0002798
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171
US National Institute of Standards and Technology
International or National Standard
Free
NIST SP 800-171
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171
2015-06-01
The document as a whole was last reviewed and released on 2016-07-09T00:00:00-0700.
0002798
Free
US National Institute of Standards and Technology
International or National Standard
NIST SP 800-171
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171
2015-06-01
The document as a whole was last reviewed and released on 2016-07-09T00:00:00-0700.
This Authority Document In Depth Report is copyrighted - © 2024 - Network Frontiers LLC. All rights reserved. Copyright in the Authority Document analyzed herein is held by its authors. Network Frontiers makes no claims of copyright in this Authority Document.
This Authority Document In Depth Report is provided for informational purposes only and does not constitute, and should not be construed as, legal advice. The reader is encouraged to consult with an attorney experienced in these areas for further explanation and advice.
This Authority Document In Depth Report provides analysis and guidance for use and implementation of the Authority Document but it is not a substitute for the original authority document itself. Readers should refer to the original authority document as the definitive resource on obligations and compliance requirements.
This document has been mapped into the Unified Compliance Framework using a patented methodology and patented tools (you can research our patents HERE). The mapping team has taken every effort to ensure the quality of mapping is of the highest degree. To learn more about the process we use to map Authority Documents, or to become involved in that process, click HERE.
When the UCF Mapping Teams tag Citations and their associated mandates within an Authority Document, those Citations and Mandates are tied to Common Controls. In addition, and by virtue of those Citations and mandates being tied to Common Controls, there are three sets of meta data that are associated with each Citation; Controls by Impact Zone, Controls by Type, and Controls by Classification.
The online version of the mapping analysis you see here is just a fraction of the work the UCF Mapping Team has done. The downloadable version of this document, available within the Common Controls Hub (available HERE) contains the following:
Document implementation analysis – statistics about the document’s alignment with Common Controls as compared to other Authority Documents and statistics on usage of key terms and non-standard terms.
Citation and Mandate Tagging and Mapping – A complete listing of each and every Citation we found within Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171 that have been tagged with their primary and secondary nouns and primary and secondary verbs in three column format. The first column shows the Citation (the marker within the Authority Document that points to where we found the guidance). The second column shows the Citation guidance per se, along with the tagging for the mandate we found within the Citation. The third column shows the Common Control ID that the mandate is linked to, and the final column gives us the Common Control itself.
Dictionary Terms – The dictionary terms listed for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171 are based upon terms either found within the Authority Document’s defined terms section(which most legal documents have), its glossary, and for the most part, as tagged within each mandate. The terms with links are terms that are the standardized version of the term.
An Impact Zone is a hierarchical way of organizing our suite of Common Controls — it is a taxonomy. The top levels of the UCF hierarchy are called Impact Zones. Common Controls are mapped within the UCF’s Impact Zones and are maintained in a legal hierarchy within that Impact Zone. Each Impact Zone deals with a separate area of policies, standards, and procedures: technology acquisition, physical security, continuity, records management, etc.
The UCF created its taxonomy by looking at the corpus of standards and regulations through the lens of unification and a view toward how the controls impact the organization. Thus, we created a hierarchical structure for each impact zone that takes into account regulatory and standards bodies, doctrines, and language.
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Audits and risk management CC ID 00677 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain an audit program. CC ID 00684 | Establish/Maintain Documentation | Preventive | |
Accept the attestation engagement when all preconditions are met. CC ID 13933 | Business Processes | Preventive | |
Audit in scope audit items and compliance documents. CC ID 06730 | Audits and Risk Management | Preventive | |
Determine if the audit assertion's in scope controls are reasonable. CC ID 06980 | Testing | Detective | |
Document test plans for auditing in scope controls. CC ID 06985 | Testing | Detective | |
Determine the effectiveness of in scope controls. CC ID 06984 [Periodically assess the security controls in organizational information systems to determine if the controls are effective in their application. 3.12.1 Monitor information system security controls on an ongoing basis to ensure the continued effectiveness of the controls. 3.12.3] | Testing | Detective | |
Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157 | Audits and Risk Management | Detective | |
Review audit reports to determine the effectiveness of in scope controls. CC ID 12156 | Audits and Risk Management | Detective | |
Observe processes to determine the effectiveness of in scope controls. CC ID 12155 | Audits and Risk Management | Detective | |
Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154 | Audits and Risk Management | Detective | |
Review documentation to determine the effectiveness of in scope controls. CC ID 16522 | Process or Activity | Preventive | |
Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144 | Audits and Risk Management | Detective | |
Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556 | Audits and Risk Management | Detective | |
Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555 | Audits and Risk Management | Detective | |
Establish, implement, and maintain a risk management program. CC ID 12051 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a risk assessment program. CC ID 00687 | Establish/Maintain Documentation | Preventive | |
Perform risk assessments for all target environments, as necessary. CC ID 06452 [Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission of CUI. 3.11.1] | Testing | Preventive | |
Include the probability and potential impact of pandemics in the scope of the risk assessment. CC ID 13241 | Establish/Maintain Documentation | Preventive | |
Include physical assets in the scope of the risk assessment. CC ID 13075 | Establish/Maintain Documentation | Preventive | |
Include the results of the risk assessment in the risk assessment report. CC ID 06481 | Establish/Maintain Documentation | Preventive | |
Approve the results of the risk assessment as documented in the risk assessment report. CC ID 07109 | Audits and Risk Management | Preventive | |
Update the risk assessment upon discovery of a new threat. CC ID 00708 | Establish/Maintain Documentation | Detective | |
Review risks to the organization's audit function when changes in the supply chain occur. CC ID 01154 | Audits and Risk Management | Preventive | |
Update the risk assessment upon changes to the risk profile. CC ID 11627 | Establish/Maintain Documentation | Detective | |
Review the risk to the audit function when the audit personnel status changes. CC ID 01153 | Audits and Risk Management | Preventive | |
Document any reasons for modifying or refraining from modifying the organization's risk assessment when the risk assessment has been reviewed. CC ID 13312 | Establish/Maintain Documentation | Preventive | |
Create a risk assessment report based on the risk assessment results. CC ID 15695 | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate the approved risk assessment report to interested personnel and affected parties. CC ID 10633 | Communicate | Preventive | |
Conduct external audits of risk assessments, as necessary. CC ID 13308 | Audits and Risk Management | Detective | |
Notify the organization upon completion of the external audits of the organization's risk assessment. CC ID 13313 | Communicate | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Human Resources management CC ID 00763 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain a personnel management program. CC ID 14018 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a personnel security program. CC ID 10628 | Establish/Maintain Documentation | Preventive | |
Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 | Testing | Detective | |
Establish, implement, and maintain security clearance procedures. CC ID 00783 | Establish/Maintain Documentation | Preventive | |
Perform security clearance procedures, as necessary. CC ID 06644 [Screen individuals prior to authorizing access to information systems containing CUI. 3.9.1] | Human Resources Management | Preventive | |
Establish and maintain security clearances. CC ID 01634 | Human Resources Management | Preventive | |
Establish, implement, and maintain personnel status change and termination procedures. CC ID 06549 [Ensure that CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers. 3.9.2] | Establish/Maintain Documentation | Preventive | |
Terminate user accounts when notified that an individual is terminated. CC ID 11614 | Technical Security | Corrective | |
Terminate access rights when notified of a personnel status change or an individual is terminated. CC ID 11826 | Technical Security | Corrective | |
Assign an owner of the personnel status change and termination procedures. CC ID 11805 | Human Resources Management | Preventive | |
Deny access to restricted data or restricted information when a personnel status change occurs or an individual is terminated. CC ID 01309 | Data and Information Management | Corrective | |
Notify the security manager, in writing, prior to an employee's job change. CC ID 12283 | Human Resources Management | Preventive | |
Notify all interested personnel and affected parties when personnel status changes or an individual is terminated. CC ID 06677 | Behavior | Preventive | |
Notify terminated individuals of applicable, legally binding post-employment requirements. CC ID 10630 | Communicate | Preventive | |
Enforce the information security responsibilities and duties that remain valid after termination or change of employment. CC ID 11992 | Human Resources Management | Preventive | |
Update contact information of any individual undergoing a personnel status change, as necessary. CC ID 12692 | Human Resources Management | Corrective | |
Disseminate and communicate the personnel status change and termination procedures to all interested personnel and affected parties. CC ID 06676 | Behavior | Preventive | |
Conduct exit interviews upon termination of employment. CC ID 14290 | Human Resources Management | Preventive | |
Require terminated individuals to sign an acknowledgment of post-employment requirements. CC ID 10631 | Establish/Maintain Documentation | Preventive | |
Verify completion of each activity in the employee termination checklist when an individual is terminated. CC ID 12449 | Human Resources Management | Detective | |
Establish and maintain the staff structure in line with the strategic plan. CC ID 00764 | Establish Roles | Preventive | |
Implement segregation of duties in roles and responsibilities. CC ID 00774 [Separate the duties of individuals to reduce the risk of malevolent activity without collusion. 3.1.4] | Testing | Detective | |
Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960 | Technical Security | Preventive | |
Train all personnel and third parties, as necessary. CC ID 00785 | Behavior | Preventive | |
Establish, implement, and maintain an education methodology. CC ID 06671 | Business Processes | Preventive | |
Tailor training to be taught at each person's level of responsibility. CC ID 06674 [Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities. 3.2.2] | Behavior | Preventive | |
Establish, implement, and maintain training plans. CC ID 00828 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a security awareness program. CC ID 11746 | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823 [Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. 3.2.1] | Behavior | Preventive | |
Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211 [Provide security awareness training on recognizing and reporting potential indicators of insider threat. 3.2.3] | Behavior | Preventive | |
Train all personnel and third parties on how to recognize and report system failures. CC ID 13475 | Training | Preventive | |
Require personnel to acknowledge, through writing their signature, that they have read and understand the organization's security policies. CC ID 01363 | Establish/Maintain Documentation | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Monitoring and measurement CC ID 00636 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain logging and monitoring operations. CC ID 00637 | Log Management | Detective | |
Establish, implement, and maintain intrusion management operations. CC ID 00580 | Monitor and Evaluate Occurrences | Preventive | |
Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Monitor information system security alerts and advisories and take appropriate actions in response. 3.14.3 Monitor the information system including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. 3.14.6] | Monitor and Evaluate Occurrences | Detective | |
Monitor systems for blended attacks and multiple component incidents. CC ID 01225 | Monitor and Evaluate Occurrences | Detective | |
Monitor systems for Denial of Service attacks. CC ID 01222 | Monitor and Evaluate Occurrences | Detective | |
Monitor systems for unauthorized data transfers. CC ID 12971 | Monitor and Evaluate Occurrences | Preventive | |
Address operational anomalies within the incident management system. CC ID 11633 | Audits and Risk Management | Preventive | |
Monitor systems for access to restricted data or restricted information. CC ID 04721 | Monitor and Evaluate Occurrences | Detective | |
Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 | Human Resources Management | Detective | |
Detect unauthorized access to systems. CC ID 06798 [Identify unauthorized use of the information system. 3.14.7] | Monitor and Evaluate Occurrences | Detective | |
Incorporate potential red flags into the organization's incident management system. CC ID 04652 | Monitor and Evaluate Occurrences | Detective | |
Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 | Audits and Risk Management | Preventive | |
Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430 | Monitor and Evaluate Occurrences | Detective | |
Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 | Monitor and Evaluate Occurrences | Detective | |
Monitor systems for unauthorized mobile code. CC ID 10034 [Control and monitor the use of mobile code. 3.13.13] | Monitor and Evaluate Occurrences | Preventive | |
Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638 [Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. 3.3.1] | Log Management | Detective | |
Establish, implement, and maintain an event logging policy. CC ID 15217 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain event logging procedures. CC ID 01335 | Log Management | Detective | |
Include the system components that generate audit records in the event logging procedures. CC ID 16426 | Data and Information Management | Preventive | |
Include a standard to collect and interpret event logs in the event logging procedures. CC ID 00643 | Log Management | Preventive | |
Protect the event logs from failure. CC ID 06290 | Log Management | Preventive | |
Overwrite the oldest records when audit logging fails. CC ID 14308 | Data and Information Management | Preventive | |
Supply each in scope asset with audit reduction tool and report generation capabilities to support after-the-fact investigations without altering the event logs. CC ID 01427 [Provide audit reduction and report generation to support on-demand analysis and reporting. 3.3.6] | Testing | Preventive | |
Provide predefined suspicious activity reports for suspicious activity discovered in the event log. CC ID 06774 | Establish/Maintain Documentation | Corrective | |
Include identity information of suspects in the suspicious activity report. CC ID 16648 | Establish/Maintain Documentation | Preventive | |
Compile the event logs of multiple components into a system-wide time-correlated audit trail. CC ID 01424 [Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity. 3.3.5] | Audits and Risk Management | Preventive | |
