NIST-CSF_ID.BE-4

NIST-CSF Business Environment (ID.BE) ID.BE-4 ID.BE-4: Dependencies and critical functions for delivery of critical services are established NULL   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from…

Read More

NIST 800-53_AU-13(1)

NIST 800-53 Audit and Accountability AU-13(1) Monitoring for Information Disclosure Use of Automated Tools Monitor open-source information and information sites using [Assignment: organization-defined automated mechanisms].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to…

Read More

NIST 800-53_SA-6

NIST 800-53 System and Services Acquisitions SA-6 Software Usage Restrictions [Withdrawn: Incorporated into CM-10 and SI-7.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…

Read More

NIST 800-53_SC-26(1)

NIST 800-53 System and Communications Protection SC-26(1) Decoys Detection of Malicious Code [Withdrawn: Incorporated into SC-35.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…

Read More

FTC-SFSCI (Part 314)_314.4(d)(2)(i)

FTC-SFSCI (Part 314) Monitoring, Verifying and Validating 314.4(d)(2)(i) Annual penetration testing of your information systems determined each given year based on relevant identified risks in accordance with the risk assessment. (d)Monitor and Test Safeguards  (2) For information systems the monitoring and testing shall include continuous monitoring or periodic penetration testing and vulnerability assessments. Absent effective continuous monitoring or other systems to detect on an ongoing basis changes in information systems that may…

Read More

NIST 800-53_PE-14(1)

NIST 800-53 Physical and Environmental Protection PE-14(1) Environmental Controls Automatic Controls Employ the following automatic environmental controls in the facility to prevent fluctuations potentially harmful to the system: [Assignment: organization-defined automatic environmental controls].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated.…

Read More

NIST 800-53_PM-5

NIST 800-53 Program Management PM-5 System Inventory Develop and update [Assignment: organization-defined frequency] an inventory of organizational systems.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from…

Read More

PCI (Payment Card Industry Security Standard)_Test 8.1.8

PCI (Payment Card Industry Security Standard) Identify and authenticate access to system components Test 8.1.8 8.1.8 For a sample of system components inspect system configuration settings to verify that system/session idle time out features have been set to 15 minutes or less. When users walk away from an open machine with access to critical system components or cardholder data that machine may be used by others in the user’s absence resulting in…

Read More

NERC CIP-002 through CIP-014 Revision 6_CIP-005-5 1.4

NERC CIP-002 through CIP-014 Revision 6 Electronic Security Perimeter CIP-005-5 1.4 1.4 Where technically feasible perform authentication when establishing Dial-up Connectivity with applicable Cyber Assets. M1. Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-004-5.1 Table R1 Security Awareness Program and additional evidence to demonstrate implementation as described in the Measures column of the table. CIP-005-5 Table R1– Electronic Security Perimeter…

Read More

NIST 800-53_RA-5(7)

NIST 800-53 Risk Assessment RA-5(7) Vulnerability Monitoring and Scanning Automated Detection and Notification of Unauthorized Components [Withdrawn: Incorporated into CM-8.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any…

Read More

NIST 800-53_SC-21(1)

NIST 800-53 System and Communications Protection SC-21(1) Secure Name/address Resolution Service (recursive or Caching Resolver) Data Origin and Integrity [Withdrawn: Incorporated into SC-21.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress…

Read More

NIST 800-53_AC-6(9)

NIST 800-53 Access Control AC-6(9) Least Privilege Log Use of Privileged Functions Log the execution of privileged functions.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from…

Read More

NIST 800-53_CA-2(3)

NIST 800-53 Assessment, Authorization and Monitoring CA-2(3) Control Assessments Leveraging Results from External Organizations Leverage the results of control assessments performed by [Assignment: organization-defined external organization] on [Assignment: organization-defined system] when the assessment meets [Assignment: organization-defined requirements].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as…

Read More

NIST 800-53_CM-7(5)

NIST 800-53 Configuration Management CM-7(5) Least Functionality Authorized Software ? Allow-by-exception (a) Identify [Assignment: organization-defined software programs authorized to execute on the system];(b) Employ a deny-all permit-by-exception policy to allow the execution of authorized software programs on the system; and(c) Review and update the list of authorized software programs [Assignment: organization-defined frequency].   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t…

Read More

NIST 800-53_SC-20(2)

NIST 800-53 System and Communications Protection SC-20(2) Secure Name/address Resolution Service (authoritative Source) Data Origin and Integrity Provide data origin and integrity protection artifacts for internal name/address resolution queries.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers…

Read More

NIST 800-53_SC-7(1)

NIST 800-53 System and Communications Protection SC-7(1) Boundary Protection Physically Separated Subnetworks [Withdrawn: Incorporated into SC-7.]   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones…

Read More

NIST 800-53_CP-9(3)

NIST 800-53 Contingency Planning CP-9(3) System Backup Separate Storage for Critical Information Store backup copies of [Assignment: organization-defined critical system software and other security-related information] in a separate facility or in a fire rated container that is not collocated with the operational system.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your security and privacy programs with…

Read More

NIST 800-171_3.1.21

NIST 800-171 3.1 ACCESS CONTROL 3.1.21 Limit use of portable storage devices on external systems. Limits on the use of organization-controlled portable storage devices in external systems includecomplete prohibition of the use of such devices or restrictions on how the devices may be used and under what conditions the devices may be used. Note that while “external” typically refers to outside of the organization’s direct supervision and authority that is not always…

Read More

NIST 800-171_3.3.7

NIST 800-171 3.3 AUDIT AND ACCOUNTABILITY 3.3.7 Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records Internal system clocks are used to generate time stamps which include date and time. Time is expressed in Coordinated Universal Time (UTC) a modern continuation of Greenwich Mean Time (GMT) or local time with an offset from UTC. The granularity of time measurements…

Read More

PCI (Payment Card Industry Security Standard)_Req 12.8.1

PCI (Payment Card Industry Security Standard) Maintain a policy that addresses information security for all personnel Req 12.8.1 12.8.1 Maintain a list of service providers including a description of the service provided. Keeping track of all service providers identifies where potential risk extends to outside of the organization.   Click here to Start your FREE trial today! Explainer video   What is a Cybersecurity Compliance Framework? You don’t need to clutter your…

Read More