CMMC v2.0 3.13 SYSTEM AND COMMUNICATIONS PROTECTION SC.L2-3.13.16 Monitor control and protect communications (i.e. information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems Communications can be monitored controlled and protected at boundary components and by restricting or prohibiting interfaces in organizational systems. Boundary components include gateways routers firewalls guards network-based malicious code analysis and virtualization systems or encrypted tunnels implemented within a system…
SOC 2 Confidentiality Additional Criteria for Confidentiality C1.1 The entity identifies and maintains confidential information to meet the entity?s objectives related to confidentiality. Identifies Confidential information—Procedures are in place to identify and designate confidential information when it is received or created and to determine the period over which the confidential information is to be retained.Protects Confidential Information from Destruction—Procedures are in place to protect confidential information from erasure or destruction during the…
NIST 800-171 3.3 AUDIT AND ACCOUNTABILITY 3.3.8 Protect audit information and audit logging tools from unauthorized access modification and deletion. Audit information includes all information (e.g. audit records audit log settings and audit reports) needed to successfully audit system activity. Audit logging tools are those programs and devices used to conduct audit and logging activities. This requirement focuses on the technical protection of audit information and limits the ability to access and…
NIST 800-53 System and Information Integrity SI-2(5) Flaw Remediation Automatic Software and Firmware Updates Install [Assignment: organization-defined security-relevant software and firmware updates] automatically to [Assignment: organization-defined system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…
NIST 800-53 Configuration Management CM-6(3) Configuration Settings Unauthorized Change Detection [Withdrawn: Incorporated into SI-7.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized…
PCI (Payment Card Industry Security Standard)_Test 1.5
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Test 1.5 1.5 Examine documentation and interview personnel to verify that security policies and operational procedures for managing firewalls are: – documented – in use and – known to all affected parties. Personnel need to be aware of and following security policies and operational procedures to ensure firewalls and routers are continuously managed to prevent unauthorized…
CIS Framework Controls V8 Account Management 5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities such as internet browsing email and productivity suite use from the user?s primary non-privileged account. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with…
PCI (Payment Card Industry Security Standard)_Req 12.3.2
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Req 12.3.2 12.3.2 Authentication for use of the technology If technology is implemented without proper authentication (user IDs and passwords tokens VPNs etc.) malicious individuals may easily use this unprotected technology to access critical systems and cardholder data. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework?…
NIST-CSF Data Security (PR.DS) PR.DS-1 PR.DS-1: Data-at-rest is protected NULL Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security…
NERC CIP-002 through CIP-014 Revision 6_CIP-007-6 1.1
NERC CIP-002 through CIP-014 Revision 6 Ports and Services CIP-007-6 1.1 1.1 Where technically feasible enable only logical network accessible ports that have been determined to be needed by the Responsible Entity including port ranges or services where needed to handle dynamic ports. If a device has no provision for disabling or restricting logical ports on the device then those ports that are open are deemed needed. M1. Evidence must include the…
PCI (Payment Card Industry Security Standard)_Req 4.3
PCI (Payment Card Industry Security Standard) Encrypt transmission of cardholder data across open, public networks Req 4.3 4.3 Ensure that security policies and operational procedures for encrypting transmissions of cardholder data are documented in use and known to all affected parties. Personnel need to be aware of and following security policies and operational procedures for managing the secure transmission of cardholder data on a continuous basis. Maintain a Vulnerability Management Program Requirement…
NIST 800-53 System and Communications Protection SC-40 Wireless Link Protection Protect external and internal [Assignment: organization-defined wireless links] from the following signal parameter attacks: [Assignment: organization-defined types of signal parameter attacks or references to sources for such attacks]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools…
SOC 2 Security Risk Assessment CC3.2 COSO Principle 7: The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. Includes Entity Subsidiary Division Operating Unit and Functional Levels—The entity identifies and assesses risk at the entity subsidiary division operating unit and functional levels relevant to the achievement of objectives.Analyzes Internal and External Factors—Risk identification considers…
NIST 800-53 System and Services Acquisitions SA-8(12) Security and Privacy Engineering Principles Hierarchical Protection Implement the security design principle of hierarchical protection in [Assignment: organization-defined systems or system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…
PCI (Payment Card Industry Security Standard)_Test 12.9
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Test 12.9 12.9 Additional testing procedure for service provider assessments only: review service provider’s policies and procedures and observe templates used for written agreements to confirm the service provider acknowledges in writing to customers that the service provider will maintain all applicable PCI DSS requirements to the extent the service provider possesses or otherwise stores processes…
NIST 800-53 Planning PL-3 System Security Plan Update [Withdrawn: Incorporated into PL-2.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand…
NIST 800-53 Incident Response IR-2(3) Incident Response Training Breach Provide incident response training on how to identify and respond to a breach including the organization?s process for reporting a breach. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…
PCI (Payment Card Industry Security Standard)_Req 12.5.3
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Req 12.5.3 12.5.3 Establish document and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations. Each person or team with responsibilities for information security management should be clearly aware of their responsibilities and related tasks through specific policy. Without this accountability gaps in processes may open access into critical…
NIST 800-53 Access Control AC-14 Permitted Actions Without Identification or Authentication a. Identify [Assignment: organization-defined user actions] that can be performed on the system without identification or authentication consistent with organizational mission and business functions; andb. Document and provide supporting rationale in the security plan for the system user actions not requiring identification or authentication. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance…
NIST 800-53 Configuration Management CM-8(7) System Component Inventory Centralized Repository Provide a centralized repository for the inventory of system components. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any…