NIST 800-53 Contingency Planning CP-5 Contingency Plan Update [Withdrawn: Incorporated into CP-2.] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand…
NIST 800-53 Awareness and Training AT-2 Literacy Training and Awareness a. Provide security and privacy literacy training to system users (including managers senior executives and contractors):1. As part of initial training for new users and [Assignment: organization-defined frequency] thereafter; and2. When required by system changes or following [Assignment: organization-defined events];b. Employ the following techniques to increase the security and privacy awareness of system users [Assignment: organization-defined awareness techniques];c. Update literacy training and…
NIST 800-53 System and Services Acquisitions SA-15(12) Development Process Standards and Tools Minimize Personally Identifiable Information Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools…
PCI (Payment Card Industry Security Standard)_Req 2.5
PCI (Payment Card Industry Security Standard) Do not use vendor-supplied defaults for system passwords and other security measures Req 2.5 2.5 Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented in use and known to all affected parties. Personnel need to be aware of and following security policies and daily operational procedures to ensure vendor defaults and other security parameters are continuously managed to…
NIST 800-53 System and Communications Protection SC-18(1) Mobile Code Identify Unacceptable Code and Take Corrective Actions Identify [Assignment: organization-defined unacceptable mobile code] and take [Assignment: organization-defined corrective actions]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…
NIST 800-53 Incident Response IR-5(1) Incident Monitoring Automated Tracking Data Collection and Analysis Track incidents and collect and analyze incident information using [Assignment: organization-defined automated mechanisms]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution…
NIST-CSF Business Environment (ID.BE) ID.BE-2 ID.BE-2: The organization?s place in critical infrastructure and its industry sector is identified and communicated NULL Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor…
NIST 800-53 Incident Response IR-9(2) Information Spillage Response Training Provide information spillage response training [Assignment: organization-defined frequency]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built…
PCI (Payment Card Industry Security Standard)_Test 12.8.5
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Test 12.8.5 12.8.5 Verify the entity maintains information about which PCI DSS requirements are managed by each service provider and which are managed by the entity. Knowing your service providers’ PCI DSS compliance status provides assurance and awareness about whether they comply with the same requirements that your organization is subject to. If the service provider…
NIST 800-53 Media Protection MP-5 Media Transport a. Protect and control [Assignment: organization-defined types of system media] during transport outside of controlled areas using [Assignment: organization-defined controls];b. Maintain accountability for system media during transport outside of controlled areas;c. Document activities associated with the transport of system media; andd. Restrict the activities associated with the transport of system media to authorized personnel. Click here to Start your FREE trial today! Explainer video…
NERC CIP-002 through CIP-014 Revision 6_CIP-009-6 2.3
NERC CIP-002 through CIP-014 Revision 6 Recovery Plan Implementation and Testing CIP-009-6 2.3 2.3 Test each of the recovery plans referenced in Requirement R1 at least once every 36 calendar months through an operational exercise of the recovery plans in an environment representative of the production environment.An actual recovery response may substitute for an operational exercise. M2. Evidence must include but is not limited to documentation that collectively demonstrates implementation of each…
PCI (Payment Card Industry Security Standard)_Req 1.5
PCI (Payment Card Industry Security Standard) Install and maintain a firewall configuration to protect cardholder data Req 1.5 1.5 Ensure that security policies and operational procedures for managing firewalls are documented in use and known to all affected parties. Personnel need to be aware of and following security policies and operational procedures to ensure firewalls and routers are continuously managed to prevent unauthorized access to the network. Requirement 2: Do not use…
NIST 800-171 3.7 MAINTENANCE 3.7.2 Provide controls on the tools techniques mechanisms and personnel used to conduct system maintenance. This requirement addresses security-related issues with maintenance tools that are not within the organizational system boundaries that process store or transmit CUI but are used specifically for diagnostic and repair actions on those systems. Organizations have flexibility in determining the controls in place for maintenance tools but can include approving controlling and monitoring…
NIST 800-53 Access Control AC-17(10) Remote Access Authenticate Remote Commands Implement [Assignment: organization-defined mechanisms] to authenticate [Assignment: organization-defined remote commands]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any…
NIST 800-53 Physical and Environmental Protection PE-3(2) Physical Access Control Facility and Systems Perform security checks [Assignment: organization-defined frequency] at the physical perimeter of the facility or system for exfiltration of information or removal of system components. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…
NIST-CSF Anomalies and Events (DE.AE) DE.AE-3 DE.AE-3: Event data are collected and correlated from multiple sources and sensors NULL Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework,…
NIST 800-53 Personally Identifiable Information Processing and Transparency PT-7(2) Specific Categories of Personally Identifiable Information First Amendment Information Prohibit the processing of information describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual or unless pertinent to and within the scope of an authorized law enforcement activity. Click here to Start your FREE trial today! Explainer video What is a…
PCI (Payment Card Industry Security Standard)_Test 4.3
PCI (Payment Card Industry Security Standard) Encrypt transmission of cardholder data across open, public networks Test 4.3 4.3 Examine documentation and interview personnel to verify that security policies and operational procedures for encrypting transmissions of cardholder data are: – documented – in use and – known to all affected parties. Personnel need to be aware of and following security policies and operational procedures for managing the secure transmission of cardholder data on…
NIST 800-53 System and Information Integrity SI-4(25) System Monitoring Optimize Network Traffic Analysis Provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
NIST 800-53 Configuration Management CM-5(2) Access Restrictions for Change Review System Changes [Withdrawn: Incorporated into CM-3(7).] Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…