PCI (Payment Card Industry Security Standard)_Test 1.3.4

Lionfish Cyber Security | June 5th 2022 |

PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Test 1.3.4 1.3.4 Examine firewall and router configurations to verify that outbound traffic from the cardholder data environment to the internet is explicitly authorized. All traffic outbound from the cardholder data environment should be evaluated to ensure that it follows established authorized rules. Connections should be inspected to restrict traffic to only authorized communications (for example…

Read More

NIST 800-53_AC-17(4)

Lionfish Cyber Security | June 5th 2022 |

NIST 800-53 Access Control AC-17(4) Remote Access Privileged Commands and Access (a) Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: [Assignment: organization-defined needs]; and(b) Document the rationale for remote access in the security plan for the system.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity…

Read More

NIST 800-53_SC-1

Lionfish Cyber Security | June 5th 2022 |

NIST 800-53 System and Communications Protection SC-1 Policy and Procedures a. Develop document and disseminate to [Assignment: organization-defined personnel or roles]:1. [Selection (one or more): Organization-level; Mission/business process-level; System-level] system and communications protection policy that:(a) Addresses purpose scope roles responsibilities management commitment coordination among organizational entities and compliance; and(b) Is consistent with applicable laws executive orders directives regulations policies standards and guidelines; and2. Procedures to facilitate the implementation of the system and…

Read More

NIST 800-53_SR-5(2)

Lionfish Cyber Security | June 5th 2022 |

NIST 800-53 Supply Chain Risk Management SR-5(2) Acquisition Strategies Tools and Methods Assessments Prior to Selection Acceptance Modification or Update Assess the system system component or system service prior to selection acceptance modification or update.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become…

Read More

CIS Framework Controls V8_3.6

Lionfish Cyber Security | June 5th 2022 |

CIS Framework Controls V8 Data Protection 3.6 Encrypt Data on End-User Devices Encrypt data on end-user devices containing sensitive data. Example implementations can include: Windows BitLocker® Apple FileVault® Linux® dm-crypt.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…

Read More

PCI (Payment Card Industry Security Standard)_Test 9.4.3

Lionfish Cyber Security | June 4th 2022 |

PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Test 9.4.3 9.4.3 Observe visitors leaving the facility to verify visitors are asked to surrender their badge or other identification upon departure or expiration. Document the visitor’s name the firm represented and the onsite personnel authorizing physical access on the log. Retain this log for a minimum of three months unless otherwise restricted by law.   Click here to Start…

Read More

NIST 800-53_MA-2

Lionfish Cyber Security | June 4th 2022 |

NIST 800-53 Maintenance MA-2 Controlled Maintenance a. Schedule document and review records of maintenance repair and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements;b. Approve and monitor all maintenance activities whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location;c. Require that [Assignment: organization-defined personnel or roles] explicitly approve the removal of the system…

Read More

NIST 800-53_IA-5(18)

Lionfish Cyber Security | June 4th 2022 |

NIST 800-53 Identification and Authentication IA-5(18) Authenticator Management Password Managers (a) Employ [Assignment: organization-defined password managers] to generate and manage passwords; and(b) Protect the passwords using [Assignment: organization-defined controls].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…

Read More

PCI (Payment Card Industry Security Standard)_Test 3.2.1

Lionfish Cyber Security | June 4th 2022 |

PCI (Payment Card Industry Security Standard) Protect stored cardholder data Test 3.2.1 3.2.1 For a sample of system components examine data sources including but not limited to the following and verify that the full contents of any track from the magnetic stripe on the back of card or equivalent data on a chip are not stored after authorization: – Incoming transaction data – All logs (for example transaction history debugging error) –…

Read More

NIST 800-53_AU-6(5)

Lionfish Cyber Security | June 4th 2022 |

NIST 800-53 Audit and Accountability AU-6(5) Audit Record Review Analysis and Reporting Integrated Analysis of Audit Records Integrate analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; system monitoring information; [Assignment: organization-defined data/information collected from other sources]] to further enhance the ability to identify inappropriate or unusual activity.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance…

