NIST 800-53 Contingency Planning CP-8(3) Telecommunications Services Separation of Primary and Alternate Providers Obtain alternate telecommunications services from providers that are separated from primary service providers to reduce susceptibility to the same threats. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…
CIS Framework Controls V8_12.3
CIS Framework Controls V8 Network Infrastructure Management 12.3 Securely Manage Network Infrastructure Securely manage network infrastructure. Example implementations include version-controlled-infrastructure-as-code and the use of secure network protocols such as SSH and HTTPS. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
NIST 800-53 Awareness and Training AT-3(2) Role-based Training Physical Security Controls Provide [Assignment: organization-defined personnel or roles] with initial and [Assignment: organization-defined frequency] training in the employment and operation of physical security controls. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…
NERC CIP-002 through CIP-014 Revision 6_CIP-009-6 2.1
NERC CIP-002 through CIP-014 Revision 6 Recovery Plan Implementation and Testing CIP-009-6 2.1 2.1 Test each of the recovery plans referenced in Requirement R1 at least once every 15 calendar months:- By recovering from an actual incident;- With a paper drill or tabletop exercise; or- With an operational exercise. M2. Evidence must include but is not limited to documentation that collectively demonstrates implementation of each of the applicable requirement parts in CIP-009-6…
NIST 800-53 System and Services Acquisitions SA-8(26) Security and Privacy Engineering Principles Performance Security Implement the security design principle of performance security in [Assignment: organization-defined systems or system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…
NIST 800-53 Awareness and Training AT-2(2) Literacy Training and Awareness Insider Threat Provide literacy training on recognizing and reporting potential indicators of insider threat. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track…
NIST 800-53 System and Information Integrity SI-4(4) System Monitoring Inbound and Outbound Communications Traffic (a) Determine criteria for unusual or unauthorized activities or conditions for inbound and outbound communications traffic;(b) Monitor inbound and outbound communications traffic [Assignment: organization-defined frequency] for [Assignment: organization-defined unusual or unauthorized activities or conditions]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your…
CMMC v2.0 3.12 SECURITY ASSESSMENT CA.L2-3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. Organizations assess security controls in organizational systems and the environments in which those systems operate as part of the system development life cycle. Security controls are the safeguards or countermeasures organizations implement to satisfy security requirements. By assessing the implemented security controls organizations determine if the security safeguards…
NERC CIP-002 through CIP-014 Revision 6_CIP-014-2 R3
NERC CIP-002 through CIP-014 Revision 6 Physical Security CIP-014-2 R3 R3. For a primary control center(s) identified by the Transmission Owner according to Requirement R1 Part 1.2 that a) operationally controls an identified Transmission station or Transmission substation verified according to Requirement R2 and b) is not under the operational control of the Transmission Owner: the Transmission Owner shall within seven calendar days following completion of Requirement R2 notify the Transmission Operator…
PCI (Payment Card Industry Security Standard)_Req 11.1.2
PCI (Payment Card Industry Security Standard) Regularly test security systems and processes Req 11.1.2 11.1.2 Implement incident response procedures in the event unauthorized wireless access points are detected. Implementation and/or exploitation of wireless technology within a network are some of the most common paths for malicious users to gain access to the network and cardholder data. If a wireless device or network is installed without a company’s knowledge it can allow an…
NIST 800-53 System and Communications Protection SC-7(21) Boundary Protection Isolation of System Components Employ boundary protection mechanisms to isolate [Assignment: organization-defined system components] supporting [Assignment: organization-defined missions and/or business functions]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…
NIST 800-53 System and Information Integrity SI-7(7) Software Firmware and Information Integrity Integration of Detection and Response Incorporate the detection of the following unauthorized changes into the organizational incident response capability: [Assignment: organization-defined security-relevant changes to the system]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools…
PCI (Payment Card Industry Security Standard)_Req 9.1.3
PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Req 9.1.3 9.1.3 Restrict physical access to wireless access points gateways handheld devices networking/communications hardware and telecommunication lines. Without security over access to wireless components and devices malicious users could use an organization’s unattended wireless devices to access network resources or even connect their own devices to the wireless network to gain unauthorized access. Additionally securing networking and communications hardware…
PCI (Payment Card Industry Security Standard)_Req 2.1.1
PCI (Payment Card Industry Security Standard) Do not use vendor-supplied defaults for system passwords and other security measures Req 2.1.1 2.1.1 For wireless environments connected to the cardholder data environment or transmitting cardholder data change all wireless vendor defaults at installation including but not limited to default wireless encryption keys passwords and SNMP community strings. If wireless networks are not implemented with sufficient security configurations (including changing default settings) wireless sniffers can…
CIS Framework Controls V8 Secure Configuration of Enterprise Assets and Software 4.1 Enforce Automatic Device Lockout on Portable End-User Devices Enforce automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices where supported. For laptops do not allow more than 20 failed authentication attempts; for tablets and smartphones no more than 10 failed authentication attempts. Example implementations include Microsoft? InTune Device Lock and Apple? Configuration Profile…
NIST 800-53 Physical and Environmental Protection PE-5(3) Access Control for Output Devices Marking Output Devices [Withdrawn: Incorporated into PE-22.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework,…
NIST 800-53 Access Control AC-6(2) Least Privilege Non-privileged Access for Nonsecurity Functions Require that users of system accounts (or roles) with access to [Assignment: organization-defined security functions or security-relevant information] use non-privileged accounts or roles when accessing nonsecurity functions. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of…
NIST 800-53 Assessment, Authorization and Monitoring CA-6(1) Authorization Joint Authorization ? Intra-organization Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
NIST 800-53 System and Services Acquisitions SA-12(11) Supply Chain Protection Penetration Testing / Analysis of Elements Processes and Actors [Withdrawn: Moved to SR-6(1).] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…
PCI (Payment Card Industry Security Standard)_Req 10.7
PCI (Payment Card Industry Security Standard) Track and monitor all access to network resources and cardholder data Req 10.7 10.7 Retain audit trail history for at least one year with a minimum of three months immediately available for analysis (for example online archived or restorable from backup). Retaining logs for at least a year allows for the fact that it often takes a while to notice that a compromise has occurred or…