NIST 800-53 System and Communications Protection SC-8(4) Transmission Confidentiality and Integrity Conceal or Randomize Communications Implement cryptographic mechanisms to conceal or randomize communication patterns unless otherwise protected by [Assignment: organization-defined alternative physical controls]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…
NERC CIP-002 through CIP-014 Revision 6_CIP-011-2 1.2
NERC CIP-002 through CIP-014 Revision 6 Information Protection CIP-011-2 1.2 1.2 Procedure(s) for protecting and securely handling BES Cyber System Information including storage transit and use. M1. Evidence for the information protection program must include the applicable requirement parts in CIP-011-2 Table R1– Information Protection and additional evidence to demonstrate implementation as described in the Measures column of the table.CIP-011-2 Table R1– Information Protection Part Applicable Systems Requirements Measures 1.1 High Impact…
CIS Framework Controls V8_11.5
CIS Framework Controls V8 Data Recovery 11.5 Test Data Recovery Test backup recovery quarterly or more frequently for a sampling of in-scope enterprise assets. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track…
NIST 800-53 Incident Response IR-7(2) Incident Response Assistance Coordination with External Providers (a) Establish a direct cooperative relationship between its incident response capability and external providers of system protection capability; and(b) Identify organizational incident response team members to the external providers. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing…
CIS Framework Controls V8 Account Management 5.1 Establish and Maintain an Inventory of Accounts Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory at a minimum should contain the person?s name username start/stop dates and department. Validate that all active accounts are authorized on a recurring schedule at a minimum quarterly or more frequently. Click here to…
NIST 800-53 Access Control AC-3(13) Access Enforcement Attribute-based Access Control Enforce attribute-based access control policy over defined subjects and objects and control access based upon [Assignment: organization-defined attributes to assume access permissions]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
NERC CIP-002 through CIP-014 Revision 6_CIP-007-6 5.1
NERC CIP-002 through CIP-014 Revision 6 System Access Control CIP-007-6 5.1 5.1 Have a method(s) to enforce authentication of interactive user access where technically feasible. M5. Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-007-6 Table 5– System Access Controls and additional evidence to demonstrate implementation as described in the Measures column of the table.CIP-007-6 Table R5– System Access Control Part…
PCI (Payment Card Industry Security Standard)_Test 12.8.4
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Test 12.8.4 12.8.4 Verify that the entity maintains a program to monitor its service providers’ PCI DSS compliance status at least annually. Knowing your service providers’ PCI DSS compliance status provides assurance and awareness about whether they comply with the same requirements that your organization is subject to. If the service provider offers a variety of…
NIST-CSF Identity Management, Authentication and Access Control (PR.AC) PR.AC-6 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions NULL Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and…
Need More Reliable IT Services for Your Business?
One of the biggest challenges that small and medium-sized businesses face is how to use their limited resources most effectively. Every decision, from what products or services to offer to how to market and sell them, has to be made to protect their bottom line. Small businesses also face several challenges in obtaining reliable IT services in-house. Not only do you have to worry about the expense of benefits and paid time…
NIST 800-53 System and Information Integrity SI-4(21) System Monitoring Probationary Periods Implement the following additional monitoring of individuals during [Assignment: organization-defined probationary period]: [Assignment: organization-defined additional monitoring]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…
CIS Framework Controls V8 Audit Log Management 8.5 Collect Detailed Audit Logs Configure detailed audit logging for enterprise assets containing sensitive data. Include event source date username timestamp source addresses destination addresses and other useful elements that could assist in a forensic investigation. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with…
NIST 800-53 Media Protection MP-6(2) Media Sanitization Equipment Testing Test sanitization equipment and procedures [Assignment: organization-defined frequency] to ensure that the intended sanitization is being achieved. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution…
NIST 800-53 Incident Response IR-8(1) Incident Response Plan Breaches Include the following in the Incident Response Plan for breaches involving personally identifiable information:(a) A process to determine if notice to individuals or other organizations including oversight organizations is needed;(b) An assessment process to determine the extent of the harm embarrassment inconvenience or unfairness to affected individuals and any mechanisms to mitigate such harms; and(c) Identification of applicable privacy requirements. Click here…
CIS Framework Controls V8_13.11
CIS Framework Controls V8 Network Monitoring and Defense 13.11 Tune Security Event Alerting Thresholds Tune security event alerting thresholds monthly or more frequently. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…
NIST 800-53 System and Information Integrity SI-10(4) Information Input Validation Timing Interactions Account for timing interactions among system components in determining appropriate responses for invalid inputs. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution…
NERC CIP-002 through CIP-014 Revision 6_CIP-004-6 R3
NERC CIP-002 through CIP-014 Revision 6 Personnel Risk Assessment Program CIP-004-6 R3 R3. Each Responsible Entity shall implement one or more documented personnel risk assessment program(s) to attain and retain authorized electronic or authorized unescorted physical access to BES Cyber Systems that collectively include each of the applicable requirement parts in CIP-004-6 Table R3 ? Personnel Risk Assessment Program. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]. 3.1 Process to confirm identity.3.2…
CIS Framework Controls V8_17.3
CIS Framework Controls V8 Incident Response Management 17.3 Establish and Maintain an Enterprise Process for Reporting Incidents Establish and maintain an enterprise process for the workforce to report security incidents. The process includes reporting timeframe personnel to report to mechanism for reporting and the minimum information to be reported. Ensure the process is publicly available to all of the workforce. Review annually or when significant enterprise changes occur that could impact this…
PCI (Payment Card Industry Security Standard)_Test 4.1.1
PCI (Payment Card Industry Security Standard) Encrypt transmission of cardholder data across open, public networks Test 4.1.1 4.1.1 Identify all wireless networks transmitting cardholder data or connected to the cardholder data environment. Examine documented standards and compare to system configuration settings to verify the following for all wireless networks identified: – Industry best practices are used to implement strong encryption for authentication and transmission. – Weak encryption (for example WEP SSL) is…
PCI (Payment Card Industry Security Standard)_Test 6.5.1
PCI (Payment Card Industry Security Standard) Develop and maintain secure systems and applications Test 6.5.1 6.5.1 Examine software-development policies and procedures and interview responsible personnel to verify that injection flaws are addressed by coding techniques that include: – Validating input to verify user data cannot modify meaning of commands and queries. – Utilizing parameterized queries. Injection flaws particularly SQL injection are a commonly used method for compromising applications. Injection occurs when user-supplied…