Review and update event logs and audit logs, as necessary. CC ID 00596 | Log Management | Detective | |
Eliminate false positives in event logs and audit logs. CC ID 07047 | Log Management | Corrective | |
Correlate log entries to security controls to verify the security control's effectiveness. CC ID 13207 | Log Management | Detective | |
Identify cybersecurity events in event logs and audit logs. CC ID 13206 | Technical Security | Detective | |
Follow up exceptions and anomalies identified when reviewing logs. CC ID 11925 | Investigate | Corrective | |
Reproduce the event log if a log failure is captured. CC ID 01426 | Log Management | Preventive | |
Document the event information to be logged in the event information log specification. CC ID 00639 | Configuration | Preventive | |
Enable logging for all systems that meet a traceability criteria. CC ID 00640 | Log Management | Detective | |
Enable the logging capability to capture enough information to ensure the system is functioning according to its intended purpose throughout its life cycle. CC ID 15001 | Configuration | Preventive | |
Enable and configure logging on all network access controls. CC ID 01963 | Configuration | Preventive | |
Analyze firewall logs for the correct capturing of data. CC ID 00549 | Log Management | Detective | |
Synchronize system clocks to an accurate and universal time source on all devices. CC ID 01340 [Provide an information system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. 3.3.7] | Configuration | Preventive | |
Centralize network time servers to as few as practical. CC ID 06308 | Configuration | Preventive | |
Disseminate and communicate information to customers about clock synchronization methods used by the organization. CC ID 13044 | Communicate | Preventive | |
Define the frequency to capture and log events. CC ID 06313 | Log Management | Preventive | |
Include logging frequencies in the event logging procedures. CC ID 00642 | Log Management | Preventive | |
Review and update the list of auditable events in the event logging procedures. CC ID 10097 [Review and update audited events. 3.3.3] | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a testing program. CC ID 00654 | Behavior | Preventive | |
Establish, implement, and maintain a vulnerability management program. CC ID 15721 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a vulnerability assessment program. CC ID 11636 | Establish/Maintain Documentation | Preventive | |
Perform vulnerability scans, as necessary. CC ID 11637 [Scan for vulnerabilities in the information system and applications periodically and when new vulnerabilities affecting the system are identified. 3.11.2] | Technical Security | Detective | |
Repeat vulnerability scanning, as necessary. CC ID 11646 [Remediate vulnerabilities in accordance with assessments of risk. 3.11.3] | Testing | Detective | |
Identify and document security vulnerabilities. CC ID 11857 | Technical Security | Detective | |
Rank discovered vulnerabilities. CC ID 11940 | Investigate | Detective | |
Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 | Technical Security | Preventive | |
Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 | Technical Security | Detective | |
Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418 | Communicate | Preventive | |
Maintain vulnerability scan reports as organizational records. CC ID 12092 | Records Management | Preventive | |
Correlate vulnerability scan reports from the various systems. CC ID 10636 | Technical Security | Detective | |
Perform internal vulnerability scans, as necessary. CC ID 00656 | Testing | Detective | |
Perform vulnerability scans prior to installing payment applications. CC ID 12192 | Technical Security | Detective | |
Implement scanning tools, as necessary. CC ID 14282 | Technical Security | Detective | |
Update the vulnerability scanners' vulnerability list. CC ID 10634 | Configuration | Corrective | |
Repeat vulnerability scanning after an approved change occurs. CC ID 12468 | Technical Security | Detective | |
Perform external vulnerability scans, as necessary. CC ID 11624 | Technical Security | Detective | |
Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 | Business Processes | Preventive | |
Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 | Testing | Preventive | |
Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 | Technical Security | Detective | |
Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 | Behavior | Corrective | |
Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a log management program. CC ID 00673 [Limit management of audit functionality to a subset of privileged users. 3.3.9] | Establish/Maintain Documentation | Preventive | |
Deploy log normalization tools, as necessary. CC ID 12141 | Technical Security | Preventive | |
Restrict access to logs to authorized individuals. CC ID 01342 | Log Management | Preventive | |
Restrict access to audit trails to a need to know basis. CC ID 11641 | Technical Security | Preventive | |
Refrain from recording unnecessary restricted data in logs. CC ID 06318 | Log Management | Preventive | |
Back up audit trails according to backup procedures. CC ID 11642 | Systems Continuity | Preventive | |
Back up logs according to backup procedures. CC ID 01344 | Log Management | Preventive | |
Copy logs from all predefined hosts onto a log management infrastructure. CC ID 01346 | Log Management | Preventive | |
Identify hosts with logs that are not being stored. CC ID 06314 | Log Management | Preventive | |
Identify hosts with logs that are being stored at the system level only. CC ID 06315 | Log Management | Preventive | |
Identify hosts with logs that should be stored at both the system level and the infrastructure level. CC ID 06316 | Log Management | Preventive | |
Identify hosts with logs that are being stored at the infrastructure level only. CC ID 06317 | Log Management | Preventive | |
Protect logs from unauthorized activity. CC ID 01345 [Protect audit information and audit tools from unauthorized access, modification, and deletion. 3.3.8] | Log Management | Preventive | |
Perform testing and validating activities on all logs. CC ID 06322 | Log Management | Preventive | |
Archive the audit trail in accordance with compliance requirements. CC ID 00674 | Log Management | Preventive | |
Enforce dual authorization as a part of information flow control for logs. CC ID 10098 | Configuration | Preventive | |
Preserve the identity of individuals in audit trails. CC ID 10594 | Log Management | Preventive | |
Establish, implement, and maintain a cross-organizational audit sharing agreement. CC ID 10595 | Establish/Maintain Documentation | Preventive | |
Provide cross-organizational audit information based on the cross-organizational audit sharing agreement. CC ID 10596 | Audits and Risk Management | Preventive | |
Establish, implement, and maintain a corrective action plan. CC ID 00675 [Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems. 3.12.2] | Monitor and Evaluate Occurrences | Detective | |
Align corrective actions with the level of environmental impact. CC ID 15193 | Business Processes | Preventive | |
Include risks and opportunities in the corrective action plan. CC ID 15178 | Establish/Maintain Documentation | Preventive | |
Include environmental aspects in the corrective action plan. CC ID 15177 | Establish/Maintain Documentation | Preventive | |
Include the completion date in the corrective action plan. CC ID 13272 | Establish/Maintain Documentation | Preventive | |
Include monitoring in the corrective action plan. CC ID 11645 | Monitor and Evaluate Occurrences | Detective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Operational and Systems Continuity CC ID 00731 | IT Impact Zone | IT Impact Zone | |
Prepare the alternate facility for an emergency offsite relocation. CC ID 00744 | Systems Continuity | Preventive | |
Protect backup systems and restoration systems at the alternate facility. CC ID 04883 [Protect the confidentiality of backup CUI at storage locations. 3.8.9] | Systems Continuity | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Operational management CC ID 00805 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain an information security program. CC ID 00812 | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate the information security policy to interested personnel and affected parties. CC ID 11739 [Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. 3.2.1] | Communicate | Preventive | |
Establish, implement, and maintain operational control procedures. CC ID 00831 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain Voice over Internet Protocol operating procedures. CC ID 04583 [Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. 3.13.14] | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 | Establish/Maintain Documentation | Preventive | |
Include a software installation policy in the Acceptable Use Policy. CC ID 06749 [Control and monitor user-installed software. 3.4.9] | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain an Asset Management program. CC ID 06630 | Business Processes | Preventive | |
Establish, implement, and maintain an asset inventory. CC ID 06631 [Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. 3.4.1] | Business Processes | Preventive | |
Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689 | Establish/Maintain Documentation | Preventive | |
Include all account types in the Information Technology inventory. CC ID 13311 | Establish/Maintain Documentation | Preventive | |
Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695 | Systems Design, Build, and Implementation | Preventive | |
Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289 | Data and Information Management | Preventive | |
Include each Information System's major applications in the Information Technology inventory. CC ID 01407 | Establish/Maintain Documentation | Preventive | |
Categorize all major applications according to the business information they process. CC ID 07182 | Establish/Maintain Documentation | Preventive | |
Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164 | Establish/Maintain Documentation | Preventive | |
Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408 | Establish/Maintain Documentation | Preventive | |
Include each Information System's minor applications in the Information Technology inventory. CC ID 01409 | Establish/Maintain Documentation | Preventive | |
Conduct environmental surveys. CC ID 00690 | Physical and Environmental Protection | Preventive | |
Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a hardware asset inventory. CC ID 00691 | Establish/Maintain Documentation | Preventive | |
Include network equipment in the Information Technology inventory. CC ID 00693 | Establish/Maintain Documentation | Preventive | |
Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719 | Establish/Maintain Documentation | Preventive | |
Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885 | Process or Activity | Preventive | |
Include software in the Information Technology inventory. CC ID 00692 | Establish/Maintain Documentation | Preventive | |
Establish and maintain a list of authorized software and versions required for each system. CC ID 12093 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a storage media inventory. CC ID 00694 | Establish/Maintain Documentation | Preventive | |
Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962 | Establish/Maintain Documentation | Detective | |
Establish, implement, and maintain a records inventory and database inventory. CC ID 01260 | Establish/Maintain Documentation | Preventive | |
Add inventoried assets to the asset register database, as necessary. CC ID 07051 | Establish/Maintain Documentation | Preventive | |
Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052 | Monitor and Evaluate Occurrences | Corrective | |
Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053 | Monitor and Evaluate Occurrences | Corrective | |
Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181 | Establish/Maintain Documentation | Preventive | |
Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054 | Technical Security | Preventive | |
Link the authentication system to the asset inventory. CC ID 13718 | Technical Security | Preventive | |
Record a unique name for each asset in the asset inventory. CC ID 16305 | Data and Information Management | Preventive | |
Record the decommission date for applicable assets in the asset inventory. CC ID 14920 | Establish/Maintain Documentation | Preventive | |
Record the status of information systems in the asset inventory. CC ID 16304 | Data and Information Management | Preventive | |
Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301 | Data and Information Management | Preventive | |
Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918 | Establish/Maintain Documentation | Preventive | |
Include source code in the asset inventory. CC ID 14858 | Records Management | Preventive | |
Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344 | Human Resources Management | Preventive | |
Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110 | Technical Security | Detective | |
Record the review date for applicable assets in the asset inventory. CC ID 14919 | Establish/Maintain Documentation | Preventive | |
Record software license information for each asset in the asset inventory. CC ID 11736 | Data and Information Management | Preventive | |
Record services for applicable assets in the asset inventory. CC ID 13733 | Establish/Maintain Documentation | Preventive | |
Record protocols for applicable assets in the asset inventory. CC ID 13734 | Establish/Maintain Documentation | Preventive | |
Record the software version in the asset inventory. CC ID 12196 | Establish/Maintain Documentation | Preventive | |
Record the publisher for applicable assets in the asset inventory. CC ID 13725 | Establish/Maintain Documentation | Preventive | |
Record the authentication system in the asset inventory. CC ID 13724 | Establish/Maintain Documentation | Preventive | |
Tag unsupported assets in the asset inventory. CC ID 13723 | Establish/Maintain Documentation | Preventive | |
Record the install date for applicable assets in the asset inventory. CC ID 13720 | Establish/Maintain Documentation | Preventive | |
Record the make, model of device for applicable assets in the asset inventory. CC ID 12465 | Establish/Maintain Documentation | Preventive | |
Record the asset tag for physical assets in the asset inventory. CC ID 06632 | Establish/Maintain Documentation | Preventive | |
Record the host name of applicable assets in the asset inventory. CC ID 13722 | Establish/Maintain Documentation | Preventive | |
Record network ports for applicable assets in the asset inventory. CC ID 13730 | Establish/Maintain Documentation | Preventive | |
Record the MAC address for applicable assets in the asset inventory. CC ID 13721 | Establish/Maintain Documentation | Preventive | |
Record the operating system version for applicable assets in the asset inventory. CC ID 11748 | Data and Information Management | Preventive | |
Record the operating system type for applicable assets in the asset inventory. CC ID 06633 | Establish/Maintain Documentation | Preventive | |
Record rooms at external locations in the asset inventory. CC ID 16302 | Data and Information Management | Preventive | |
Record the department associated with the asset in the asset inventory. CC ID 12084 | Establish/Maintain Documentation | Preventive | |
Record the physical location for applicable assets in the asset inventory. CC ID 06634 | Establish/Maintain Documentation | Preventive | |
Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635 | Establish/Maintain Documentation | Preventive | |
Record the firmware version for applicable assets in the asset inventory. CC ID 12195 | Establish/Maintain Documentation | Preventive | |
Record the related business function for applicable assets in the asset inventory. CC ID 06636 | Establish/Maintain Documentation | Preventive | |
Record the deployment environment for applicable assets in the asset inventory. CC ID 06637 | Establish/Maintain Documentation | Preventive | |
Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638 | Establish/Maintain Documentation | Preventive | |
Record trusted keys and certificates in the asset inventory. CC ID 15486 | Data and Information Management | Preventive | |
Record cipher suites and protocols in the asset inventory. CC ID 15489 | Data and Information Management | Preventive | |
Link the software asset inventory to the hardware asset inventory. CC ID 12085 | Establish/Maintain Documentation | Preventive | |
Record the owner for applicable assets in the asset inventory. CC ID 06640 | Establish/Maintain Documentation | Preventive | |
Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696 | Establish/Maintain Documentation | Preventive | |
Record all changes to assets in the asset inventory. CC ID 12190 | Establish/Maintain Documentation | Preventive | |
Record cloud service derived data in the asset inventory. CC ID 13007 | Establish/Maintain Documentation | Preventive | |
Include cloud service customer data in the asset inventory. CC ID 13006 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a system preventive maintenance program. CC ID 00885 | Establish/Maintain Documentation | Preventive | |
Control and monitor all maintenance tools. CC ID 01432 [Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance. 3.7.2] | Physical and Environmental Protection | Detective | |
Obtain approval before removing maintenance tools from the facility. CC ID 14298 | Business Processes | Preventive | |
Control remote maintenance according to the system's asset classification. CC ID 01433 | Technical Security | Preventive | |
Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 [Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. 3.7.5] | Technical Security | Preventive | |
Conduct maintenance with authorized personnel. CC ID 01434 [Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance. 3.7.2] | Testing | Detective | |
Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295 | Maintenance | Preventive | |
Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291 | Maintenance | Preventive | |
Perform periodic maintenance according to organizational standards. CC ID 01435 [Perform maintenance on organizational information systems. 3.7.1] | Behavior | Preventive | |
Restart systems on a periodic basis. CC ID 16498 | Maintenance | Preventive | |
Remove components being serviced from the information system prior to performing maintenance. CC ID 14251 | Maintenance | Preventive | |
Employ dedicated systems during system maintenance. CC ID 12108 | Technical Security | Preventive | |
Isolate dedicated systems used for system maintenance from Internet access. CC ID 12114 | Technical Security | Preventive | |
Control granting access to appropriate parties performing maintenance on organizational assets. CC ID 11873 | Human Resources Management | Preventive | |
Identify and authenticate appropriate parties prior to granting access to maintain assets. CC ID 11874 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain a customer service program. CC ID 00846 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain an Incident Management program. CC ID 00853 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Business Processes | Preventive | |
Establish, implement, and maintain an incident management policy. CC ID 16414 | Establish/Maintain Documentation | Preventive | |
Define and assign the roles and responsibilities for Incident Management program. CC ID 13055 | Human Resources Management | Preventive | |
Define the uses and capabilities of the Incident Management program. CC ID 00854 | Establish/Maintain Documentation | Preventive | |
Include incident escalation procedures in the Incident Management program. CC ID 00856 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Establish/Maintain Documentation | Preventive | |
Define the characteristics of the Incident Management program. CC ID 00855 | Establish/Maintain Documentation | Preventive | |
Include the criteria for a data loss event in the Incident Management program. CC ID 12179 | Establish/Maintain Documentation | Preventive | |
Include the criteria for an incident in the Incident Management program. CC ID 12173 | Establish/Maintain Documentation | Preventive | |
Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain an anti-money laundering program. CC ID 13675 | Business Processes | Detective | |
Include detection procedures in the Incident Management program. CC ID 00588 | Establish/Maintain Documentation | Preventive | |
Categorize the incident following an incident response. CC ID 13208 | Technical Security | Preventive | |
Define and document impact thresholds to be used in categorizing incidents. CC ID 10033 | Establish/Maintain Documentation | Preventive | |
Determine the incident severity level when assessing the security incidents. CC ID 01650 | Monitor and Evaluate Occurrences | Corrective | |
Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453 | Monitor and Evaluate Occurrences | Detective | |
Require personnel to monitor for and report suspicious account activity. CC ID 16462 | Monitor and Evaluate Occurrences | Detective | |
Identify root causes of incidents that force system changes. CC ID 13482 | Investigate | Detective | |
Respond to and triage when an incident is detected. CC ID 06942 | Monitor and Evaluate Occurrences | Detective | |
Document the incident and any relevant evidence in the incident report. CC ID 08659 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Establish/Maintain Documentation | Detective | |
Escalate incidents, as necessary. CC ID 14861 | Monitor and Evaluate Occurrences | Corrective | |
Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197 | Process or Activity | Corrective | |
Respond to all alerts from security systems in a timely manner. CC ID 06434 [Monitor information system security alerts and advisories and take appropriate actions in response. 3.14.3] | Behavior | Corrective | |
Coordinate incident response activities with interested personnel and affected parties. CC ID 13196 | Process or Activity | Corrective | |
Contain the incident to prevent further loss. CC ID 01751 | Process or Activity | Corrective | |
Wipe data and memory after an incident has been detected. CC ID 16850 | Technical Security | Corrective | |
Refrain from accessing compromised systems. CC ID 01752 | Technical Security | Corrective | |
Isolate compromised systems from the network. CC ID 01753 | Technical Security | Corrective | |
Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754 | Log Management | Corrective | |
Change authenticators after a security incident has been detected. CC ID 06789 | Technical Security | Corrective | |
Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677 | Investigate | Detective | |
Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095 | Establish/Maintain Documentation | Preventive | |
Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674 | Establish/Maintain Documentation | Detective | |
Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678 | Establish/Maintain Documentation | Detective | |
Assess all incidents to determine what information was accessed. CC ID 01226 | Testing | Corrective | |
Check the precursors and indicators when assessing the security incidents. CC ID 01761 | Monitor and Evaluate Occurrences | Corrective | |
Analyze the incident response process following an incident response. CC ID 13179 | Investigate | Detective | |
Share incident information with interested personnel and affected parties. CC ID 01212 | Data and Information Management | Corrective | |
Share data loss event information with the media. CC ID 01759 | Behavior | Corrective | |
Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036 | Data and Information Management | Preventive | |
Share data loss event information with interconnected system owners. CC ID 01209 | Establish/Maintain Documentation | Corrective | |
Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539 | Communicate | Preventive | |
Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538 | Communicate | Preventive | |
Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547 | Establish/Maintain Documentation | Preventive | |
Report data loss event information to breach notification organizations. CC ID 01210 | Data and Information Management | Corrective | |
Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326 | Log Management | Detective | |
Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797 | Communicate | Preventive | |
Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782 | Communicate | Preventive | |
Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731 | Behavior | Corrective | |
Remediate security violations according to organizational standards. CC ID 12338 | Business Processes | Preventive | |
Include data loss event notifications in the Incident Response program. CC ID 00364 | Establish/Maintain Documentation | Preventive | |
Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954 | Establish/Maintain Documentation | Preventive | |
Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365 | Behavior | Corrective | |
Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801 | Behavior | Detective | |
Delay sending incident response notifications under predetermined conditions. CC ID 00804 | Behavior | Corrective | |
Include required information in the written request to delay the notification to affected parties. CC ID 16785 | Establish/Maintain Documentation | Preventive | |
Submit written requests to delay the notification of affected parties. CC ID 16783 | Communicate | Preventive | |
Revoke the written request to delay the notification. CC ID 16843 | Process or Activity | Preventive | |
Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985 | Establish/Maintain Documentation | Preventive | |
Avoid false positive incident response notifications. CC ID 04732 | Behavior | Detective | |
Establish, implement, and maintain incident response notifications. CC ID 12975 | Establish/Maintain Documentation | Corrective | |
Refrain from charging for providing incident response notifications. CC ID 13876 | Business Processes | Preventive | |
Include information required by law in incident response notifications. CC ID 00802 | Establish/Maintain Documentation | Detective | |
Title breach notifications "Notice of Data Breach". CC ID 12977 | Establish/Maintain Documentation | Preventive | |
Display titles of incident response notifications clearly and conspicuously. CC ID 12986 | Establish/Maintain Documentation | Preventive | |
Display headings in incident response notifications clearly and conspicuously. CC ID 12987 | Establish/Maintain Documentation | Preventive | |
Design the incident response notification to call attention to its nature and significance. CC ID 12984 | Establish/Maintain Documentation | Preventive | |
Use plain language to write incident response notifications. CC ID 12976 | Establish/Maintain Documentation | Preventive | |
Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983 | Establish/Maintain Documentation | Preventive | |
Refrain from including restricted information in the incident response notification. CC ID 16806 | Actionable Reports or Measurements | Preventive | |
Include the affected parties rights in the incident response notification. CC ID 16811 | Establish/Maintain Documentation | Preventive | |
Include details of the investigation in incident response notifications. CC ID 12296 | Establish/Maintain Documentation | Preventive | |
Include the issuer's name in incident response notifications. CC ID 12062 | Establish/Maintain Documentation | Preventive | |
Include a "What Happened" heading in breach notifications. CC ID 12978 | Establish/Maintain Documentation | Preventive | |
Include a general description of the data loss event in incident response notifications. CC ID 04734 | Establish/Maintain Documentation | Preventive | |
Include time information in incident response notifications. CC ID 04745 | Establish/Maintain Documentation | Preventive | |
Include the identification of the data source in incident response notifications. CC ID 12305 | Establish/Maintain Documentation | Preventive | |
Include a "What Information Was Involved" heading in the breach notification. CC ID 12979 | Establish/Maintain Documentation | Preventive | |
Include the type of information that was lost in incident response notifications. CC ID 04735 | Establish/Maintain Documentation | Preventive | |
Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776 | Establish/Maintain Documentation | Preventive | |
Include a "What We Are Doing" heading in the breach notification. CC ID 12982 | Establish/Maintain Documentation | Preventive | |
Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736 | Establish/Maintain Documentation | Preventive | |
Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737 | Establish/Maintain Documentation | Preventive | |
Include a "For More Information" heading in breach notifications. CC ID 12981 | Establish/Maintain Documentation | Preventive | |
Include details of the companies and persons involved in incident response notifications. CC ID 12295 | Establish/Maintain Documentation | Preventive | |
Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744 | Establish/Maintain Documentation | Preventive | |
Include the reporting individual's contact information in incident response notifications. CC ID 12297 | Establish/Maintain Documentation | Preventive | |
Include any consequences in the incident response notifications. CC ID 12604 | Establish/Maintain Documentation | Preventive | |
Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746 | Establish/Maintain Documentation | Preventive | |
Include a "What You Can Do" heading in the breach notification. CC ID 12980 | Establish/Maintain Documentation | Preventive | |
Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738 | Establish/Maintain Documentation | Detective | |
Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767 | Communicate | Corrective | |
Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766 | Business Processes | Corrective | |
Include contact information in incident response notifications. CC ID 04739 | Establish/Maintain Documentation | Preventive | |
Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085 | Communicate | Preventive | |
Send paper incident response notifications to affected parties, as necessary. CC ID 00366 | Behavior | Corrective | |
Post the incident response notification on the organization's website. CC ID 16809 | Process or Activity | Preventive | |
Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803 | Behavior | Corrective | |
Document the determination for providing a substitute incident response notification. CC ID 16841 | Process or Activity | Preventive | |
Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368 | Behavior | Corrective | |
Telephone incident response notifications to affected parties, as necessary. CC ID 04650 | Behavior | Corrective | |
Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747 | Behavior | Preventive | |
Include contact information in the substitute incident response notification. CC ID 16776 | Establish/Maintain Documentation | Preventive | |
Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748 | Establish/Maintain Documentation | Preventive | |
Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750 | Behavior | Preventive | |
Publish the incident response notification in a general circulation periodical. CC ID 04651 | Behavior | Corrective | |
Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769 | Behavior | Preventive | |
Send electronic incident response notifications to affected parties, as necessary. CC ID 00367 | Behavior | Corrective | |
Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347 | Communicate | Corrective | |
Establish, implement, and maintain a containment strategy. CC ID 13480 | Establish/Maintain Documentation | Preventive | |
Include the containment approach in the containment strategy. CC ID 13486 | Establish/Maintain Documentation | Preventive | |
Include response times in the containment strategy. CC ID 13485 | Establish/Maintain Documentation | Preventive | |
Include incident recovery procedures in the Incident Management program. CC ID 01758 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Establish/Maintain Documentation | Corrective | |
Change wireless access variables after a data loss event has been detected. CC ID 01756 | Technical Security | Corrective | |
Eradicate the cause of the incident after the incident has been contained. CC ID 01757 | Business Processes | Corrective | |
Establish, implement, and maintain a restoration log. CC ID 12745 | Establish/Maintain Documentation | Preventive | |
Include a description of the restored data that was restored manually in the restoration log. CC ID 15463 | Data and Information Management | Preventive | |
Include a description of the restored data in the restoration log. CC ID 15462 | Data and Information Management | Preventive | |
Implement security controls for personnel that have accessed information absent authorization. CC ID 10611 | Human Resources Management | Corrective | |
Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592 | Establish/Maintain Documentation | Preventive | |
Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265 | Monitor and Evaluate Occurrences | Detective | |
Re-image compromised systems with secure builds. CC ID 12086 | Technical Security | Corrective | |
