NIST 800-53 System and Communications Protection SC-3(2) Security Function Isolation Access and Flow Control Functions Isolate security functions enforcing access and information flow control from nonsecurity functions and from other security functions. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
NIST 800-53 Personally Identifiable Information Processing and Transparency PT-6(1) System of Records Notice Routine Uses Review all routine uses published in the system of records notice at [Assignment: organization-defined frequency] to ensure continued accuracy and to ensure that routine uses continue to be compatible with the purpose for which the information was collected. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You…
PCI (Payment Card Industry Security Standard)_Test 12.10.4
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Test 12.10.4 12.10.4 Verify through observation review of policies and interviews of responsible personnel that staff with responsibilities for security breach response are periodically trained. Without a trained and readily available incident response team extended damage to the network could occur and critical data and systems may become “polluted” by inappropriate handling of the targeted systems.…
NERC CIP-002 through CIP-014 Revision 6_CIP-007-6 5.4
NERC CIP-002 through CIP-014 Revision 6 System Access Control CIP-007-6 5.4 5.4 Change known default passwords per Cyber Asset capability. M5. Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-007-6 Table 5– System Access Controls and additional evidence to demonstrate implementation as described in the Measures column of the table.CIP-007-6 Table R5– System Access Control Part Applicable Systems Requirements Measures 5.1…
NIST 800-53 System and Services Acquisitions SA-8(17) Security and Privacy Engineering Principles Secure Distributed Composition Implement the security design principle of secure distributed composition in [Assignment: organization-defined systems or system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…
CIS Framework Controls V8 Secure Configuration of Enterprise Assets and Software 4.3 Configure Automatic Session Locking on Enterprise Assets Configure automatic session locking on enterprise assets after a defined period of inactivity. For general purpose operating systems the period must not exceed 15 minutes. For mobile end-user devices the period must not exceed 2 minutes. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance…
NIST 800-53 System and Communications Protection SC-41 Port and I/O Device Access [Selection: Physically; Logically] disable or remove [Assignment: organization-defined connection ports or input/output devices] on the following systems or system components: [Assignment: organization-defined systems or system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools…
NIST 800-53 System and Communications Protection SC-23(2) Session Authenticity User-initiated Logouts and Message Displays [Withdrawn: Incorporated into AC-12(1).] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from…
CMMC v2.0 3.10 PHYSICAL PROTECTION PE.L2-3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished for example by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution transmission and power lines. Security controls applied to the support…
NIST 800-53 Incident Response IR-3(1) Incident Response Testing Automated Testing Test the incident response capability using [Assignment: organization-defined automated mechanisms]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any…
NIST 800-53 Risk Assessment RA-5(1) Vulnerability Monitoring and Scanning Update Tool Capability [Withdrawn: Incorporated into RA-5.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
NIST 800-53 Access Control AC-2(7) Account Management Privileged User Accounts (a) Establish and administer privileged user accounts in accordance with [Selection: a role-based access scheme; an attribute-based access scheme];(b) Monitor privileged role or attribute assignments;(c) Monitor changes to roles or attributes; and(d) Revoke access when privileged role or attribute assignments are no longer appropriate. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework?…
NIST 800-53 Contingency Planning CP-3 Contingency Training a. Provide contingency training to system users consistent with assigned roles and responsibilities: 1. Within [Assignment: organization-defined time period] of assuming a contingency role or responsibility;2. When required by system changes; and3. [Assignment: organization-defined frequency] thereafter; andb. Review and update contingency training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. Click here to Start your FREE trial today! Explainer video What is…
PCI (Payment Card Industry Security Standard)_Req 8.5.1
PCI (Payment Card Industry Security Standard) Identify and authenticate access to system components Req 8.5.1 8.5.1 Additional requirement for service providers only: service providers with remote access to customer premises (for example for support of POS systems or servers) must use a unique authentication credential (such as a password/phrase) for each customer. Note: This requirement is not intended to apply to shared hosting providers accessing their own hosting environment where multiple customer…
NIST 800-53 System and Services Acquisitions SA-11(2) Developer Testing and Evaluation Threat Modeling and Vulnerability Analyses Require the developer of the system system component or system service to perform threat modeling and vulnerability analyses during development and the subsequent testing and evaluation of the system component or service that: (a) Uses the following contextual information: [Assignment: organization-defined information concerning impact environment of operations known or assumed threats and acceptable risk levels];(b) Employs…
NIST 800-53 Physical and Environmental Protection PE-15(1) Water Damage Protection Automation Support Detect the presence of water near the system and alert [Assignment: organization-defined personnel or roles] using [Assignment: organization-defined automated mechanisms]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
NIST 800-53 Risk Assessment RA-5(2) Vulnerability Monitoring and Scanning Update Vulnerabilities to Be Scanned Update the system vulnerabilities to be scanned [Selection (one or more): [Assignment: organization-defined frequency]; prior to a new scan; when new vulnerabilities are identified and reported]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number…
NIST 800-53 Media Protection MP-8(1) Media Downgrading Documentation of Process Document system media downgrading actions. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to…
NIST 800-53 Access Control AC-17(8) Remote Access Disable Nonsecure Network Protocols [Withdrawn: Incorporated into CM-7.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to…
CIS Framework Controls V8_17.5
CIS Framework Controls V8 Incident Response Management 17.5 Assign Key Roles and Responsibilities Assign key roles and responsibilities for incident response including staff from legal IT information security facilities public relations human resources incident responders and analysts as applicable. Review annually or when significant enterprise changes occur that could impact this Safeguard. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t…