Read More

CMMC v2.0_AT.L2-3.2.1

Lionfish Cyber Security | June 4th 2022 |

CMMC v2.0 3.2 AWARENESS AND TRAINING AT.L2-3.2.1 Ensure that managers systems administrators and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies standards and procedures related to the security of those systems. Organizations determine the content and frequency of security awareness training and security awareness techniques based on the specific organizational requirements and the systems to which personnel have authorized access.…

Read More

NIST 800-53_PM-26

Lionfish Cyber Security | June 3rd 2022 |

NIST 800-53 Program Management PM-26 Complaint Management Implement a process for receiving and responding to complaints concerns or questions from individuals about the organizational security and privacy practices that includes:a. Mechanisms that are easy to use and readily accessible by the public;b. All information necessary for successfully filing complaints;c. Tracking mechanisms to ensure all complaints received are reviewed and addressed within [Assignment: organization-defined time period];d. Acknowledgement of receipt of complaints concerns or…

Read More

NIST 800-53_AC-4(5)

Lionfish Cyber Security | June 3rd 2022 |

NIST 800-53 Access Control AC-4(5) Information Flow Enforcement Embedded Data Types Enforce [Assignment: organization-defined limitations] on embedding data types within other data types.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…

Read More

NIST 800-53_SA-8(3)

Lionfish Cyber Security | June 3rd 2022 |

NIST 800-53 System and Services Acquisitions SA-8(3) Security and Privacy Engineering Principles Modularity and Layering Implement the security design principles of modularity and layering in [Assignment: organization-defined systems or system components].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…

Read More

NIST-CSF_DE.CM-5

Lionfish Cyber Security | June 3rd 2022 |

NIST-CSF Security Continuous Monitoring (DE.CM) DE.CM-5 DE.CM-5: Unauthorized mobile code is detected NULL   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and…

Read More

FTC-SFSCI (Part 314)_314.4(c)(4)

Lionfish Cyber Security | June 3rd 2022 |

FTC-SFSCI (Part 314) Safeguards 314.4(c)(4) Adopt secure development practices for in-house developed applications utilized by you for transmitting accessing or storing customer information and procedures for evaluating assessing or testing the security of externally developed applications you utilize to transmit access or store customer information. (c) Design and implement safeguards to control the risks you identify through risk assessment including by: (4) Adopt secure development practices for in-house developed applications utilized by…

Read More

NIST 800-53_CM-6

Lionfish Cyber Security | June 2nd 2022 |

NIST 800-53 Configuration Management CM-6 Configuration Settings a. Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using [Assignment: organization-defined common secure configurations];b. Implement the configuration settings;c. Identify document and approve any deviations from established configuration settings for [Assignment: organization-defined system components] based on [Assignment: organization-defined operational requirements]; andd. Monitor and control changes to the configuration settings in accordance with…

Read More

NIST 800-53_SI-2(2)

Lionfish Cyber Security | June 2nd 2022 |

NIST 800-53 System and Information Integrity SI-2(2) Flaw Remediation Automated Flaw Remediation Status Determine if system components have applicable security-relevant software and firmware updates installed using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…

Read More

NIST 800-53_SA-17(3)

Lionfish Cyber Security | June 2nd 2022 |

NIST 800-53 System and Services Acquisitions SA-17(3) Developer Security and Privacy Architecture and Design Formal Correspondence Require the developer of the system system component or system service to:(a) Produce as an integral part of the development process a formal top-level specification that specifies the interfaces to security-relevant hardware software and firmware in terms of exceptions error messages and effects;(b) Show via proof to the extent feasible with additional informal demonstration as necessary…

Read More

CMMC v2.0_AC.L2-3.1.14

Lionfish Cyber Security | June 2nd 2022 |

CMMC v2.0 3.1 ACCESS CONTROL AC.L2-3.1.14 Route remote access via managed access control points Routing remote access through managed access control points enhances explicit organizational control over such connections reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy…

Read More

Page 118 of 119