Analyze security violations in Suspicious Activity Reports. CC ID 00591 | Establish/Maintain Documentation | Preventive | |
Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234 | Monitor and Evaluate Occurrences | Preventive | |
Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298 | Investigate | Preventive | |
Update the incident response procedures using the lessons learned. CC ID 01233 | Establish/Maintain Documentation | Preventive | |
Include incident monitoring procedures in the Incident Management program. CC ID 01207 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Establish/Maintain Documentation | Preventive | |
Test incident monitoring procedures. CC ID 13194 | Testing | Detective | |
Include incident response procedures in the Incident Management program. CC ID 01218 | Establish/Maintain Documentation | Preventive | |
Integrate configuration management procedures into the incident management program. CC ID 13647 | Technical Security | Preventive | |
Include incident management procedures in the Incident Management program. CC ID 12689 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858 | Establish/Maintain Documentation | Corrective | |
Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334 | Establish/Maintain Documentation | Preventive | |
Include after-action analysis procedures in the Incident Management program. CC ID 01219 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain security and breach investigation procedures. CC ID 16844 | Establish/Maintain Documentation | Preventive | |
Conduct incident investigations, as necessary. CC ID 13826 | Process or Activity | Detective | |
Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042 | Investigate | Detective | |
Identify the affected parties during incident investigations. CC ID 16781 | Investigate | Detective | |
Interview suspects during incident investigations, as necessary. CC ID 14041 | Investigate | Detective | |
Interview victims and witnesses during incident investigations, as necessary. CC ID 14038 | Investigate | Detective | |
Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain incident management audit logs. CC ID 13514 | Records Management | Preventive | |
Log incidents in the Incident Management audit log. CC ID 00857 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Establish/Maintain Documentation | Preventive | |
Include who the incident was reported to in the incident management audit log. CC ID 16487 | Log Management | Preventive | |
Include corrective actions in the incident management audit log. CC ID 16466 | Establish/Maintain Documentation | Preventive | |
Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 | Log Management | Corrective | |
Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 | Log Management | Preventive | |
Include emergency processing priorities in the Incident Management program. CC ID 00859 | Establish/Maintain Documentation | Preventive | |
Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387 | Establish/Maintain Documentation | Preventive | |
Include incident record closure procedures in the Incident Management program. CC ID 01620 | Establish/Maintain Documentation | Preventive | |
Include incident reporting procedures in the Incident Management program. CC ID 11772 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain incident reporting time frame standards. CC ID 12142 | Communicate | Preventive | |
Establish, implement, and maintain an Incident Response program. CC ID 00579 | Establish/Maintain Documentation | Preventive | |
Include incident response team structures in the Incident Response program. CC ID 01237 | Establish/Maintain Documentation | Preventive | |
Include the incident response team member's roles and responsibilities in the Incident Response program. CC ID 01652 | Establish Roles | Preventive | |
Include the incident response point of contact's roles and responsibilities in the Incident Response program. CC ID 01877 | Establish Roles | Preventive | |
Notify interested personnel and affected parties that a security breach was detected. CC ID 11788 [Provide privacy and security notices consistent with applicable CUI rules. 3.1.9] | Communicate | Corrective | |
Establish, implement, and maintain incident response procedures. CC ID 01206 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Establish/Maintain Documentation | Detective | |
Include references to industry best practices in the incident response procedures. CC ID 11956 | Establish/Maintain Documentation | Preventive | |
Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949 | Establish/Maintain Documentation | Preventive | |
Respond when an integrity violation is detected, as necessary. CC ID 10678 | Technical Security | Corrective | |
Shut down systems when an integrity violation is detected, as necessary. CC ID 10679 | Technical Security | Corrective | |
Restart systems when an integrity violation is detected, as necessary. CC ID 10680 | Technical Security | Corrective | |
Include business recovery procedures in the Incident Response program. CC ID 11774 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Establish/Maintain Documentation | Preventive | |
Test the incident response procedures. CC ID 01216 [Test the organizational incident response capability. 3.6.3] | Testing | Detective | |
Document the results of incident response tests and provide them to senior management. CC ID 14857 | Actionable Reports or Measurements | Preventive | |
Establish, implement, and maintain a change control program. CC ID 00886 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Establish/Maintain Documentation | Preventive | |
Include potential consequences of unintended changes in the change control program. CC ID 12243 | Establish/Maintain Documentation | Preventive | |
Include version control in the change control program. CC ID 13119 | Establish/Maintain Documentation | Preventive | |
Include service design and transition in the change control program. CC ID 13920 | Establish/Maintain Documentation | Preventive | |
Separate the production environment from development environment or test environment for the change control process. CC ID 11864 | Maintenance | Preventive | |
Integrate configuration management procedures into the change control program. CC ID 13646 | Technical Security | Preventive | |
Establish, implement, and maintain a back-out plan. CC ID 13623 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain back-out procedures for each proposed change in a change request. CC ID 00373 | Establish/Maintain Documentation | Preventive | |
Approve back-out plans, as necessary. CC ID 13627 | Establish/Maintain Documentation | Corrective | |
Manage change requests. CC ID 00887 | Business Processes | Preventive | |
Include documentation of the impact level of proposed changes in the change request. CC ID 11942 | Establish/Maintain Documentation | Preventive | |
Establish and maintain a change request approver list. CC ID 06795 | Establish/Maintain Documentation | Preventive | |
Document all change requests in change request forms. CC ID 06794 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Establish/Maintain Documentation | Preventive | |
Test proposed changes prior to their approval. CC ID 00548 | Testing | Detective | |
Examine all changes to ensure they correspond with the change request. CC ID 12345 | Business Processes | Detective | |
Approve tested change requests. CC ID 11783 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Data and Information Management | Preventive | |
Validate the system before implementing approved changes. CC ID 01510 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Systems Design, Build, and Implementation | Preventive | |
Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807 | Behavior | Preventive | |
Establish, implement, and maintain emergency change procedures. CC ID 00890 | Establish/Maintain Documentation | Preventive | |
Perform emergency changes, as necessary. CC ID 12707 | Process or Activity | Preventive | |
Back up emergency changes after the change has been performed. CC ID 12734 | Process or Activity | Preventive | |
Log emergency changes after they have been performed. CC ID 12733 | Establish/Maintain Documentation | Preventive | |
Perform risk assessments prior to approving change requests. CC ID 00888 [Analyze the security impact of changes prior to implementation. 3.4.4] | Testing | Preventive | |
Conduct network certifications prior to approving change requests for networks. CC ID 13121 | Process or Activity | Detective | |
Analyze mitigating controls for vulnerabilities in the network when certifying the network. CC ID 13126 | Investigate | Detective | |
Collect data about the network environment when certifying the network. CC ID 13125 | Investigate | Detective | |
Implement changes according to the change control program. CC ID 11776 | Business Processes | Preventive | |
Provide audit trails for all approved changes. CC ID 13120 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a patch management program. CC ID 00896 [Identify, report, and correct information and information system flaws in a timely manner. 3.14.1] | Process or Activity | Preventive | |
Document the sources of all software updates. CC ID 13316 | Establish/Maintain Documentation | Preventive | |
Implement patch management software, as necessary. CC ID 12094 | Technical Security | Preventive | |
Include updates and exceptions to hardened images as a part of the patch management program. CC ID 12087 | Technical Security | Preventive | |
Establish, implement, and maintain a patch management policy. CC ID 16432 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain patch management procedures. CC ID 15224 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a patch log. CC ID 01642 | Establish/Maintain Documentation | Preventive | |
Review the patch log for missing patches. CC ID 13186 | Technical Security | Detective | |
Perform a patch test prior to deploying a patch. CC ID 00898 | Testing | Detective | |
Prioritize deploying patches according to vulnerability risk metrics. CC ID 06796 | Business Processes | Preventive | |
Deploy software patches in accordance with organizational standards. CC ID 07032 | Configuration | Corrective | |
Test software patches for any potential compromise of the system's security. CC ID 13175 | Testing | Detective | |
Patch software. CC ID 11825 | Technical Security | Corrective | |
Patch the operating system, as necessary. CC ID 11824 | Technical Security | Corrective | |
Deploy software patches in the disaster recovery environment to mirror those in the production environment. CC ID 13174 | Configuration | Corrective | |
Remove outdated software after software has been updated. CC ID 11792 | Configuration | Corrective | |
Update computer firmware, as necessary. CC ID 11755 | Configuration | Corrective | |
Review changes to computer firmware. CC ID 12226 | Testing | Detective | |
Certify changes to computer firmware are free of malicious logic. CC ID 12227 | Testing | Detective | |
Remove outdated computer firmware after the computer firmware has been updated. CC ID 10671 | Configuration | Corrective | |
Implement cryptographic mechanisms to authenticate software and computer firmware before installation. CC ID 10682 | Technical Security | Detective | |
Establish, implement, and maintain a software release policy. CC ID 00893 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain traceability documentation. CC ID 16388 | Systems Design, Build, and Implementation | Preventive | |
Disseminate and communicate software update information to users and regulators. CC ID 06602 | Behavior | Preventive | |
Allow interested personnel and affected parties to opt out of specific version releases and software updates. CC ID 06809 | Data and Information Management | Preventive | |
Mitigate the adverse effects of unauthorized changes. CC ID 12244 | Business Processes | Corrective | |
Establish, implement, and maintain approved change acceptance testing procedures. CC ID 06391 | Establish/Maintain Documentation | Detective | |
Test the system's operational functionality after implementing approved changes. CC ID 06294 | Testing | Detective | |
Perform and pass acceptance testing before moving a system back into operation after an approved change has occurred. CC ID 04541 | Testing | Detective | |
Establish, implement, and maintain a change acceptance testing log. CC ID 06392 | Establish/Maintain Documentation | Corrective | |
Update associated documentation after the system configuration has been changed. CC ID 00891 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a configuration change log. CC ID 08710 | Configuration | Detective | |
Document approved configuration deviations. CC ID 08711 | Establish/Maintain Documentation | Corrective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Physical and environmental protection CC ID 00709 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain a physical security program. CC ID 11757 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a facility physical security program. CC ID 00711 [Protect and monitor the physical facility and support infrastructure for those information systems. 3.10.2] | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain opening procedures for businesses. CC ID 16671 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain closing procedures for businesses. CC ID 16670 | Establish/Maintain Documentation | Preventive | |
Establish and maintain a contract for accessing facilities that transmit, process, or store restricted data. CC ID 12050 | Establish/Maintain Documentation | Preventive | |
Refrain from providing access to facilities that transmit, process, or store restricted data until the contract for accessing the facility is signed. CC ID 12311 | Behavior | Preventive | |
Protect the facility from crime. CC ID 06347 | Physical and Environmental Protection | Preventive | |
Define communication methods for reporting crimes. CC ID 06349 | Establish/Maintain Documentation | Preventive | |
Include identification cards or badges in the physical security program. CC ID 14818 | Establish/Maintain Documentation | Preventive | |
Protect facilities from eavesdropping. CC ID 02222 | Physical and Environmental Protection | Preventive | |
Inspect telephones for eavesdropping devices. CC ID 02223 | Physical and Environmental Protection | Detective | |
Implement audio protection controls on telephone systems in controlled areas. CC ID 16455 | Technical Security | Preventive | |
Establish, implement, and maintain security procedures for virtual meetings. CC ID 15581 | Establish/Maintain Documentation | Preventive | |
Hold conferences requiring sensitive information discussions in spaces that have commensurate security. CC ID 11440 | Physical and Environmental Protection | Preventive | |
Provide one-time meeting support for discussions involving Top Secret information. CC ID 11441 | Physical and Environmental Protection | Preventive | |
Create security zones in facilities, as necessary. CC ID 16295 | Physical and Environmental Protection | Preventive | |
Establish clear zones around any sensitive facilities. CC ID 02214 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain floor plans. CC ID 16419 | Establish/Maintain Documentation | Preventive | |
Include network infrastructure and cabling infrastructure on the floor plan. CC ID 16420 | Establish/Maintain Documentation | Preventive | |
Post floor plans of critical facilities in secure locations. CC ID 16138 | Communicate | Preventive | |
Post and maintain security signage for all facilities. CC ID 02201 | Establish/Maintain Documentation | Preventive | |
Inspect items brought into the facility. CC ID 06341 | Physical and Environmental Protection | Preventive | |
Maintain all physical security systems. CC ID 02206 | Physical and Environmental Protection | Preventive | |
Detect anomalies in physical barriers. CC ID 13533 | Investigate | Detective | |
Maintain all security alarm systems. CC ID 11669 | Physical and Environmental Protection | Preventive | |
Identify and document physical access controls for all physical entry points. CC ID 01637 | Establish/Maintain Documentation | Preventive | |
Control physical access to (and within) the facility. CC ID 01329 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain physical access procedures. CC ID 13629 | Establish/Maintain Documentation | Preventive | |
Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 | Physical and Environmental Protection | Preventive | |
Secure physical entry points with physical access controls or security guards. CC ID 01640 | Physical and Environmental Protection | Detective | |
Configure the access control system to grant access only during authorized working hours. CC ID 12325 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain a visitor access permission policy. CC ID 06699 | Establish/Maintain Documentation | Preventive | |
