CIS Framework Controls V8_17.3

Lionfish Cyber Security | June 11th 2022 |

CIS Framework Controls V8 Incident Response Management 17.3 Establish and Maintain an Enterprise Process for Reporting Incidents Establish and maintain an enterprise process for the workforce to report security incidents. The process includes reporting timeframe personnel to report to mechanism for reporting and the minimum information to be reported. Ensure the process is publicly available to all of the workforce. Review annually or when significant enterprise changes occur that could impact this…

Read More

PCI (Payment Card Industry Security Standard)_Test 4.1.1

Lionfish Cyber Security | June 11th 2022 |

PCI (Payment Card Industry Security Standard) Encrypt transmission of cardholder data across open, public networks Test 4.1.1 4.1.1 Identify all wireless networks transmitting cardholder data or connected to the cardholder data environment. Examine documented standards and compare to system configuration settings to verify the following for all wireless networks identified: – Industry best practices are used to implement strong encryption for authentication and transmission. – Weak encryption (for example WEP SSL) is…

Read More

PCI (Payment Card Industry Security Standard)_Test 6.5.1

Lionfish Cyber Security | June 10th 2022 |

PCI (Payment Card Industry Security Standard) Develop and maintain secure systems and applications Test 6.5.1 6.5.1 Examine software-development policies and procedures and interview responsible personnel to verify that injection flaws are addressed by coding techniques that include: – Validating input to verify user data cannot modify meaning of commands and queries. – Utilizing parameterized queries. Injection flaws particularly SQL injection are a commonly used method for compromising applications. Injection occurs when user-supplied…

Read More

NIST 800-53_AC-4(23)

Lionfish Cyber Security | June 10th 2022 |

NIST 800-53 Access Control AC-4(23) Information Flow Enforcement Modify Non-releasable Information When transferring information between different security domains modify non-releasable information by implementing [Assignment: organization-defined modification action].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…

Read More

FTC-SFSCI (Part 314)_314.4(d)(2)(ii)

Lionfish Cyber Security | June 10th 2022 |

FTC-SFSCI (Part 314) Monitoring, Verifying and Validating 314.4(d)(2)(ii) Vulnerability assessments including any systemic scans or reviews of information systems reasonably designed to identify publicly known security vulnerabilities in your information systems based on the risk assessment at least every six months; and whenever there are material changes to your operations or business arrangements; and whenever there are circumstances you know or have reason to know may have a material impact on your…

Read More

NIST 800-53_PL-8(2)

Lionfish Cyber Security | June 10th 2022 |

NIST 800-53 Planning PL-8(2) Security and Privacy Architectures Supplier Diversity Require that [Assignment: organization-defined controls] allocated to [Assignment: organization-defined locations and architectural layers] are obtained from different suppliers.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…

Read More

NERC CIP-002 through CIP-014 Revision 6_CIP-006-6 1.2

Lionfish Cyber Security | June 9th 2022 |

NERC CIP-002 through CIP-014 Revision 6 Physical Security Plan CIP-006-6 1.2 1.2 Utilize at least one physical access control to allow unescorted physical access into each applicable Physical Security Perimeter to only those individuals who have authorized unescorted physical access. M1. Evidence must include each of the documented physical security plans that collectively include all of the applicable requirement parts in CIP-006-6 Table R1– Physical Security Plan and additional evidence to demonstrate…

Read More

NERC CIP-002 through CIP-014 Revision 6_CIP-010-2 R2

Lionfish Cyber Security | June 9th 2022 |

NERC CIP-002 through CIP-014 Revision 6 Configuration Monitoring CIP-010-2 R2 R2. Each Responsible Entity shall implement one or more documented process(es) that collectively include each of the applicable requirement parts in CIP-010-2 Table R2 ? Configuration Monitoring. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]. M2. Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-010-2 Table R2– Configuration Monitoring and additional…

Read More

NIST 800-53_IA-4(4)

Lionfish Cyber Security | June 9th 2022 |

NIST 800-53 Identification and Authentication IA-4(4) Identifier Management Identify User Status Manage individual identifiers by uniquely identifying each individual as [Assignment: organization-defined characteristic identifying individual status].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution…

