NIST 800-53 Access Control AC-4(23) Information Flow Enforcement Modify Non-releasable Information When transferring information between different security domains modify non-releasable information by implementing [Assignment: organization-defined modification action]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…
FTC-SFSCI (Part 314)_314.4(d)(2)(ii)
FTC-SFSCI (Part 314) Monitoring, Verifying and Validating 314.4(d)(2)(ii) Vulnerability assessments including any systemic scans or reviews of information systems reasonably designed to identify publicly known security vulnerabilities in your information systems based on the risk assessment at least every six months; and whenever there are material changes to your operations or business arrangements; and whenever there are circumstances you know or have reason to know may have a material impact on your…
NIST 800-53 Planning PL-8(2) Security and Privacy Architectures Supplier Diversity Require that [Assignment: organization-defined controls] allocated to [Assignment: organization-defined locations and architectural layers] are obtained from different suppliers. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…
NERC CIP-002 through CIP-014 Revision 6_CIP-006-6 1.2
NERC CIP-002 through CIP-014 Revision 6 Physical Security Plan CIP-006-6 1.2 1.2 Utilize at least one physical access control to allow unescorted physical access into each applicable Physical Security Perimeter to only those individuals who have authorized unescorted physical access. M1. Evidence must include each of the documented physical security plans that collectively include all of the applicable requirement parts in CIP-006-6 Table R1– Physical Security Plan and additional evidence to demonstrate…
NERC CIP-002 through CIP-014 Revision 6_CIP-010-2 R2
NERC CIP-002 through CIP-014 Revision 6 Configuration Monitoring CIP-010-2 R2 R2. Each Responsible Entity shall implement one or more documented process(es) that collectively include each of the applicable requirement parts in CIP-010-2 Table R2 ? Configuration Monitoring. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]. M2. Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-010-2 Table R2– Configuration Monitoring and additional…
NIST 800-53 Identification and Authentication IA-4(4) Identifier Management Identify User Status Manage individual identifiers by uniquely identifying each individual as [Assignment: organization-defined characteristic identifying individual status]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution…
CIS Framework Controls V8 Secure Configuration of Enterprise Assets and Software 4.8 Uninstall or Disable Unnecessary Services on Enterprise Assets and Software Uninstall or disable unnecessary services on enterprise assets and software such as an unused file sharing service web application module or service function. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy…
NIST-CSF Detection Processes (DE.DP) DE.DP-4 DE.DP-4: Event detection information is communicated NULL Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand…
NIST 800-171 3.4 CONFIGURATION MANAGEMENT 3.4.9 Control and monitor user-installed software Users can install software in organizational systems if provided the necessary privileges. To maintain control over the software installed organizations identify permitted and prohibited actions regarding software installation through policies. Permitted software installations include updates and security patches to existing software and applications from organization-approved “app stores.” Prohibited software installations may include software with unknown or suspect pedigrees or software that…
NIST 800-53 Planning PL-6 Security-related Activity Planning [Withdrawn: Incorporated into PL-2.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top…
PCI (Payment Card Industry Security Standard)_Test 12.5.2
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Test 12.5.2 12.5.2 Verify that responsibility for monitoring and analyzing security alerts and distributing information to appropriate information security and business unit management personnel is formally assigned. Each person or team with responsibilities for information security management should be clearly aware of their responsibilities and related tasks through specific policy. Without this accountability gaps in processes…
NIST 800-53 System and Communications Protection SC-7(19) Boundary Protection Block Communication from Non-organizationally Configured Hosts Block inbound and outbound communications traffic between [Assignment: organization-defined communication clients] that are independently configured by end users and external service providers. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…
NIST 800-53 System and Communications Protection SC-36(2) Distributed Processing and Storage Synchronization Synchronize the following duplicate systems or system components: [Assignment: organization-defined duplicate systems or system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…
CMMC v2.0 3.9 PERSONNEL SECURITY PS.L2-3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers Protecting CUI during and after personnel actions may include returning system-related property and conducting exit interviews. System-related property includes hardware authentication tokens identification cards system administration technical manuals keys and building passes. Exit interviews ensure that individuals who have been terminated understand the security constraints imposed by being…
NIST 800-53 System and Information Integrity SI-3(7) Malicious Code Protection Nonsignature-based Detection [Withdrawn: Incorporated into SI-3.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
NIST 800-53 Configuration Management CM-8(1) System Component Inventory Updates During Installation and Removal Update the inventory of system components as part of component installations removals and system updates. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…
NIST 800-53 Access Control AC-8 System Use Notification a. Display [Assignment: organization-defined system use notification message or banner] to users before granting access to the system that provides privacy and security notices consistent with applicable laws executive orders directives regulations policies standards and guidelines and state that:1. Users are accessing a U.S. Government system;2. System usage may be monitored recorded and subject to audit;3. Unauthorized use of the system is prohibited and…
PCI (Payment Card Industry Security Standard)_Test 5.1.2
PCI (Payment Card Industry Security Standard) Protect all systems against malware and regularly update anti-virus software or programs Test 5.1.2 5.1.2 Interview personnel to verify that evolving malware threats are monitored and evaluated for systems not currently considered to be commonly affected by malicious software in order to confirm whether such systems continue to not require anti-virus software. Typically mainframes mid-range computers (such as AS/400) and similar systems may not currently be…
NIST 800-53 System and Services Acquisitions SA-17(2) Developer Security and Privacy Architecture and Design Security-relevant Components Require the developer of the system system component or system service to:(a) Define security-relevant hardware software and firmware; and(b) Provide a rationale that the definition for security-relevant hardware software and firmware is complete. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter…
NIST 800-53 System and Communications Protection SC-7(13) Boundary Protection Isolation of Security Tools Mechanisms and Support Components Isolate [Assignment: organization-defined information security tools mechanisms and support components] from other internal system components by implementing physically separate subnetworks with managed interfaces to other components of the system. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and…