Escort visitors within the facility, as necessary. CC ID 06417 [Escort visitors and monitor visitor activity. 3.10.3] | Establish/Maintain Documentation | Preventive | |
Check the visitor's stated identity against a provided government issued identification. CC ID 06701 | Physical and Environmental Protection | Preventive | |
Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 | Testing | Preventive | |
Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 | Behavior | Preventive | |
Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 | Establish/Maintain Documentation | Preventive | |
Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 | Establish/Maintain Documentation | Preventive | |
Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 | Physical and Environmental Protection | Corrective | |
Authorize physical access to sensitive areas based on job functions. CC ID 12462 | Establish/Maintain Documentation | Preventive | |
Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 [Supervise the maintenance activities of maintenance personnel without required access authorization. 3.7.6] | Monitor and Evaluate Occurrences | Preventive | |
Establish, implement, and maintain physical identification procedures. CC ID 00713 | Establish/Maintain Documentation | Preventive | |
Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 | Human Resources Management | Preventive | |
Implement physical identification processes. CC ID 13715 | Process or Activity | Preventive | |
Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 | Process or Activity | Preventive | |
Issue photo identification badges to all employees. CC ID 12326 | Physical and Environmental Protection | Preventive | |
Implement operational requirements for card readers. CC ID 02225 | Testing | Preventive | |
Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 | Establish/Maintain Documentation | Preventive | |
Document all lost badges in a lost badge list. CC ID 12448 | Establish/Maintain Documentation | Corrective | |
Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 | Physical and Environmental Protection | Preventive | |
Manage constituent identification inside the facility. CC ID 02215 | Behavior | Preventive | |
Direct each employee to be responsible for their identification card or badge. CC ID 12332 | Human Resources Management | Preventive | |
Manage visitor identification inside the facility. CC ID 11670 | Physical and Environmental Protection | Preventive | |
Issue visitor identification badges to all non-employees. CC ID 00543 | Behavior | Preventive | |
Secure unissued visitor identification badges. CC ID 06712 | Physical and Environmental Protection | Preventive | |
Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 | Behavior | Preventive | |
Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 | Establish/Maintain Documentation | Preventive | |
Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 | Process or Activity | Preventive | |
Include error handling controls in identification issuance procedures. CC ID 13709 | Establish/Maintain Documentation | Preventive | |
Include an appeal process in the identification issuance procedures. CC ID 15428 | Business Processes | Preventive | |
Include information security in the identification issuance procedures. CC ID 15425 | Establish/Maintain Documentation | Preventive | |
Include identity proofing processes in the identification issuance procedures. CC ID 06597 | Process or Activity | Preventive | |
Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 | Establish/Maintain Documentation | Preventive | |
Include an identity registration process in the identification issuance procedures. CC ID 11671 | Establish/Maintain Documentation | Preventive | |
Restrict access to the badge system to authorized personnel. CC ID 12043 | Physical and Environmental Protection | Preventive | |
Enforce dual control for badge assignments. CC ID 12328 | Physical and Environmental Protection | Preventive | |
Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 | Physical and Environmental Protection | Preventive | |
Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 | Establish/Maintain Documentation | Preventive | |
Assign employees the responsibility for controlling their identification badges. CC ID 12333 | Human Resources Management | Preventive | |
Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 | Establish/Maintain Documentation | Preventive | |
Prevent tailgating through physical entry points. CC ID 06685 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain a door security standard. CC ID 06686 | Establish/Maintain Documentation | Preventive | |
Install doors so that exposed hinges are on the secured side. CC ID 06687 | Configuration | Preventive | |
Install emergency doors to permit egress only. CC ID 06688 | Configuration | Preventive | |
Install contact alarms on doors, as necessary. CC ID 06710 | Configuration | Preventive | |
Use locks to protect against unauthorized physical access. CC ID 06342 | Physical and Environmental Protection | Preventive | |
Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650 | Configuration | Preventive | |
Test locks for physical security vulnerabilities. CC ID 04880 | Testing | Detective | |
Secure unissued access mechanisms. CC ID 06713 | Technical Security | Preventive | |
Establish, implement, and maintain a lock and access mechanism inventory (keys, lock combinations, or key cards) for all physical access control systems. CC ID 00748 [Control and manage physical access devices. 3.10.5] | Establish/Maintain Documentation | Preventive | |
Change cipher lock codes, as necessary. CC ID 06651 | Technical Security | Preventive | |
Record the assigned access mechanism serial number or cipher lock code when issuing controlled items. CC ID 06715 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a window security standard. CC ID 06689 | Establish/Maintain Documentation | Preventive | |
Install contact alarms on openable windows, as necessary. CC ID 06690 | Configuration | Preventive | |
Install glass break alarms on windows, as necessary. CC ID 06691 | Configuration | Preventive | |
Post signs at all physical entry points stating the organization's right to inspect upon entry. CC ID 02204 | Establish/Maintain Documentation | Preventive | |
Install and maintain security lighting at all physical entry points. CC ID 02205 | Physical and Environmental Protection | Preventive | |
Use vandal resistant light fixtures for all security lighting. CC ID 16130 | Physical and Environmental Protection | Preventive | |
Manage access to loading docks, unloading docks, and mail rooms. CC ID 02210 | Physical and Environmental Protection | Preventive | |
Secure the loading dock with physical access controls or security guards. CC ID 06703 | Physical and Environmental Protection | Preventive | |
Isolate loading areas from information processing facilities, if possible. CC ID 12028 | Physical and Environmental Protection | Preventive | |
Screen incoming mail and deliveries. CC ID 06719 | Physical and Environmental Protection | Preventive | |
Protect access to the facility's mechanical systems area. CC ID 02212 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain elevator security guidelines. CC ID 02232 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain stairwell security guidelines. CC ID 02233 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain glass opening security guidelines. CC ID 02234 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain after hours facility access procedures. CC ID 06340 | Establish/Maintain Documentation | Preventive | |
Establish a security room, if necessary. CC ID 00738 | Physical and Environmental Protection | Preventive | |
Implement physical security standards for mainframe rooms or data centers. CC ID 00749 | Physical and Environmental Protection | Preventive | |
Establish and maintain equipment security cages in a shared space environment. CC ID 06711 | Physical and Environmental Protection | Preventive | |
Secure systems in lockable equipment cabinets, as necessary. CC ID 06716 | Physical and Environmental Protection | Preventive | |
Lock all lockable equipment cabinets. CC ID 11673 | Physical and Environmental Protection | Detective | |
Establish, implement, and maintain vault physical security standards. CC ID 02203 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain a guideline for working in a secure area. CC ID 04538 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain emergency re-entry procedures. CC ID 11672 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain emergency exit procedures. CC ID 01252 | Establish/Maintain Documentation | Preventive | |
Establish, Implement, and maintain a camera operating policy. CC ID 15456 | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate the camera installation policy to interested personnel and affected parties. CC ID 15461 | Communicate | Preventive | |
Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 | Monitor and Evaluate Occurrences | Detective | |
Establish and maintain a visitor log. CC ID 00715 | Log Management | Preventive | |
Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700 | Establish/Maintain Documentation | Preventive | |
Report anomalies in the visitor log to appropriate personnel. CC ID 14755 | Investigate | Detective | |
Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649 | Behavior | Preventive | |
Record the visitor's name in the visitor log. CC ID 00557 | Log Management | Preventive | |
Record the visitor's organization in the visitor log. CC ID 12121 | Log Management | Preventive | |
Record the visitor's acceptable access areas in the visitor log. CC ID 12237 | Log Management | Preventive | |
Record the date and time of entry in the visitor log. CC ID 13255 | Establish/Maintain Documentation | Preventive | |
Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466 | Establish/Maintain Documentation | Preventive | |
Retain all records in the visitor log as prescribed by law. CC ID 00572 | Log Management | Preventive | |
Establish, implement, and maintain a physical access log. CC ID 12080 [Maintain audit logs of physical access. 3.10.4] | Establish/Maintain Documentation | Preventive | |
Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641 | Log Management | Preventive | |
Log when the vault is accessed. CC ID 06725 | Log Management | Detective | |
Log when the cabinet is accessed. CC ID 11674 | Log Management | Detective | |
Store facility access logs in off-site storage. CC ID 06958 | Log Management | Preventive | |
Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675 | Monitor and Evaluate Occurrences | Preventive | |
Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328 | Monitor and Evaluate Occurrences | Detective | |
Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609 | Monitor and Evaluate Occurrences | Detective | |
Configure video cameras to cover all physical entry points. CC ID 06302 | Configuration | Preventive | |
Configure video cameras to prevent physical tampering or disablement. CC ID 06303 | Configuration | Preventive | |
Retain video events according to Records Management procedures. CC ID 06304 | Records Management | Preventive | |
Monitor physical entry point alarms. CC ID 01639 | Physical and Environmental Protection | Detective | |
Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677 | Monitor and Evaluate Occurrences | Detective | |
Monitor for alarmed security doors being propped open. CC ID 06684 | Monitor and Evaluate Occurrences | Detective | |
Establish, implement, and maintain physical security threat reports. CC ID 02207 | Establish/Maintain Documentation | Preventive | |
Build and maintain fencing, as necessary. CC ID 02235 | Physical and Environmental Protection | Preventive | |
Implement security measures for all interior spaces that allow for any payment transactions. CC ID 06352 | Physical and Environmental Protection | Preventive | |
Physically segregate business areas in accordance with organizational standards. CC ID 16718 | Physical and Environmental Protection | Preventive | |
Employ security guards to provide physical security, as necessary. CC ID 06653 | Establish Roles | Preventive | |
Establish, implement, and maintain a facility wall standard. CC ID 06692 | Establish/Maintain Documentation | Preventive | |
Design interior walls with sound absorbing materials as well as thermal resistant materials. CC ID 06372 | Physical and Environmental Protection | Preventive | |
Design interior walls that provide security to extend from true floor to true ceiling. CC ID 06693 | Configuration | Preventive | |
Refrain from search and seizure inside organizational facilities absent a warrant. CC ID 09980 | Behavior | Preventive | |
Disallow either search or seizure of any person inside organizational facilities absent a warrant. CC ID 09981 | Behavior | Preventive | |
Disallow copying or excerpting from documents, books, or records that are on or in the premises of an organizational facility absent a warrant. CC ID 09982 | Business Processes | Preventive | |
Disallow inspecting computers or searching computer records inside organizational facilities absent a warrant. CC ID 09983 | Behavior | Preventive | |
Do nothing to help during a search and seizure inside organizational facilities absent a warrant and being legally compelled to assist. CC ID 09984 | Behavior | Preventive | |
Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718 | Physical and Environmental Protection | Preventive | |
Control the transiting and internal distribution or external distribution of assets. CC ID 00963 | Records Management | Preventive | |
Transport restricted media using a delivery method that can be tracked. CC ID 11777 [Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. 3.8.5] | Business Processes | Preventive | |
Track restricted storage media while it is in transit. CC ID 00967 | Data and Information Management | Detective | |
Restrict physical access to distributed assets. CC ID 11865 [Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. 3.10.1] | Physical and Environmental Protection | Preventive | |
House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 | Physical and Environmental Protection | Preventive | |
Protect electronic storage media with physical access controls. CC ID 00720 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain removable storage media controls. CC ID 06680 [Limit use of organizational portable storage devices on external information systems. 3.1.21 Control the use of removable media on information system components. 3.8.7] | Data and Information Management | Preventive | |
Control access to restricted storage media. CC ID 04889 [Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. 3.8.5] | Data and Information Management | Preventive | |
Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 | Physical and Environmental Protection | Preventive | |
Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961 | Records Management | Preventive | |
Treat archive media as evidence. CC ID 00960 | Records Management | Preventive | |
Log the transfer of removable storage media. CC ID 12322 | Log Management | Preventive | |
Establish, implement, and maintain storage media access control procedures. CC ID 00959 [Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital. 3.8.1 Limit access to CUI on information system media to authorized users. 3.8.2] | Establish/Maintain Documentation | Preventive | |
Require removable storage media be in the custody of an authorized individual. CC ID 12319 | Behavior | Preventive | |
Control the storage of restricted storage media. CC ID 00965 | Records Management | Preventive | |
Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717 | Physical and Environmental Protection | Preventive | |
Protect the combinations for all combination locks. CC ID 02199 | Physical and Environmental Protection | Preventive | |
Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200 | Establish/Maintain Documentation | Preventive | |
Establish and maintain eavesdropping protection for vaults. CC ID 02231 | Physical and Environmental Protection | Preventive | |
Serialize all removable storage media. CC ID 00949 | Configuration | Preventive | |
Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [Control connection of mobile devices. 3.1.18] | Establish/Maintain Documentation | Preventive | |
Require users to refrain from leaving mobile devices unattended. CC ID 16446 | Business Processes | Preventive | |
Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292 | Establish/Maintain Documentation | Preventive | |
Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242 | Data and Information Management | Preventive | |
Include legal requirements in the mobile device security guidelines. CC ID 12291 | Establish/Maintain Documentation | Preventive | |