Read More

CIS Framework Controls V8_4.8

Lionfish Cyber Security | June 8th 2022 |

CIS Framework Controls V8 Secure Configuration of Enterprise Assets and Software 4.8 Uninstall or Disable Unnecessary Services on Enterprise Assets and Software Uninstall or disable unnecessary services on enterprise assets and software such as an unused file sharing service web application module or service function.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy…

Read More

NIST-CSF_DE.DP-4

Lionfish Cyber Security | June 8th 2022 |

NIST-CSF Detection Processes (DE.DP) DE.DP-4 DE.DP-4: Event detection information is communicated NULL   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand…

Read More

NIST 800-171_3.4.9

Lionfish Cyber Security | June 8th 2022 |

NIST 800-171 3.4 CONFIGURATION MANAGEMENT 3.4.9 Control and monitor user-installed software Users can install software in organizational systems if provided the necessary privileges. To maintain control over the software installed organizations identify permitted and prohibited actions regarding software installation through policies. Permitted software installations include updates and security patches to existing software and applications from organization-approved “app stores.” Prohibited software installations may include software with unknown or suspect pedigrees or software that…

Read More

NIST 800-53_PL-6

Lionfish Cyber Security | June 8th 2022 |

NIST 800-53 Planning PL-6 Security-related Activity Planning [Withdrawn: Incorporated into PL-2.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top…

Read More

PCI (Payment Card Industry Security Standard)_Test 12.5.2

Lionfish Cyber Security | June 8th 2022 |

PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Test 12.5.2 12.5.2 Verify that responsibility for monitoring and analyzing security alerts and distributing information to appropriate information security and business unit management personnel is formally assigned. Each person or team with responsibilities for information security management should be clearly aware of their responsibilities and related tasks through specific policy. Without this accountability gaps in processes…

Read More

NIST 800-53_SC-7(19)

Lionfish Cyber Security | June 7th 2022 |

NIST 800-53 System and Communications Protection SC-7(19) Boundary Protection Block Communication from Non-organizationally Configured Hosts Block inbound and outbound communications traffic between [Assignment: organization-defined communication clients] that are independently configured by end users and external service providers.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…

Read More

NIST 800-53_SC-36(2)

Lionfish Cyber Security | June 7th 2022 |

NIST 800-53 System and Communications Protection SC-36(2) Distributed Processing and Storage Synchronization Synchronize the following duplicate systems or system components: [Assignment: organization-defined duplicate systems or system components].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop…

Read More

CMMC v2.0_PS.L2-3.9.2

Lionfish Cyber Security | June 7th 2022 |

CMMC v2.0 3.9 PERSONNEL SECURITY PS.L2-3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers Protecting CUI during and after personnel actions may include returning system-related property and conducting exit interviews. System-related property includes hardware authentication tokens identification cards system administration technical manuals keys and building passes. Exit interviews ensure that individuals who have been terminated understand the security constraints imposed by being…

Read More

NIST 800-53_SI-3(7)

Lionfish Cyber Security | June 6th 2022 |

NIST 800-53 System and Information Integrity SI-3(7) Malicious Code Protection Nonsignature-based Detection [Withdrawn: Incorporated into SI-3.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…

Read More

NIST 800-53_CM-8(1)

Lionfish Cyber Security | June 6th 2022 |

NIST 800-53 Configuration Management CM-8(1) System Component Inventory Updates During Installation and Removal Update the inventory of system components as part of component installations removals and system updates.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a…

Read More

NIST 800-53_AC-8

Lionfish Cyber Security | June 6th 2022 |

NIST 800-53 Access Control AC-8 System Use Notification a. Display [Assignment: organization-defined system use notification message or banner] to users before granting access to the system that provides privacy and security notices consistent with applicable laws executive orders directives regulations policies standards and guidelines and state that:1. Users are accessing a U.S. Government system;2. System usage may be monitored recorded and subject to audit;3. Unauthorized use of the system is prohibited and…

Read More

Page 118 of 122