NIST 800-53 System and Services Acquisitions SA-12(12) Supply Chain Protection Inter-organizational Agreements [Withdrawn: Moved to SR-8.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
NIST 800-53 System and Communications Protection SC-11 Trusted Path a. Provide a [Selection: physically; logically] isolated trusted communications path for communications between the user and the trusted components of the system; andb. Permit users to invoke the trusted communications path for communications between the user and the following security functions of the system including at a minimum authentication and re-authentication: [Assignment: organization-defined security functions]. Click here to Start your FREE trial…
PCI (Payment Card Industry Security Standard)_Req 1.3.5
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Req 1.3.5 1.3.5 Permit only “established” connections into the network. A firewall that maintains the “state” (or the status) for each connection through the firewall knows whether an apparent response to a previous connection is actually a valid authorized response (since it retains each connection’s status) or is malicious traffic trying to trick the firewall into…
NIST 800-53 Contingency Planning CP-2(8) Contingency Plan Identify Critical Assets Identify critical system assets supporting [Selection: all; essential] mission and business functions. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and…
NIST 800-53 System and Communications Protection SC-31(1) Covert Channel Analysis Test Covert Channels for Exploitability Test a subset of the identified covert channels to determine the channels that are exploitable. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…
NERC CIP-002 through CIP-014 Revision 6_CIP-002-5.1a R1
NERC CIP-002 through CIP-014 Revision 6 Inventory CIP-002-5.1a R1 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: [Violation Risk Factor: High] [Time Horizon: Operations Planning] i. Control Centers and backup Control Centers; ii. Transmission stations and substations; iii. Generation resources; iv. Systems and facilities critical to system restoration including Blackstart Resources and Cranking Paths and initial switching requirements;…
NIST 800-53 System and Information Integrity SI-11 Error Handling a. Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; andb. Reveal error messages only to [Assignment: organization-defined personnel or roles]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools…
NIST 800-53 System and Information Integrity SI-4(14) System Monitoring Wireless Intrusion Detection Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they…
NIST 800-53 Identification and Authentication IA-2(7) Identification and Authentication (organizational Users) Network Access to Non-privileged Accounts ? Separate Device [Withdrawn: Incorporated into IA-2(6).] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…
PCI (Payment Card Industry Security Standard)_Req 12.3.9
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Req 12.3.9 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners with immediate deactivation after use Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing…
NIST 800-53 Contingency Planning CP-8(4) Telecommunications Services Provider Contingency Plan (a) Require primary and alternate telecommunications service providers to have contingency plans;(b) Review provider contingency plans to ensure that the plans meet organizational contingency requirements; and(c) Obtain evidence of contingency testing and training by providers [Assignment: organization-defined frequency]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your…
NIST 800-53 Access Control AC-17(9) Remote Access Disconnect or Disable Access Provide the capability to disconnect or disable remote access to the system within [Assignment: organization-defined time period]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…
PCI (Payment Card Industry Security Standard)_Req 1.3.4
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Req 1.3.4 1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the internet. All traffic outbound from the cardholder data environment should be evaluated to ensure that it follows established authorized rules. Connections should be inspected to restrict traffic to only authorized communications (for example by restricting source/destination addresses/ports and/or blocking of…
CIS Framework Controls V8_4.12
CIS Framework Controls V8 Secure Configuration of Enterprise Assets and Software 4.12 Separate Enterprise Workspaces on Mobile End-User Devices Ensure separate enterprise workspaces are used on mobile end-user devices where supported. Example implementations include using an Apple? Configuration Profile or Android? Work Profile to separate enterprise applications and data from personal applications and data. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework?…
PCI (Payment Card Industry Security Standard)_Req 6.5.9
PCI (Payment Card Industry Security Standard) Develop and maintain secure systems and applications Req 6.5.9 6.5.9 Cross-site request forgery (CSRF) A CSRF attack forces a logged-on victim’s browser to send a pre-authenticated request to a vulnerable web application which then enables the attacker to perform any state-changing operations the victim is authorized to perform (such as updating account details making purchases or even authenticating to the application). Click here to Start…
NIST 800-53 System and Services Acquisitions SA-11(1) Developer Testing and Evaluation Static Code Analysis Require the developer of the system system component or system service to employ static code analysis tools to identify common flaws and document the results of the analysis. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an…
NIST 800-53 Maintenance MA-2(2) Controlled Maintenance Automated Maintenance Activities (a) Schedule conduct and document maintenance repair and replacement actions for the system using [Assignment: organization-defined automated mechanisms]; and(b) Produce up-to date accurate and complete records of all maintenance repair and replacement actions requested scheduled in process and completed. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your…
PCI (Payment Card Industry Security Standard)_Req 10.2.4
PCI (Payment Card Industry Security Standard) Track and monitor all access to network resources and cardholder data Req 10.2.4 10.2.4 Invalid logical access attempts Malicious individuals will often perform multiple access attempts on targeted systems. Multiple invalid login attempts may be an indication of an unauthorized user’s attempts to “brute force” or guess a password. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance…
NIST 800-53 Contingency Planning CP-4(5) Contingency Plan Testing Self-challenge Employ [Assignment: organization-defined mechanisms] to [Assignment: organization-defined system or system component] to disrupt and adversely affect the system or system component. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…
NIST 800-171 3.13 SYSTEM AND COMMUNICATIONS PROTECTION 3.13.2 Employ architectural designs software development techniques and systems engineering principles that promote effective information security within organizational systems Organizations apply systems security engineering principles to new development systems or systems undergoing major upgrades. For legacy systems organizations apply systems security engineering principles to system upgrades and modifications to the extent feasible given the current state of hardware software and firmware components within those systems.…