NIST 800-171 3.10 PHYSICAL PROTECTION 3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished for example by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution transmission and power lines. Security controls applied to the support…
NIST 800-171 3.13 SYSTEM AND COMMUNICATIONS PROTECTION 3.13.13 Control and monitor the use of mobile code Mobile code technologies include Java JavaScript ActiveX Postscript PDF Flash animations and VBScript. Decisions regarding the use of mobile code in organizational systems are based on the potential for the code to cause damage to the systems if used maliciously. Usage restrictions and implementation guidance apply to the selection and use of mobile code installed on…
NIST 800-53 Physical and Environmental Protection PE-2 Physical Access Authorizations a. Develop approve and maintain a list of individuals with authorized access to the facility where the system resides;b. Issue authorization credentials for facility access;c. Review the access list detailing authorized facility access by individuals [Assignment: organization-defined frequency]; andd. Remove individuals from the facility access list when access is no longer required. Click here to Start your FREE trial today! Explainer…
NIST 800-53 Contingency Planning CP-8(5) Telecommunications Services Alternate Telecommunication Service Testing Test alternate telecommunication services [Assignment: organization-defined frequency]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from…
NIST 800-53 System and Communications Protection SC-7(20) Boundary Protection Dynamic Isolation and Segregation Provide the capability to dynamically isolate [Assignment: organization-defined system components] from other system components. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…
NIST 800-171 3.4 CONFIGURATION MANAGEMENT 3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. Systems can provide a wide variety of functions and services. Some of the functions and services routinely provided by default may not be necessary to support essential organizational missions functions or operations. It is sometimes convenient to provide multiple services from single system components. However doing so increases risk over limiting…
NIST 800-172 3.14 SYSTEM AND INFORMATION INTEGRITY 3.14.5e Conduct reviews of persistent organizational storage locations [Assignment: organization-defined frequency] and remove CUI that is no longer needed. As programs projects and contracts evolve some CUI may no longer be needed. Periodic and event-related (e.g. at project completion) reviews are conducted to ensure that CUI that is no longer required is securely removed from persistent storage. Removal is consistent with federal records retention policies…
NIST 800-53 Access Control AC-4(30) Information Flow Enforcement Filter Mechanisms Using Multiple Processes When transferring information between different security domains implement content filtering mechanisms using multiple processes. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…
CIS Framework Controls V8_12.6
CIS Framework Controls V8 Network Infrastructure Management 12.6 Use of Secure Network Management and Communication Protocols? Use secure network management and communication protocols (e.g. 802.1X Wi-Fi Protected Access 2 (WPA2) Enterprise or greater). Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…
HIPAA Administrative Safeguards 164.308(a)(7) 4.7. Contingency Plan (? 164.308(a)(7)) Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example fire vandalism system failure and natural disaster) that damages systems that contain electronic protected health information.Implementation specifications:- Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.- Disaster recovery plan (Required). Establish…
CMMC v2.0 3.12 SECURITY ASSESSMENT CA.L2-3.12.4 Develop document and periodically update system security plans that describe system boundaries system environments of operation how security requirements are implemented and the relationships with or connections to other systems. System security plans relate security requirements to a set of security controls. System security plans also describe at a high level how the security controls meet those security requirements but do not provide detailed technical descriptions…
NIST 800-172 3.5 IDENTIFICATION AND AUTHENTICATION 3.5.3e Employ automated or manual/procedural mechanisms to prohibit system components from connecting to organizational systems unless the components are known authenticated in a properly configured state or in a trust profile. Identification and authentication of system components and component configurations can be determined for example via a cryptographic hash of the component. This is also known as device attestation and known operating state or trust profile.…
PCI (Payment Card Industry Security Standard)_Test 7.3
PCI (Payment Card Industry Security Standard) Restrict access to cardholder data by business need to know Test 7.3 7.3 Examine documentation and interview personnel to verify that security policies and operational procedures for restricting access to cardholder data are: – documented – in use and – known to all affected parties. Personnel need to be aware of and following security policies and operational procedures to ensure that access is controlled and based…
NIST 800-172 3.4 CONFIGURATION MANAGEMENT 3.4.2e Employ automated mechanisms to detect misconfigured or unauthorized system components; after detection [Selection (one or more): remove the components; place the components in a quarantine or remediation network] to facilitate patching re-configuration or other mitigations. Establish and enforce security configuration settings for information technology products employed in organizational systems.System components used to process store transmit or protect CUI are monitored and checked against the authoritative source…
PCI (Payment Card Industry Security Standard)_Req 6.7
PCI (Payment Card Industry Security Standard) Develop and maintain secure systems and applications Req 6.7 6.7 Ensure that security policies and operational procedures for developing and maintaining secure systems and applications are documented in use and known to all affected parties. developing and maintaining secure systems and applications are: – Documented – In use and – Known to all affected parties. Personnel need to be aware of and following security policies and…
NIST 800-53 Configuration Management CM-7(8) Least Functionality Binary or Machine Executable Code (a) Prohibit the use of binary or machine-executable code from sources with limited or no warranty or without the provision of source code; and(b) Allow exceptions only for compelling mission or operational requirements and with the approval of the authorizing official. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You…
PCI (Payment Card Industry Security Standard)_Req 5.3
PCI (Payment Card Industry Security Standard) Protect all systems against malware and regularly update anti-virus software or programs Req 5.3 5.3 Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users unless specifically authorized by management on a case-by-case basis for a limited time period. Note: anti-virus solutions may be temporarily disabled only if there is legitimate technical need as authorized by management on a case-by-case basis.…
NIST 800-53 Audit and Accountability AU-6(8) Audit Record Review Analysis and Reporting Full Text Analysis of Privileged Commands Perform a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system or other system that is dedicated to that analysis. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and…
NIST 800-53 Identification and Authentication IA-5(16) Authenticator Management In-person or Trusted External Party Authenticator Issuance Require that the issuance of [Assignment: organization-defined types of and/or specific authenticators] be conducted [Selection: in person; by a trusted external party] before [Assignment: organization-defined registration authority] with authorization by [Assignment: organization-defined personnel or roles]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to…
NIST 800-53 Identification and Authentication IA-4(1) Identifier Management Prohibit Account Identifiers as Public Identifiers Prohibit the use of system account identifiers that are the same as public identifiers for individual accounts. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…