NIST 800-53 Planning PL-2(1) System Security and Privacy Plans Concept of Operations [Withdrawn: Incorporated into PL-7.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
NIST 800-53 Contingency Planning CP-10(4) System Recovery and Reconstitution Restore Within Time Period Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known operational state for the components. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of…
NIST 800-53 Audit and Accountability AU-9(2) Protection of Audit Information Store on Separate Physical Systems or Components Store audit records [Assignment: organization-defined frequency] in a repository that is part of a physically different system or system component than the system or component being audited. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs…
NIST 800-53 Program Management PM-5(1) System Inventory Inventory of Personally Identifiable Information Establish maintain and update [Assignment: organization-defined frequency] an inventory of all systems applications and projects that process personally identifiable information. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
CMMC v2.0 3.10 PHYSICAL PROTECTION PE.L2-3.10.6 Enforce safeguarding measures for CUI at alternate work sites Alternate work sites may include government facilities or the private residences of employees. Organizations may define different security requirements for specific alternate work sites or types of sites depending on the work-related activities conducted at those sites.[SP 800-46] and [SP 800-114] provide guidance on enterprise and user security when teleworking. Click here to Start your FREE…
NIST 800-53 Audit and Accountability AU-8 Time Stamps a. Use internal system clocks to generate time stamps for audit records; andb. Record time stamps for audit records that meet [Assignment: organization-defined granularity of time measurement] and that use Coordinated Universal Time have a fixed local time offset from Coordinated Universal Time or that include the local time offset as part of the time stamp. Click here to Start your FREE trial…
NIST 800-53 Awareness and Training AT-3 Role-based Training a. Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]:1. Before authorizing access to the system information or performing assigned duties and [Assignment: organization-defined frequency] thereafter; and2. When required by system changes;b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; andc. Incorporate lessons learned from internal or external security incidents…
PCI (Payment Card Industry Security Standard)_Req 11.3.2
PCI (Payment Card Industry Security Standard) Regularly test security systems and processes Req 11.3.2 11.3.2 Perform internal penetration testing at least annually and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade a sub-network added to the environment or a web server added to the environment). Penetration testing conducted on a regular basis and after significant changes to the environment is a proactive security measure that…
PCI (Payment Card Industry Security Standard)_Req 1.3.3
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Req 1.3.3 1.3.3 Implement anti-spoofing measures to detect and block forged source IP addresses from entering the network. (for example block traffic originating from the internet with an internal source address.) Normally a packet contains the IP address of the computer that originally sent it so other computers in the network know where the packet came…
NIST 800-53 Incident Response IR-3 Incident Response Testing Test the effectiveness of the incident response capability for the system [Assignment: organization-defined frequency] using the following tests: [Assignment: organization-defined tests]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…
CIS Framework Controls V8_12.2
CIS Framework Controls V8 Network Infrastructure Management 12.2 Establish and Maintain a Secure Network Architecture Establish and maintain a secure network architecture. A secure network architecture must address segmentation least privilege and availability at a minimum. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they…
CIS Framework Controls V8 Data Protection 3.1 Encrypt Sensitive Data in Transit Encrypt sensitive data in transit. Example implementations can include: Transport Layer Security (TLS) and Open Secure Shell (OpenSSH). Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…
NIST-CSF Information Protection Processes and Procedures (PR.IP) PR.IP-5 PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met NULL Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…
NIST 800-53 Physical and Environmental Protection PE-13 Fire Protection Employ and maintain fire detection and suppression systems that are supported by an independent energy source. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to…
NIST 800-53 Audit and Accountability AU-10(4) Non-repudiation Validate Binding of Information Reviewer Identity (a) Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between [Assignment: organization-defined security domains]; and(b) Perform [Assignment: organization-defined actions] in the event of a validation error. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You…
PCI (Payment Card Industry Security Standard)_Req 9.7
PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Req 9.7 9.7 Maintain strict control over the storage and accessibility of media. Without careful inventory methods and storage controls stolen or missing media could go unnoticed for an indefinite amount of time. If media is not inventoried stolen or lost media may not be noticed for a long time or at all. Click here to Start your FREE…
NIST 800-171 3.12 SECURITY ASSESSMENT 3.12.4 Develop document and periodically update system security plans that describe system boundaries system environments of operation how security requirements are implemented and the relationships with or connections to other systems. System security plans relate security requirements to a set of security controls. System security plans also describe at a high level how the security controls meet those security requirements but do not provide detailed technical descriptions…
NERC CIP-002 through CIP-014 Revision 6_CIP-004-6 2.2
NERC CIP-002 through CIP-014 Revision 6 Cyber Security Training Program CIP-004-6 2.2 2.2 Require completion of the training specified in Part 2.1 prior to granting authorized electronic access and authorized unescorted physical access to applicable Cyber Assets except during CIP Exceptional Circumstances. M2. Evidence must include the training program that includes each of the applicable requirement parts in CIP-004-6 Table R2– Cyber Security Training Program and additional evidence to demonstrate implementation of…
NIST 800-53 Contingency Planning CP-9 System Backup a. Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives];b. Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives];c. Conduct backups of system documentation including security- and privacy-related documentation [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; and…
NIST 800-53 Maintenance MA-3(5) Maintenance Tools Execution with Privilege Monitor the use of maintenance tools that execute with increased privilege. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any…