Include the use of privacy filters in the mobile device security guidelines. CC ID 16452 | Physical and Environmental Protection | Preventive | |
Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290 | Establish/Maintain Documentation | Preventive | |
Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289 | Establish/Maintain Documentation | Preventive | |
Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288 | Establish/Maintain Documentation | Preventive | |
Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430 | Physical and Environmental Protection | Preventive | |
Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429 | Physical and Environmental Protection | Preventive | |
Encrypt information stored on mobile devices. CC ID 01422 [Encrypt CUI on mobile devices. 3.1.19] | Data and Information Management | Preventive | |
Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 [Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device. 3.13.12] | Technical Security | Preventive | |
Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 [Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device. 3.13.12] | Technical Security | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Records management CC ID 00902 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain records management policies. CC ID 00903 | Establish/Maintain Documentation | Preventive | |
Define each system's preservation requirements for records and logs. CC ID 00904 | Establish/Maintain Documentation | Detective | |
Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657 | Establish/Maintain Documentation | Preventive | |
Sanitize electronic storage media in accordance with organizational standards. CC ID 16464 [Ensure equipment removed for off-site maintenance is sanitized of any CUI. 3.7.3] | Data and Information Management | Preventive | |
Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [Sanitize or destroy information system media containing CUI before disposal or release for reuse. 3.8.3] | Data and Information Management | Preventive | |
Establish, implement, and maintain records management procedures. CC ID 11619 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain document security requirements for the output of records. CC ID 11656 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain document handling procedures for paper documents. CC ID 00926 [Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital. 3.8.1] | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain electronic storage media management procedures. CC ID 00931 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain security label procedures. CC ID 06747 [Mark media with necessary CUI markings and distribution limitations. 3.8.4] | Establish/Maintain Documentation | Preventive | |
Label restricted storage media appropriately. CC ID 00966 | Data and Information Management | Preventive | |
Label printed output for specific record categories as directed by the organization's information classification standard. CC ID 01420 | Records Management | Detective | |
Establish, implement, and maintain restricted material identification procedures. CC ID 01889 | Establish/Maintain Documentation | Preventive | |
Conspicuously locate the restricted record's overall classification. CC ID 01890 | Establish/Maintain Documentation | Preventive | |
Mark a restricted record's displayed pages or printed pages with the appropriate classification. CC ID 01891 | Establish/Maintain Documentation | Preventive | |
Mark a restricted record's components (appendices, annexes) with the appropriate classification. CC ID 01892 | Establish/Maintain Documentation | Preventive | |
Mark a restricted record's portions (paragraphs, sections) with the appropriate classification. CC ID 01893 | Establish/Maintain Documentation | Preventive | |
Mark a restricted record's subject line or title with the appropriate classification. CC ID 01894 | Establish/Maintain Documentation | Preventive | |
Mark all forms of electronic messages that contain restricted data or restricted information with the appropriate classification. CC ID 01896 | Data and Information Management | Preventive | |
Establish, implement, and maintain online storage controls. CC ID 00942 | Technical Security | Preventive | |
Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943 | Records Management | Preventive | |
Provide encryption for different types of electronic storage media. CC ID 00945 [Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. 3.8.6] | Technical Security | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
System hardening through configuration management CC ID 00860 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain a Configuration Management program. CC ID 00867 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [Establish and enforce security configuration settings for information technology products employed in organizational information systems. 3.4.2 Employ the principle of least functionality by configuring the information system to provide only essential capabilities. 3.4.6 Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. 3.4.1] | Establish/Maintain Documentation | Preventive | |
Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285 | Establish/Maintain Documentation | Preventive | |
Include the differences between test environments and production environments in the baseline configuration. CC ID 13284 | Establish/Maintain Documentation | Preventive | |
Include the applied security patches in the baseline configuration. CC ID 13271 | Establish/Maintain Documentation | Preventive | |
Include the installed application software and version numbers in the baseline configuration. CC ID 13270 | Establish/Maintain Documentation | Preventive | |
Include installed custom software in the baseline configuration. CC ID 13274 | Establish/Maintain Documentation | Preventive | |
Include network ports in the baseline configuration. CC ID 13273 | Establish/Maintain Documentation | Preventive | |
Include the operating systems and version numbers in the baseline configuration. CC ID 13269 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain system hardening procedures. CC ID 12001 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 [Terminate (automatically) a user session after a defined condition. 3.1.11 Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. 3.13.9] | Configuration | Preventive | |
Refrain from using assertion lifetimes to limit each session. CC ID 13871 | Technical Security | Preventive | |
Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 | Configuration | Preventive | |
Invalidate unexpected session identifiers. CC ID 15307 | Configuration | Preventive | |
Configure the "MaxStartups" settings to organizational standards. CC ID 15329 | Configuration | Preventive | |
Reject session identifiers that are not valid. CC ID 15306 | Configuration | Preventive | |
Configure the "MaxSessions" settings to organizational standards. CC ID 15330 | Configuration | Preventive | |
Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 | Configuration | Preventive | |
Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 | Configuration | Preventive | |
Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738 | Configuration | Preventive | |
Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 | Configuration | Preventive | |
Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 | Configuration | Preventive | |
Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 | Configuration | Preventive | |
Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 | Configuration | Preventive | |
Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 | Configuration | Preventive | |
Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 | Configuration | Preventive | |
Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 | Configuration | Preventive | |
Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 | Configuration | Preventive | |
Remove all unnecessary functionality. CC ID 00882 | Configuration | Preventive | |
Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827 | Configuration | Preventive | |
Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 [Prohibit the use of portable storage devices when such devices have no identifiable owner. 3.8.8] | Data and Information Management | Preventive | |
Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477 | Configuration | Preventive | |
Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880 [Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols, and services. 3.4.7] | Configuration | Preventive | |
Disable rquotad unless rquotad is absolutely necessary. CC ID 01473 | Configuration | Preventive | |
Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983 | Configuration | Preventive | |
Disable telnet unless telnet use is absolutely necessary. CC ID 01478 | Configuration | Preventive | |
Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479 | Configuration | Preventive | |
Configure anonymous FTP to restrict the use of restricted data. CC ID 16314 | Configuration | Preventive | |
Disable anonymous access to File Transfer Protocol. CC ID 06739 | Configuration | Preventive | |
Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485 | Configuration | Preventive | |
Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486 | Configuration | Preventive | |
Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500 | Configuration | Preventive | |
Disable alerter unless alerter use is absolutely necessary. CC ID 01810 | Configuration | Preventive | |
Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812 | Configuration | Preventive | |
Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813 | Configuration | Preventive | |
Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815 | Configuration | Preventive | |
Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817 | Configuration | Preventive | |
Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818 | Configuration | Preventive | |
Disable net logon unless net logon use is absolutely necessary. CC ID 01820 | Configuration | Preventive | |
Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822 | Configuration | Preventive | |
Disable the "Offer Remote Assistance" setting. CC ID 04325 | Configuration | Preventive | |
Disable the "Solicited Remote Assistance" setting. CC ID 04326 | Configuration | Preventive | |
Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823 | Configuration | Preventive | |
Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824 | Configuration | Preventive | |
Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829 | Configuration | Preventive | |
Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831 | Configuration | Preventive | |
Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832 | Configuration | Preventive | |
Disable File Service Protocol. CC ID 02167 | Configuration | Preventive | |
Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282 | Configuration | Preventive | |
Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285 | Configuration | Preventive | |
Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286 | Configuration | Preventive | |
Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287 | Configuration | Preventive | |
Disable remote installation unless remote installation is absolutely necessary. CC ID 04288 | Configuration | Preventive | |
Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289 | Configuration | Preventive | |
Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290 | Configuration | Preventive | |
Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291 | Configuration | Preventive | |
Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292 | Configuration | Preventive | |
Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293 | Configuration | Preventive | |
Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294 | Configuration | Preventive | |
Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315 | Configuration | Preventive | |
Configure the "ntpd service" setting to organizational standards. CC ID 04911 | Configuration | Preventive | |
Configure the "echo service" setting to organizational standards. CC ID 04912 | Configuration | Preventive | |
Configure the "echo-dgram service" setting to organizational standards. CC ID 09927 | Configuration | Preventive | |
Configure the "echo-stream service" setting to organizational standards. CC ID 09928 | Configuration | Preventive | |
Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327 | Configuration | Preventive | |
Configure the "tcpmux-server" setting to organizational standards. CC ID 09929 | Configuration | Preventive | |
Configure the "netstat service" setting to organizational standards. CC ID 04913 | Configuration | Preventive | |
Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914 | Configuration | Preventive | |
Configure the "tftpd service" setting to organizational standards. CC ID 04915 | Configuration | Preventive | |
Configure the "walld service" setting to organizational standards. CC ID 04916 | Configuration | Preventive | |
Configure the "rstatd service" setting to organizational standards. CC ID 04917 | Configuration | Preventive | |
Configure the "sprayd service" setting to organizational standards. CC ID 04918 | Configuration | Preventive | |
Configure the "rusersd service" setting to organizational standards. CC ID 04919 | Configuration | Preventive | |
Configure the "inn service" setting to organizational standards. CC ID 04920 | Configuration | Preventive | |
Configure the "font service" setting to organizational standards. CC ID 04921 | Configuration | Preventive | |
Configure the "ident service" setting to organizational standards. CC ID 04922 | Configuration | Preventive | |
Configure the "rexd service" setting to organizational standards. CC ID 04923 | Configuration | Preventive | |
Configure the "daytime service" setting to organizational standards. CC ID 04924 | Configuration | Preventive | |
Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925 | Configuration | Preventive | |
Configure the "cmsd service" setting to organizational standards. CC ID 04926 | Configuration | Preventive | |
Configure the "ToolTalk service" setting to organizational standards. CC ID 04927 | Configuration | Preventive | |
Configure the "discard service" setting to organizational standards. CC ID 04928 | Configuration | Preventive | |
Configure the "vino-server service" setting to organizational standards. CC ID 04929 | Configuration | Preventive | |
Configure the "bind service" setting to organizational standards. CC ID 04930 | Configuration | Preventive | |
Configure the "nfsd service" setting to organizational standards. CC ID 04931 | Configuration | Preventive | |
Configure the "mountd service" setting to organizational standards. CC ID 04932 | Configuration | Preventive | |
Configure the "statd service" setting to organizational standards. CC ID 04933 | Configuration | Preventive | |
Configure the "lockd service" setting to organizational standards. CC ID 04934 | Configuration | Preventive | |
Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980 | Configuration | Preventive | |
Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935 | Configuration | Preventive | |
Configure the sendmail vrfy command, as appropriate. CC ID 04936 | Configuration | Preventive | |
Configure the sendmail expn command, as appropriate. CC ID 04937 | Configuration | Preventive | |
Configure .netrc with an appropriate set of services. CC ID 04938 | Configuration | Preventive | |
Enable NFS insecure locks as necessary. CC ID 04939 | Configuration | Preventive | |
Configure the "X server ac" setting to organizational standards. CC ID 04940 | Configuration | Preventive | |
Configure the "X server core" setting to organizational standards. CC ID 04941 | Configuration | Preventive | |
Enable or disable the setroubleshoot service, as appropriate. CC ID 05540 | Configuration | Preventive | |
Configure the "X server nolock" setting to organizational standards. CC ID 04942 | Configuration | Preventive | |
Enable or disable the mcstrans service, as appropriate. CC ID 05541 | Configuration | Preventive | |
Configure the "PAM console" setting to organizational standards. CC ID 04943 | Configuration | Preventive | |
Enable or disable the restorecond service, as appropriate. CC ID 05542 | Configuration | Preventive | |
Enable the rhnsd service as necessary. CC ID 04944 | Configuration | Preventive | |
Enable the yum-updatesd service as necessary. CC ID 04945 | Configuration | Preventive | |
Enable the autofs service as necessary. CC ID 04946 | Configuration | Preventive | |
Enable the ip6tables service as necessary. CC ID 04947 | Configuration | Preventive | |
Configure syslog to organizational standards. CC ID 04949 | Configuration | Preventive | |
Enable the auditd service as necessary. CC ID 04950 | Configuration | Preventive | |
