NIST 800-53 Audit and Accountability AU-12(1) Audit Record Generation System-wide and Time-correlated Audit Trail Compile audit records from [Assignment: organization-defined system components] into a system-wide (logical or physical) audit trail that is time-correlated to within [Assignment: organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You…
NIST 800-171 3.13 SYSTEM AND COMMUNICATIONS PROTECTION 3.13.3 Separate user functionality from system management functionality. System management functionality includes functions necessary to administer databases network components workstations or servers and typically requires privileged user access. The separation of user functionality from system management functionality is physical or logical. Organizations can implement separation of system management functionality from user functionality by using different computers different central processing units different instances of operating systems…
NIST 800-53 System and Services Acquisitions SA-11(6) Developer Testing and Evaluation Attack Surface Reviews Require the developer of the system system component or system service to perform attack surface reviews. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…
NERC CIP-002 through CIP-014 Revision 6_CIP-006-6 3.1
NERC CIP-002 through CIP-014 Revision 6 Physical Access Control System Maintenance and Testing Program CIP-006-6 3.1 3.1 Maintenance and testing of each Physical Access Control System and locally mounted hardware or devices at the Physical Security Perimeter at least once every 24 calendar months to ensure they function properly. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter…
NIST 800-53 System and Information Integrity SI-3(10) Malicious Code Protection Malicious Code Analysis (a) Employ the following tools and techniques to analyze the characteristics and behavior of malicious code: [Assignment: organization-defined tools and techniques]; and(b) Incorporate the results from malicious code analysis into organizational incident response and flaw remediation processes. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to…
NIST 800-53 Risk Assessment RA-3(4) Risk Assessment Predictive Cyber Analytics Employ the following advanced automation and analytics capabilities to predict and identify risks to [Assignment: organization-defined systems or system components]: [Assignment: organization-defined advanced automation and analytics capabilities]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…
PCI (Payment Card Industry Security Standard)_Test 12.8.3
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Test 12.8.3 12.8.3 Verify that policies and procedures are documented and implemented including proper due diligence prior to engaging any service provider. The process ensures that any engagement of a service provider is thoroughly vetted internally by an organization which should include a risk analysis prior to establishing a formal relationship with the service provider. Specific…
NIST 800-53 Contingency Planning CP-10(6) System Recovery and Reconstitution Component Protection Protect system components used for recovery and reconstitution. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework,…
HIPAA Administrative Safeguards 164.308(a)(5) 4.5. Security Awareness and Training (? 164.308(a)(5)) Standard: Security awareness and training. Implement a security awareness and training program for all members of its workforce (including management).Implementation specifications. Implement:- Security reminders (Addressable). Periodic security updates.- Protection from malicious software (Addressable). Procedures for guarding against detecting and reporting malicious software.- Log-in monitoring (Addressable). Procedures for monitoring log-in attempts and reporting discrepancies.- Password management (Addressable). Procedures for creating changing and…
NIST 800-53 Contingency Planning CP-7 Alternate Processing Site a. Establish an alternate processing site including necessary agreements to permit the transfer and resumption of [Assignment: organization-defined system operations] for essential mission and business functions within [Assignment: organization-defined time period consistent with recovery time and recovery point objectives] when the primary processing capabilities are unavailable;b. Make available at the alternate processing site the equipment and supplies required to transfer and resume operations or…
PCI (Payment Card Industry Security Standard)_Test 9.5.1
PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Test 9.5.1 9.5.1 Verify that the storage location security is reviewed at least annually to confirm that backup media storage is secure. If stored in a non-secured facility backups that contain cardholder data may easily be lost stolen or copied for malicious intent. Periodically reviewing the storage facility enables the organization to address identified security issues in a timely manner…
NIST 800-53 System and Information Integrity SI-2 Flaw Remediation a. Identify report and correct system flaws;b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;c. Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; andd. Incorporate flaw remediation into the organizational configuration management process. Click here to Start your FREE trial today! Explainer video …
NIST 800-53 Contingency Planning CP-4(2) Contingency Plan Testing Alternate Processing Site Test the contingency plan at the alternate processing site:(a) To familiarize contingency personnel with the facility and available resources; and(b) To evaluate the capabilities of the alternate processing site to support contingency operations. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs…
NIST 800-53 System and Services Acquisitions SA-8(31) Security and Privacy Engineering Principles Secure System Modification Implement the security design principle of secure system modification in [Assignment: organization-defined systems or system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…
NIST 800-171 3.13 SYSTEM AND COMMUNICATIONS PROTECTION 3.13.1 Monitor control and protect communications (i.e. information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems Communications can be monitored controlled and protected at boundary components and by restricting or prohibiting interfaces in organizational systems. Boundary components include gateways routers firewalls guards network-based malicious code analysis and virtualization systems or encrypted tunnels implemented within a system…
CIS Framework Controls V8 Access Control Management 6.5 Require MFA for Administrative Access Require MFA for all administrative access accounts where supported on all enterprise assets whether managed on-site or through a third-party provider. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more…
PCI (Payment Card Industry Security Standard)_Req 9.1.1
PCI (Payment Card Industry Security Standard) Restrict physical access to cardholder data Req 9.1.1 9.1.1 Use either video cameras or access control mechanisms (or both) to monitor individual physical access to sensitive areas. Review collected data and correlate with other entries. Store for at least three months unless otherwise restricted by law. Note: “sensitive areas” refers to any data center server room or any area that houses systems that store process or…
NIST 800-53 Personnel Security PS-4(1) Personnel Termination Post-employment Requirements (a) Notify terminated individuals of applicable legally binding post-employment requirements for the protection of organizational information; and(b) Require terminated individuals to sign an acknowledgment of post-employment requirements as part of the organizational termination process. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with…
NIST 800-53 Access Control AC-19(5) Access Control for Mobile Devices Full Device or Container-based Encryption Employ [Selection: full-device encryption; container-based encryption] to protect the confidentiality and integrity of information on [Assignment: organization-defined mobile devices]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more…
PCI (Payment Card Industry Security Standard)_Req 8.1.8
PCI (Payment Card Industry Security Standard) Identify and authenticate access to system components Req 8.1.8 8.1.8 If a session has been idle for more than 15 minutes require the user to re-authenticate to re-activate the terminal or session. When users walk away from an open machine with access to critical system components or cardholder data that machine may be used by others in the user’s absence resulting in unauthorized account access and/or…