NIST 800-53 Access Control AC-20(3) Use of External Systems Non-organizationally Owned Systems ? Restricted Use Restrict the use of non-organizationally owned systems or system components to process store or transmit organizational information using [Assignment: organization-defined restrictions]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they…
NIST 800-53 Maintenance MA-4(4) Nonlocal Maintenance Authentication and Separation of Maintenance Sessions Protect nonlocal maintenance sessions by:(a) Employing [Assignment: organization-defined authenticators that are replay resistant]; and(b) Separating the maintenance sessions from other network sessions with the system by either:(1) Physically separated communications paths; or(2) Logically separated communications paths. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your…
NERC CIP-002 through CIP-014 Revision 6_CIP-006-6 1.4
NERC CIP-002 through CIP-014 Revision 6 Physical Security Plan CIP-006-6 1.4 1.4 Monitor for unauthorized access through a physical access point into a Physical Security Perimeter. M1. Evidence must include each of the documented physical security plans that collectively include all of the applicable requirement parts in CIP-006-6 Table R1– Physical Security Plan and additional evidence to demonstrate implementation of the plan or plans as described in the Measures column of the…
NIST 800-53 System and Services Acquisitions SA-12(2) Supply Chain Protection Supplier Reviews [Withdrawn: Moved to SR-6.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
NERC CIP-002 through CIP-014 Revision 6_CIP-006-6 1.6
NERC CIP-002 through CIP-014 Revision 6 Physical Security Plan CIP-006-6 1.6 1.6 Monitor each Physical Access Control System for unauthorized physical access to a Physical Access Control System. M1. Evidence must include each of the documented physical security plans that collectively include all of the applicable requirement parts in CIP-006-6 Table R1– Physical Security Plan and additional evidence to demonstrate implementation of the plan or plans as described in the Measures column…
NIST 800-53 Access Control AC-3(14) Access Enforcement Individual Access Provide [Assignment: organization-defined mechanisms] to enable individuals to have access to the following elements of their personally identifiable information: [Assignment: organization-defined elements]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…
NERC CIP-002 through CIP-014 Revision 6_CIP-009-6 R1
NERC CIP-002 through CIP-014 Revision 6 Recovery Plan Specifications CIP-009-6 R1 R1. Each Responsible Entity shall have one or more documented recovery plan(s) that collectively include each of the applicable requirement parts in CIP-009-6 Table R1 ? Recovery Plan Specifications. [Violation Risk Factor: Medium] [Time Horizon: Long Term Planning]. M1. Evidence must include the documented recovery plan(s) that collectively include the applicable requirement parts in CIP-009-6 Table R1– Recovery Plan Specifications.CIP-009-6 Table…
NIST 800-53 System and Information Integrity SI-18(3) Personally Identifiable Information Quality Operations Collection Collect personally identifiable information directly from the individual. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor…
PCI (Payment Card Industry Security Standard)_Test 3.7
PCI (Payment Card Industry Security Standard) Protect stored cardholder data Test 3.7 3.7 Examine documentation and interview personnel to verify that security policies and operational procedures for protecting stored cardholder data are: – documented – in use and – known to all affected parties. Personnel need to be aware of and following security policies and documented operational procedures for managing the secure storage of cardholder data on a continuous basis. Requirement 4:…
NIST 800-53 Risk Assessment RA-1 Policy and Procedures a. Develop document and disseminate to [Assignment: organization-defined personnel or roles]:1. [Selection (one or more): Organization-level; Mission/business process-level; System-level] risk assessment policy that:(a) Addresses purpose scope roles responsibilities management commitment coordination among organizational entities and compliance; and(b) Is consistent with applicable laws executive orders directives regulations policies standards and guidelines; and2. Procedures to facilitate the implementation of the risk assessment policy and the associated…
PCI (Payment Card Industry Security Standard)_Req 1.4
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Req 1.4 1.4 Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owned) that connect to the internet when outside the network (for example laptops used by employees) and which are also used to access the CDE. Firewall (or equivalent) configurations include: – specific configuration settings are defined. – Personal…
CMMC v2.0 3.5 IDENTIFICATION AND AUTHENTICATION IA.L2-3.5.4 Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts. Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or challenge-response one-time authenticators.[SP 800-63-3] provides guidance on digital identities Click here to Start your FREE trial today! Explainer video…
NIST 800-53 Access Control AC-3(2) Access Enforcement Dual Authorization Enforce dual authorization for [Assignment: organization-defined privileged commands and/or other organization-defined actions]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor…
NIST 800-53 Personally Identifiable Information Processing and Transparency PT-5(2) Privacy Notice Privacy Act Statements Include Privacy Act statements on forms that collect information that will be maintained in a Privacy Act system of records or provide Privacy Act statements on separate forms that can be retained by individuals. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your…
NIST 800-53 Contingency Planning CP-10(3) System Recovery and Reconstitution Compensating Security Controls [Withdrawn: Addressed through tailoring.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…
FTC-SFSCI (Part 314)_314.4( c )
FTC-SFSCI (Part 314) Safeguards 314.4( c ) Design and implement safeguards to control the risks you identity through risk assessment including by Design and implement safeguards to control the risks you identity through risk assessment including by: Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…
NERC CIP-002 through CIP-014 Revision 6_CIP-006-6 1.1
NERC CIP-002 through CIP-014 Revision 6 Physical Security Plan CIP-006-6 1.1 1.1 Define operational or procedural controls to restrict physical access. M1. Evidence must include each of the documented physical security plans that collectively include all of the applicable requirement parts in CIP-006-6 Table R1– Physical Security Plan and additional evidence to demonstrate implementation of the plan or plans as described in the Measures column of the table.CIP-006-6 Table R1– Physical Security…
NIST 800-53 Access Control AC-4(22) Information Flow Enforcement Access Only Provide access from a single device to computing platforms applications or data residing in multiple different security domains while preventing information flow between the different security domains. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…
PCI (Payment Card Industry Security Standard)_Test 1.1.3
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Test 1.1.3 1.1.3 Examine data-flow diagram and interview personnel to verify the diagram: – shows all cardholder data flows across systems and networks. – is kept current and updated as needed upon changes to the environment. Cardholder data-flow diagrams identify the location of all cardholder data that is stored processed or transmitted within the network. Network…
NIST 800-53 Identification and Authentication IA-2(1) Identification and Authentication (organizational Users) Multi-factor Authentication to Privileged Accounts Implement multi-factor authentication for access to privileged accounts. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track…