Enable the logwatch service as necessary. CC ID 04951 | Configuration | Preventive | |
Enable the logrotate (syslog rotator) service as necessary. CC ID 04952 | Configuration | Preventive | |
Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953 | Configuration | Preventive | |
Enable the ypbind service as necessary. CC ID 04954 | Configuration | Preventive | |
Enable the ypserv service as necessary. CC ID 04955 | Configuration | Preventive | |
Enable the firstboot service as necessary. CC ID 04956 | Configuration | Preventive | |
Enable the gpm service as necessary. CC ID 04957 | Configuration | Preventive | |
Enable the irqbalance service as necessary. CC ID 04958 | Configuration | Preventive | |
Enable the isdn service as necessary. CC ID 04959 | Configuration | Preventive | |
Enable the kdump service as necessary. CC ID 04960 | Configuration | Preventive | |
Enable the mdmonitor service as necessary. CC ID 04961 | Configuration | Preventive | |
Enable the microcode_ctl service as necessary. CC ID 04962 | Configuration | Preventive | |
Enable the pcscd service as necessary. CC ID 04963 | Configuration | Preventive | |
Enable the smartd service as necessary. CC ID 04964 | Configuration | Preventive | |
Enable the readahead_early service as necessary. CC ID 04965 | Configuration | Preventive | |
Enable the readahead_later service as necessary. CC ID 04966 | Configuration | Preventive | |
Enable the messagebus service as necessary. CC ID 04967 | Configuration | Preventive | |
Enable the haldaemon service as necessary. CC ID 04968 | Configuration | Preventive | |
Enable the apmd service as necessary. CC ID 04969 | Configuration | Preventive | |
Enable the acpid service as necessary. CC ID 04970 | Configuration | Preventive | |
Enable the cpuspeed service as necessary. CC ID 04971 | Configuration | Preventive | |
Enable the network service as necessary. CC ID 04972 | Configuration | Preventive | |
Enable the hidd service as necessary. CC ID 04973 | Configuration | Preventive | |
Enable the crond service as necessary. CC ID 04974 | Configuration | Preventive | |
Install and enable the anacron service as necessary. CC ID 04975 | Configuration | Preventive | |
Enable the xfs service as necessary. CC ID 04976 | Configuration | Preventive | |
Install and enable the Avahi daemon service, as necessary. CC ID 04977 | Configuration | Preventive | |
Enable the CUPS service, as necessary. CC ID 04978 | Configuration | Preventive | |
Enable the hplip service as necessary. CC ID 04979 | Configuration | Preventive | |
Enable the dhcpd service as necessary. CC ID 04980 | Configuration | Preventive | |
Enable the nfslock service as necessary. CC ID 04981 | Configuration | Preventive | |
Enable the rpcgssd service as necessary. CC ID 04982 | Configuration | Preventive | |
Enable the rpcidmapd service as necessary. CC ID 04983 | Configuration | Preventive | |
Enable the rpcsvcgssd service as necessary. CC ID 04985 | Configuration | Preventive | |
Configure root squashing for all NFS shares, as appropriate. CC ID 04986 | Configuration | Preventive | |
Configure write access to NFS shares, as appropriate. CC ID 04987 | Configuration | Preventive | |
Configure the named service, as appropriate. CC ID 04988 | Configuration | Preventive | |
Configure the vsftpd service, as appropriate. CC ID 04989 | Configuration | Preventive | |
Configure the “dovecot” service to organizational standards. CC ID 04990 | Configuration | Preventive | |
Configure Server Message Block (SMB) to organizational standards. CC ID 04991 | Configuration | Preventive | |
Enable the snmpd service as necessary. CC ID 04992 | Configuration | Preventive | |
Enable the calendar manager as necessary. CC ID 04993 | Configuration | Preventive | |
Enable the GNOME logon service as necessary. CC ID 04994 | Configuration | Preventive | |
Enable the WBEM services as necessary. CC ID 04995 | Configuration | Preventive | |
Enable the keyserv service as necessary. CC ID 04996 | Configuration | Preventive | |
Enable the Generic Security Service daemon as necessary. CC ID 04997 | Configuration | Preventive | |
Enable the volfs service as necessary. CC ID 04998 | Configuration | Preventive | |
Enable the smserver service as necessary. CC ID 04999 | Configuration | Preventive | |
Enable the mpxio-upgrade service as necessary. CC ID 05000 | Configuration | Preventive | |
Enable the metainit service as necessary. CC ID 05001 | Configuration | Preventive | |
Enable the meta service as necessary. CC ID 05003 | Configuration | Preventive | |
Enable the metaed service as necessary. CC ID 05004 | Configuration | Preventive | |
Enable the metamh service as necessary. CC ID 05005 | Configuration | Preventive | |
Enable the Local RPC Port Mapping Service as necessary. CC ID 05006 | Configuration | Preventive | |
Enable the Kerberos kadmind service as necessary. CC ID 05007 | Configuration | Preventive | |
Enable the Kerberos krb5kdc service as necessary. CC ID 05008 | Configuration | Preventive | |
Enable the Kerberos kpropd service as necessary. CC ID 05009 | Configuration | Preventive | |
Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010 | Configuration | Preventive | |
Enable the sadmin service as necessary. CC ID 05011 | Configuration | Preventive | |
Enable the IPP listener as necessary. CC ID 05012 | Configuration | Preventive | |
Enable the serial port listener as necessary. CC ID 05013 | Configuration | Preventive | |
Enable the Smart Card Helper service as necessary. CC ID 05014 | Configuration | Preventive | |
Enable the Application Management service as necessary. CC ID 05015 | Configuration | Preventive | |
Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016 | Configuration | Preventive | |
Enable the Network News Transport Protocol service as necessary. CC ID 05017 | Configuration | Preventive | |
Enable the network Dynamic Data Exchange service as necessary. CC ID 05018 | Configuration | Preventive | |
Enable the Distributed Link Tracking Server service as necessary. CC ID 05019 | Configuration | Preventive | |
Enable the RARP service as necessary. CC ID 05020 | Configuration | Preventive | |
Configure the ".NET Framework service" setting to organizational standards. CC ID 05021 | Configuration | Preventive | |
Enable the Network DDE Share Database Manager service as necessary. CC ID 05022 | Configuration | Preventive | |
Enable the Certificate Services service as necessary. CC ID 05023 | Configuration | Preventive | |
Configure the ATI hotkey poller service properly. CC ID 05024 | Configuration | Preventive | |
Configure the Interix Subsystem Startup service properly. CC ID 05025 | Configuration | Preventive | |
Configure the Cluster Service service properly. CC ID 05026 | Configuration | Preventive | |
Configure the IAS Jet Database Access service properly. CC ID 05027 | Configuration | Preventive | |
Configure the IAS service properly. CC ID 05028 | Configuration | Preventive | |
Configure the IP Version 6 Helper service properly. CC ID 05029 | Configuration | Preventive | |
Configure "Message Queuing service" to organizational standards. CC ID 05030 | Configuration | Preventive | |
Configure the Message Queuing Down Level Clients service properly. CC ID 05031 | Configuration | Preventive | |
Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033 | Configuration | Preventive | |
Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034 | Configuration | Preventive | |
Configure the Utility Manager service properly. CC ID 05035 | Configuration | Preventive | |
Configure the secondary logon service properly. CC ID 05036 | Configuration | Preventive | |
Configure the Windows Management Instrumentation service properly. CC ID 05037 | Configuration | Preventive | |
Configure the Workstation service properly. CC ID 05038 | Configuration | Preventive | |
Configure the Windows Installer service properly. CC ID 05039 | Configuration | Preventive | |
Configure the Windows System Resource Manager service properly. CC ID 05040 | Configuration | Preventive | |
Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041 | Configuration | Preventive | |
Configure the Services for Unix Client for NFS service properly. CC ID 05042 | Configuration | Preventive | |
Configure the Services for Unix Server for PCNFS service properly. CC ID 05043 | Configuration | Preventive | |
Configure the Services for Unix Perl Socket service properly. CC ID 05044 | Configuration | Preventive | |
Configure the Services for Unix User Name Mapping service properly. CC ID 05045 | Configuration | Preventive | |
Configure the Services for Unix Windows Cron service properly. CC ID 05046 | Configuration | Preventive | |
Configure the Windows Media Services service properly. CC ID 05047 | Configuration | Preventive | |
Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048 | Configuration | Preventive | |
Configure the Web Element Manager service properly. CC ID 05049 | Configuration | Preventive | |
Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050 | Configuration | Preventive | |
Configure the Terminal Services Licensing service properly. CC ID 05051 | Configuration | Preventive | |
Configure the COM+ Event System service properly. CC ID 05052 | Configuration | Preventive | |
Configure the Event Log service properly. CC ID 05053 | Configuration | Preventive | |
Configure the Infrared Monitor service properly. CC ID 05054 | Configuration | Preventive | |
Configure the Services for Unix Server for NFS service properly. CC ID 05055 | Configuration | Preventive | |
Configure the System Event Notification Service properly. CC ID 05056 | Configuration | Preventive | |
Configure the NTLM Security Support Provider service properly. CC ID 05057 | Configuration | Preventive | |
Configure the Performance Logs and Alerts service properly. CC ID 05058 | Configuration | Preventive | |
Configure the Protected Storage service properly. CC ID 05059 | Configuration | Preventive | |
Configure the QoS Admission Control (RSVP) service properly. CC ID 05060 | Configuration | Preventive | |
Configure the Remote Procedure Call service properly. CC ID 05061 | Configuration | Preventive | |
Configure the Removable Storage service properly. CC ID 05062 | Configuration | Preventive | |
Configure the Server service properly. CC ID 05063 | Configuration | Preventive | |
Configure the Security Accounts Manager service properly. CC ID 05064 | Configuration | Preventive | |
Configure the “Network Connections” service to organizational standards. CC ID 05065 | Configuration | Preventive | |
Configure the Logical Disk Manager service properly. CC ID 05066 | Configuration | Preventive | |
Configure the Logical Disk Manager Administrative Service properly. CC ID 05067 | Configuration | Preventive | |
Configure the File Replication service properly. CC ID 05068 | Configuration | Preventive | |
Configure the Kerberos Key Distribution Center service properly. CC ID 05069 | Configuration | Preventive | |
Configure the Intersite Messaging service properly. CC ID 05070 | Configuration | Preventive | |
Configure the Remote Procedure Call locator service properly. CC ID 05071 | Configuration | Preventive | |
Configure the Distributed File System service properly. CC ID 05072 | Configuration | Preventive | |
Configure the Windows Internet Name Service service properly. CC ID 05073 | Configuration | Preventive | |
Configure the FTP Publishing Service properly. CC ID 05074 | Configuration | Preventive | |
Configure the Windows Search service properly. CC ID 05075 | Configuration | Preventive | |
Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076 | Configuration | Preventive | |
Configure the Remote Shell service properly. CC ID 05077 | Configuration | Preventive | |
Configure Simple TCP/IP services to organizational standards. CC ID 05078 | Configuration | Preventive | |
Configure the Print Services for Unix service properly. CC ID 05079 | Configuration | Preventive | |
Configure the File Shares service to organizational standards. CC ID 05080 | Configuration | Preventive | |
Configure the NetMeeting service properly. CC ID 05081 | Configuration | Preventive | |
Configure the Application Layer Gateway service properly. CC ID 05082 | Configuration | Preventive | |
Configure the Cryptographic Services service properly. CC ID 05083 | Configuration | Preventive | |
Configure the Help and Support Service properly. CC ID 05084 | Configuration | Preventive | |
Configure the Human Interface Device Access service properly. CC ID 05085 | Configuration | Preventive | |
Configure the IMAPI CD-Burning COM service properly. CC ID 05086 | Configuration | Preventive | |
Configure the MS Software Shadow Copy Provider service properly. CC ID 05087 | Configuration | Preventive | |
Configure the Network Location Awareness service properly. CC ID 05088 | Configuration | Preventive | |
Configure the Portable Media Serial Number Service service properly. CC ID 05089 | Configuration | Preventive | |
Configure the System Restore Service service properly. CC ID 05090 | Configuration | Preventive | |
Configure the Themes service properly. CC ID 05091 | Configuration | Preventive | |
Configure the Uninterruptible Power Supply service properly. CC ID 05092 | Configuration | Preventive | |
Configure the Upload Manager service properly. CC ID 05093 | Configuration | Preventive | |
Configure the Volume Shadow Copy Service properly. CC ID 05094 | Configuration | Preventive | |
Configure the WebClient service properly. CC ID 05095 | Configuration | Preventive | |
Configure the Windows Audio service properly. CC ID 05096 | Configuration | Preventive | |
Configure the Windows Image Acquisition service properly. CC ID 05097 | Configuration | Preventive | |
Configure the WMI Performance Adapter service properly. CC ID 05098 | Configuration | Preventive | |
Enable file uploads via vsftpd service, as appropriate. CC ID 05100 | Configuration | Preventive | |
Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885 | Configuration | Preventive | |
Configure the "SNMP version 1" setting to organizational standards. CC ID 08976 | Configuration | Preventive | |
Configure the "xdmcp service" setting to organizational standards. CC ID 08985 | Configuration | Preventive | |
Establish, implement, and maintain authenticators. CC ID 15305 | Technical Security | Preventive | |
Establish, implement, and maintain an authenticator standard. CC ID 01702 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain an authenticator management system. CC ID 12031 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain authenticator procedures. CC ID 12002 | Establish/Maintain Documentation | Preventive | |
Configure authenticators to comply with organizational standards. CC ID 06412 | Configuration | Preventive | |
Configure the system to require new users to change their authenticator on first use. CC ID 05268 [Allow temporary password use for system logons with an immediate change to a permanent password. 3.5.9] | Configuration | Preventive | |
Configure the system to encrypt authenticators. CC ID 06735 [Store and transmit only encrypted representation of passwords. 3.5.10] | Configuration | Preventive | |
Configure the system to mask authenticators. CC ID 02037 [Obscure feedback of authentication information. 3.5.11] | Configuration | Preventive | |
Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881 | Configuration | Preventive | |
Configure the default locking Screen saver timeout to a predetermined time period. CC ID 01570 [Use session lock with pattern-hiding displays to prevent access/viewing of data after period of inactivity. 3.1.10] | Configuration | Preventive | |
Configure Wireless Access Points in accordance with organizational standards. CC ID 12477 | Configuration | Preventive | |
Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 [Protect wireless access using authentication and encryption. 3.1.17] | Configuration | Preventive | |
Configure mobile device settings in accordance with organizational standards. CC ID 04600 | Configuration | Preventive | |
Enable data-at-rest encryption on mobile devices. CC ID 04842 [Protect the confidentiality of CUI at rest. 3.13.16] | Configuration | Preventive | |
Configure Logging settings in accordance with organizational standards. CC ID 07611 [Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. 3.3.1] | Configuration | Preventive | |
Configure "CloudTrail" to organizational standards. CC ID 15443 | Configuration | Preventive | |
Configure "CloudTrail log file validation" to organizational standards. CC ID 15437 | Configuration | Preventive | |
Configure "VPC flow logging" to organizational standards. CC ID 15436 | Configuration | Preventive | |
Configure "object-level logging" to organizational standards. CC ID 15433 | Configuration | Preventive | |
Configure "Turn on PowerShell Transcription" to organizational standards. CC ID 15415 | Configuration | Preventive | |
