NIST 800-53 Audit and Accountability AU-14(2) Session Audit Capture and Record Content [Withdrawn: Incorporated into AU-14.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
PCI (Payment Card Industry Security Standard)_Req 1.3.1
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Req 1.3.1 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services protocols and ports. The DMZ is that part of the network that manages connections between the Internet (or other untrusted networks) and services that an organization needs to have available to the public (like a web…
PCI (Payment Card Industry Security Standard)_Test 10.5.5
PCI (Payment Card Industry Security Standard) Track and monitor all access to network resources and cardholder data Test 10.5.5 10.5.5 Examine system settings monitored files and results from monitoring activities to verify the use of file-integrity monitoring or change-detection software on logs. File-integrity monitoring or change-detection systems check for changes to critical files and notify when such changes are noted. For fileintegrity monitoring purposes an entity usually monitors files that don’t regularly…
NIST 800-53 System and Communications Protection SC-6 Resource Availability Protect the availability of resources by allocating [Assignment: organization-defined resources] by [Selection (one or more): priority; quota; [Assignment: organization-defined controls]]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…
CIS Framework Controls V8_3.13
CIS Framework Controls V8 Data Protection 3.13 Deploy a Data Loss Prevention Solution Implement an automated tool such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored processed or transmitted through enterprise assets including those located onsite or at a remote service provider and update the enterprise’s sensitive data inventory. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance…
NIST 800-53 Risk Assessment RA-3 Risk Assessment a. Conduct a risk assessment including:1. Identifying threats to and vulnerabilities in the system;2. Determining the likelihood and magnitude of harm from unauthorized access use disclosure disruption modification or destruction of the system the information it processes stores or transmits and any related information; and3. Determining the likelihood and impact of adverse effects on individuals arising from the processing of personally identifiable information;b. Integrate risk…
CIS Framework Controls V8 Access Control Management 6.4 Require MFA for Remote Network Access Require MFA for remote network access. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any…
NIST-CSF Information Protection Processes and Procedures (PR.IP) PR.IP-1 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality) NULL Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…
NIST 800-171 3.3 AUDIT AND ACCOUNTABILITY 3.3.5 Correlate audit record review analysis and reporting processes for investigation and response to indications ofunlawful unauthorized suspicious or unusual activity. Correlating audit record review analysis and reporting processes helps to ensure that they do not operate independently but rather collectively. Regarding the assessment of a given organizational system the requirement is agnostic as to whether this correlation is applied at the system level or at…
NIST 800-53 Access Control AC-18(5) Wireless Access Antennas and Transmission Power Levels Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…
NERC CIP-002 through CIP-014 Revision 6_CIP-004-6 4.1
NERC CIP-002 through CIP-014 Revision 6 Access Management Program CIP-004-6 4.1 4.1 Process to authorize based on need as determined by the Responsible Entity except for CIP Exceptional Circumstances: 4.1.1. Electronic access;4.1.2. Unescorted physical access into a Physical Security Perimeter; and4.1.3. Access to designated storage locations whether physical or electronic for BES Cyber System Information. M4. Evidence must include the documented processes that collectively include each of the applicable requirement parts in…
PCI (Payment Card Industry Security Standard)_Req 10.9
PCI (Payment Card Industry Security Standard) Track and monitor all access to network resources and cardholder data Req 10.9 10.9 Ensure that security policies and operational procedures for monitoring all access to network resources and cardholder data are documented in use and known to all affected parties. Personnel need to be aware of and following security policies and daily operational procedures for monitoring all access to network resources and cardholder data on…
NIST 800-53 System and Services Acquisitions SA-10(1) Developer Configuration Management Software and Firmware Integrity Verification Require the developer of the system system component or system service to enable integrity verification of software and firmware components. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become…
PCI (Payment Card Industry Security Standard)_Req 7.1.3
PCI (Payment Card Industry Security Standard) Restrict access to cardholder data by business need to know Req 7.1.3 7.1.3 Assign access based on individual personnel’s job classification and function. Once needs are defined for user roles (per PCI DSS requirement 7.1.1) it is easy to grant individuals access according to their job classification and function by using the already-created roles. Click here to Start your FREE trial today! Explainer video …
NIST 800-53 Incident Response IR-4(10) Incident Handling Supply Chain Coordination Coordinate incident handling activities involving supply chain events with other organizations involved in the supply chain. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution…
NIST 800-171 3.1 ACCESS CONTROL 3.1.11 Terminate (automatically) a user session after a defined condition This requirement addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e. disconnecting from the network). A logical session (for local network and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational system. Such user sessions…
NIST 800-53 Personally Identifiable Information Processing and Transparency PT-5(1) Privacy Notice Just-in-time Notice Present notice of personally identifiable information processing to individuals at a time and location where the individual provides personally identifiable information or in conjunction with a data action or [Assignment: organization-defined frequency]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy…
NIST 800-53 Access Control AC-17(1) Remote Access Monitoring and Control Employ automated mechanisms to monitor and control remote access methods. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any…
CIS Framework Controls V8_13.8
CIS Framework Controls V8 Network Monitoring and Defense 13.8 Deploy a Network Intrusion Prevention Solution Deploy a network intrusion prevention solution where appropriate. Example implementations include the use of a Network Intrusion Prevention System (NIPS) or equivalent CSP service. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of…
NIST 800-53 Incident Response IR-4(3) Incident Handling Continuity of Operations Identify [Assignment: organization-defined classes of incidents] and take the following actions in response to those incidents to ensure continuation of organizational mission and business functions: [Assignment: organization-defined actions to take in response to classes of incidents]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and…