NIST 800-53 System and Information Integrity SI-17 Fail-safe Procedures Implement the indicated fail-safe procedures when the indicated failures occur: [Assignment: organization-defined list of failure conditions and associated fail-safe procedures]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…
PCI (Payment Card Industry Security Standard)_Req 12.10.6
PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Req 12.10.6 12.10.6 Develop a process to modify and evolve the incident response plan according to lessons learned and to incorporate industry developments. Incorporating “lessons learned” into the incident response plan after an incident helps keep the plan current and able to react to emerging threats and security trends. Click here to Start your FREE…
NIST 800-53 Risk Assessment RA-3(3) Risk Assessment Dynamic Threat Awareness Determine the current cyber threat environment on an ongoing basis using [Assignment: organization-defined means]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track…
NIST 800-53 Identification and Authentication IA-12(3) Identity Proofing Identity Evidence Validation and Verification Require that the presented identity evidence be validated and verified through [Assignment: organizational defined methods of validation and verification]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The…
CMMC v2.0 3.3 AUDIT AND ACCOUNTABILITY AU.L2-3.3.7 Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records Internal system clocks are used to generate time stamps which include date and time. Time is expressed in Coordinated Universal Time (UTC) a modern continuation of Greenwich Mean Time (GMT) or local time with an offset from UTC. The granularity of time measurements…
NIST 800-53 System and Communications Protection SC-12(2) Cryptographic Key Establishment and Management Symmetric Keys Produce control and distribute symmetric cryptographic keys using [Selection: NIST FIPS-validated; NSA-approved] key management technology and processes. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…
CIS Framework Controls V8_15.3
CIS Framework Controls V8 Service Provider Management 15.3 Classify Service Providers Classify service providers. Classification consideration may include one or more characteristics such as data sensitivity data volume availability requirements applicable regulations inherent risk and mitigated risk. Update and review classifications annually or when significant enterprise changes occur that could impact this Safeguard. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You…
NIST 800-53 System and Services Acquisitions SA-8(13) Security and Privacy Engineering Principles Minimized Security Elements Implement the security design principle of minimized security elements in [Assignment: organization-defined systems or system components]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…
CIS Framework Controls V8_18.3
CIS Framework Controls V8 Penetration Testing 18.3 Remediate Penetration Test Findings Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to…
SOC 2 Privacy Additional Criteria for Privacy P6.2 The entity creates and retains a complete accurate and timely record of authorized disclosures of personal information to meet the entity?s objectives related to privacy. Creates and Retains Record of Authorized Disclosures—The entity creates and maintains a record of authorized disclosures of personal information that is complete accurate and timely. Click here to Start your FREE trial today! Explainer video What is…
NIST 800-53 Audit and Accountability AU-3(3) Content of Audit Records Limit Personally Identifiable Information Elements Limit personally identifiable information contained in audit records to the following elements identified in the privacy risk assessment: [Assignment: organization-defined elements]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they…
NIST 800-53 Configuration Management CM-10 Software Usage Restrictions a. Use software and associated documentation in accordance with contract agreements and copyright laws;b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; andc. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution display performance or reproduction of copyrighted work. Click here…
NIST 800-53 Assessment, Authorization and Monitoring CA-7(5) Continuous Monitoring Consistency Analysis Employ the following actions to validate that policies are established and implemented controls are operating in a consistent manner: [Assignment: organization-defined actions]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…
CMMC v2.0 3.13 SYSTEM AND COMMUNICATIONS PROTECTION SC.L2-3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e. deny all permit by exception). This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points within the system. A deny-all permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed. Click here to Start…
CMMC v2.0 3.7 MAINTENANCE MA.L2-3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems If upon inspection of media containing maintenance diagnostic and test programs organizations determine that the media contain malicious code the incident is handled consistent with incident handling policies and procedures Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You…
NIST 800-53 System and Communications Protection SC-17 Public Key Infrastructure Certificates a. Issue public key certificates under an [Assignment: organization-defined certificate policy] or obtain public key certificates from an approved service provider; andb. Include only approved trust anchors in trust stores or certificate stores managed by the organization. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your…
NIST 800-53 Incident Response IR-9(3) Information Spillage Response Post-spill Operations Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: [Assignment: organization-defined procedures]. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number…
NIST 800-53 System and Communications Protection SC-16 Transmission of Security and Privacy Attributes Associate [Assignment: organization-defined security and privacy attributes] with information exchanged between systems and between system components. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…
NIST 800-53 Contingency Planning CP-7(2) Alternate Processing Site Accessibility Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish…
NIST 800-53 Identification and Authentication IA-12(4) Identity Proofing In-person Validation and Verification Require that the validation and verification of identity evidence be conducted in person before a designated registration authority. Click here to Start your FREE trial today! Explainer video What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform…