organization Management Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to…

Read More

NIST 800-53_AC-19(2)

Lionfish Cyber Security | July 5th 2022 |

NIST 800-53 Access Control AC-19(2) Access Control for Mobile Devices Use of Personally Owned Portable Storage Devices [Withdrawn: Incorporated into MP-7.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor…

Read More

PCI (Payment Card Industry Security Standard)_Test 8.2.2

Lionfish Cyber Security | July 5th 2022 |

PCI (Payment Card Industry Security Standard) Identify and authenticate access to system components Test 8.2.2 8.2.2 Examine authentication procedures for modifying authentication credentials and observe security personnel to verify that if a user requests a reset of an authentication credential by phone e-mail web or other non-face-to-face method the user’s identity is verified before the authentication credential is modified. Many malicious individuals use “social engineering”-for example calling a help desk and acting…

Read More

NIST 800-53_AU-9(4)

Lionfish Cyber Security | July 5th 2022 |

NIST 800-53 Audit and Accountability AU-9(4) Protection of Audit Information Access by Subset of Privileged Users Authorize access to management of audit logging functionality to only [Assignment: organization-defined subset of privileged users or roles].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more…

Read More

Page 110 of 119