Configure "Turn on PowerShell Script Block Logging" to organizational standards. CC ID 15413 | Configuration | Preventive | |
Configure "Audit PNP Activity" to organizational standards. CC ID 15393 | Configuration | Preventive | |
Configure "Include command line in process creation events" to organizational standards. CC ID 15358 | Configuration | Preventive | |
Configure "Audit Group Membership" to organizational standards. CC ID 15341 | Configuration | Preventive | |
Configure the "audit_backlog_limit" setting to organizational standards. CC ID 15324 | Configuration | Preventive | |
Configure the "/etc/docker/daemon.json" files and directories auditing to organizational standards. CC ID 14467 | Configuration | Detective | |
Configure the "systemd-journald" to organizational standards. CC ID 15326 | Configuration | Preventive | |
Configure the "/etc/docker" files and directories auditing to organizational standards. CC ID 14459 | Configuration | Detective | |
Configure the "docker.socket" files and directories auditing to organizational standards. CC ID 14458 | Configuration | Detective | |
Configure the "docker.service" files and directories auditing to organizational standards. CC ID 14454 | Configuration | Detective | |
Configure the "/var/lib/docker" files and directories auditing to organizational standards. CC ID 14453 | Configuration | Detective | |
Configure the "/usr/sbin/runc" files and directories auditing to organizational standards. CC ID 14452 | Configuration | Detective | |
Configure the "/usr/bin/containerd" files and directories auditing to organizational standards. CC ID 14451 | Configuration | Detective | |
Configure the "/etc/default/docker" files and directories auditing to organizational standards. CC ID 14450 | Configuration | Detective | |
Configure the "/etc/sysconfig/docker" files and directories auditing to organizational standards. CC ID 14449 | Configuration | Detective | |
Provide the reference database used to verify input data in the logging capability. CC ID 15018 | Log Management | Preventive | |
Configure the storage parameters for all logs. CC ID 06330 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: SAM" to organizational standards. CC ID 07612 | Configuration | Preventive | |
Configure sufficient log storage capacity and prevent the capacity from being exceeded. CC ID 01425 | Configuration | Preventive | |
Configure the log retention method. CC ID 01715 | Configuration | Preventive | |
Configure the log retention size. CC ID 01716 | Configuration | Preventive | |
Configure syslogd to send logs to a Remote LogHost. CC ID 01526 | Configuration | Preventive | |
Configure the security parameters for all logs. CC ID 01712 | Configuration | Preventive | |
Configure the "Audit Policy: Account Management: User Account Management" to organizational standards. CC ID 07613 | Configuration | Preventive | |
Configure the log so that it cannot be disabled. CC ID 00595 | Configuration | Preventive | |
Configure the event log size capacity limits for the application log, the security log, and the system log. CC ID 01713 | Configuration | Preventive | |
Configure the application log, the security log, and the system log to restrict guest access. CC ID 01714 | Configuration | Preventive | |
Configure the log to capture audit log initialization, along with auditable event selection. CC ID 00649 | Log Management | Detective | |
Configure the "mss: (warninglevel) percentage threshold for the security event log at which the system will generate a warning" setting. CC ID 04275 | Configuration | Preventive | |
Configure the "Audit Policy: System: System Integrity" to organizational standards. CC ID 07652 | Configuration | Preventive | |
Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 [Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions. 3.3.2] | Configuration | Preventive | |
Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890 | Log Management | Detective | |
Configure the log to capture the information referent when personal data is being accessed. CC ID 11968 | Log Management | Detective | |
Configure the log to capture the user's identification. CC ID 01334 | Configuration | Preventive | |
Configure the log to capture a date and time stamp. CC ID 01336 [Provide an information system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. 3.3.7] | Configuration | Preventive | |
Configure the log to capture each auditable event's origination. CC ID 01338 | Log Management | Detective | |
Configure the log to uniquely identify each asset. CC ID 01339 | Configuration | Preventive | |
Configure the log to capture remote access information. CC ID 05596 | Configuration | Detective | |
Configure the log to capture the type of each event. CC ID 06423 | Configuration | Preventive | |
Configure the log to capture each event's success or failure indication. CC ID 06424 | Configuration | Preventive | |
Configure all logs to capture auditable events or actionable events. CC ID 06332 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: File Share" to organizational standards. CC ID 07655 | Configuration | Preventive | |
Configure the log to capture the amount of data uploaded and downloaded. CC ID 16494 | Log Management | Preventive | |
Configure the log to capture startups and shutdowns. CC ID 16491 | Log Management | Preventive | |
Configure the log to capture user queries and searches. CC ID 16479 | Log Management | Preventive | |
Configure the log to capture Internet Protocol addresses. CC ID 16495 | Log Management | Preventive | |
Configure the log to capture error messages. CC ID 16477 | Log Management | Preventive | |
Configure the log to capture system failures. CC ID 16475 | Log Management | Preventive | |
Configure the log to capture account lockouts. CC ID 16470 | Configuration | Preventive | |
Configure the log to capture execution events. CC ID 16469 | Configuration | Preventive | |
Configure the log to capture AWS Organizations changes. CC ID 15445 | Configuration | Preventive | |
Configure the log to capture Identity and Access Management policy changes. CC ID 15442 | Configuration | Preventive | |
Configure the log to capture management console sign-in without multi-factor authentication. CC ID 15441 | Configuration | Preventive | |
Configure the log to capture route table changes. CC ID 15439 | Configuration | Preventive | |
Configure the log to capture virtual private cloud changes. CC ID 15435 | Configuration | Preventive | |
Configure the log to capture changes to encryption keys. CC ID 15432 | Configuration | Preventive | |
Configure the log to capture unauthorized API calls. CC ID 15429 | Configuration | Preventive | |
Configure the log to capture changes to network gateways. CC ID 15421 | Configuration | Preventive | |
Configure the log to capture all malicious code that has been discovered, quarantined, and/or eradicated. CC ID 00577 | Log Management | Detective | |
Configure the log to capture all spoofed addresses. CC ID 01313 | Configuration | Preventive | |
Configure the "logging level" to organizational standards. CC ID 14456 | Configuration | Detective | |
Capture successful operating system access and successful software access. CC ID 00527 | Log Management | Detective | |
Configure the log to capture hardware and software access attempts. CC ID 01220 | Log Management | Detective | |
Configure the log to capture all URL requests. CC ID 12138 | Technical Security | Detective | |
Configure inetd tracing. CC ID 01523 | Configuration | Preventive | |
Configure the system to capture messages sent to the syslog AUTH facility. CC ID 01525 | Configuration | Preventive | |
Configure the log to capture logons, logouts, logon attempts, and logout attempts. CC ID 01915 | Log Management | Detective | |
Configure Cron logging. CC ID 01528 | Configuration | Preventive | |
Configure the kernel level auditing setting. CC ID 01530 | Configuration | Preventive | |
Configure the "audit successful file system mounts" setting to organizational standards. CC ID 09923 | Configuration | Preventive | |
Configure system accounting/system events. CC ID 01529 | Configuration | Preventive | |
Configure the privilege use auditing setting. CC ID 01699 | Configuration | Preventive | |
Configure the log to record the Denial of Access that results from an excessive number of unsuccessful logon attempts. CC ID 01919 | Configuration | Preventive | |
Configure the Audit Process Tracking setting. CC ID 01700 | Configuration | Preventive | |
Configure the log to capture access to restricted data or restricted information. CC ID 00644 | Log Management | Detective | |
Configure the EEPROM security-mode accesses and EEPROM log-failed accesses. CC ID 01575 | Configuration | Preventive | |
Configure the log to capture user identifier, address, port blocking or blacklisting. CC ID 01918 | Configuration | Preventive | |
Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 [Prevent non-privileged users from executing privileged functions and audit the execution of such functions. 3.1.7] | Log Management | Detective | |
Configure the log to capture identification and authentication mechanism use. CC ID 00648 | Log Management | Detective | |
Configure the log to capture all access to the audit trail. CC ID 00646 | Log Management | Detective | |
Configure the log to capture Object access to key directories or key files. CC ID 01697 | Log Management | Detective | |
Configure the log to capture both access and access attempts to security-relevant objects and security-relevant directories. CC ID 01916 | Log Management | Detective | |
Configure the log to capture system level object creation and deletion. CC ID 00650 | Log Management | Detective | |
Enable directory service access events, as appropriate. CC ID 05616 | Configuration | Preventive | |
Configure the log to capture failed transactions. CC ID 06334 | Configuration | Preventive | |
Configure the log to capture successful transactions. CC ID 06335 | Configuration | Preventive | |
Audit non attributable events (na class). CC ID 05604 | Configuration | Preventive | |
Configure the log to capture configuration changes. CC ID 06881 | Configuration | Preventive | |
Log, monitor, and review all changes to time settings on critical systems. CC ID 11608 | Configuration | Preventive | |
Configure the log to capture changes to User privileges, audit policies, and trust policies by enabling audit policy changes. CC ID 01698 | Log Management | Detective | |
Configure the log to capture user account additions, modifications, and deletions. CC ID 16482 | Log Management | Preventive | |
Configure the log to capture all changes to certificates. CC ID 05595 | Configuration | Preventive | |
Configure the log to capture user authenticator changes. CC ID 01917 | Log Management | Detective | |
Configure the "inetd logging" setting to organizational standards. CC ID 08970 | Configuration | Preventive | |
Configure the "audit sudoers" setting to organizational standards. CC ID 09950 | Configuration | Preventive | |
Configure the event log settings for specific Operating System functions. CC ID 06337 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Registry" to organizational standards. CC ID 07658 | Configuration | Preventive | |
Configure the "Audit: Audit the use of Backup and Restore privilege" setting. CC ID 01724 | Configuration | Preventive | |
Configure the "Audit: Shut down the system immediately if unable to log security audits" setting. CC ID 01725 | Configuration | Preventive | |
Configure "Audit account management" to organizational standards. CC ID 02039 | Configuration | Preventive | |
Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later)" setting. CC ID 04387 | Configuration | Preventive | |
Configure console logging. CC ID 04454 | Configuration | Preventive | |
Configure boot error logging. CC ID 04455 | Configuration | Preventive | |
Disable the "Audit password" setting in NetWare. CC ID 04456 | Configuration | Preventive | |
Configure the "Disable Logging" setting. CC ID 05590 | Configuration | Preventive | |
Enable BIN mode auditing. CC ID 05591 | Configuration | Preventive | |
Enable or disable the BSM auditing setting, as appropriate. CC ID 05592 | Configuration | Preventive | |
Enable or disable NFS server logging, as appropriate. CC ID 05593 | Log Management | Detective | |
Log Pluggable Authentication Modules access at an appropriate level. CC ID 05599 | Log Management | Detective | |
Set the X server audit level appropriately. CC ID 05600 | Configuration | Preventive | |
Enable or disable the logging of "martian" packets (impossible addresses), as appropriate. CC ID 05601 | Log Management | Detective | |
Enable or disable dhcpd logging, as appropriate. CC ID 05602 | Log Management | Detective | |
Enable or disable attempted stack exploit logging, as appropriate. CC ID 05614 | Log Management | Detective | |
Enable or disable the debug logging option, as appropriate. CC ID 05617 | Log Management | Detective | |
Configure the "Turn on session logging" properly. CC ID 05618 | Configuration | Preventive | |
Configure Sendmail with the appropriate logging levels. CC ID 06028 | Configuration | Preventive | |
Enable or disable auditing in the runcontrol scripts, as appropriate. CC ID 06029 | Configuration | Preventive | |
Enable or disable auditing for user accounts, as appropriate. CC ID 06030 | Configuration | Preventive | |
Enable or disable auditing at boot time, as appropriate. CC ID 06031 | Configuration | Preventive | |
Enable or disable the logging of vsftpd transactions, as appropriate. CC ID 06032 | Log Management | Detective | |
Enable or disable the auditing of chgrp usage, as appropriate. CC ID 06033 | Configuration | Preventive | |
Enable or disable the auditing of mkgroup usage, as appropriate. CC ID 06034 | Configuration | Preventive | |
Enable or disable the auditing of rmgroup usage, as appropriate. CC ID 06035 | Configuration | Preventive | |
Enable or disable the auditing of the exit function, as appropriate. CC ID 06036 | Configuration | Preventive | |
Generate an alert when an audit log failure occurs. CC ID 06737 [{generate} Alert in the event of an audit process failure. 3.3.4] | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Logoff" to organizational standards. CC ID 07662 | Configuration | Preventive | |
Configure additional log settings. CC ID 06333 | Configuration | Preventive | |
Configure additional logging for the FTP daemon. CC ID 01524 | Configuration | Preventive | |
Configure the log to send alerts for each auditable events success or failure. CC ID 01337 | Log Management | Preventive | |
Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" to organizational standards. CC ID 07664 | Configuration | Preventive | |
Configure additional log file parameters appropriately. CC ID 06338 | Configuration | Preventive | |
Create the /var/adm/loginlog file. CC ID 01527 | Configuration | Preventive | |
Verify the audit config file contains only accounts that should be present. CC ID 05594 | Configuration | Preventive | |
Specify the PRI audit file properly. CC ID 05597 | Configuration | Preventive | |
Specify the SEC audit file properly. CC ID 05598 | Configuration | Preventive | |
Verify auditing is logged to an appropriate directory. CC ID 05603 | Log Management | Detective | |
Verify the user audit file contains the appropriate never-audit flags. CC ID 05605 | Configuration | Preventive | |
Enable or disable the /var/log/authlog log, as appropriate. CC ID 05606 | Log Management | Detective | |
Enable or disable the /var/log/syslog log, as appropriate. CC ID 05607 | Log Management | Detective | |
Enable or disable the /var/adm/messages log, as appropriate. CC ID 05608 | Log Management | Detective | |
Enable or disable the /var/adm/sulog log, as appropriate. CC ID 05609 | Log Management | Detective | |
Enable or disable the /var/adm/utmp(x) log, as appropriate. CC ID 05610 | Log Management | Detective | |
Enable or disable the /var/adm/wtmp(x) log, as appropriate. CC ID 05611 | Log Management | Detective | |
Enable or disable the /var/adm/sshlog log, as appropriate. CC ID 05612 | Log Management | Detective | |
Enable or disable the /var/log/pamlog log, as appropriate. CC ID 05613 | Log Management | Detective | |
Perform filesystem logging and filesystem journaling. CC ID 05615 | Log Management | Detective | |
Configure the "Audit Policy: Object Access: File System" to organizational standards. CC ID 07666 | Configuration | Preventive | |
Configure the "Background upload of a roaming user profile's registry file while user is logged on" setting to organizational standards. CC ID 10761 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Logon" to organizational standards. CC ID 07669 | Configuration | Preventive | |
Configure the "Backup log automatically when full" setting for the "setup log" to organizational standards. CC ID 10762 | Configuration | Preventive | |
Configure the "Audit Policy: Account Logon: Kerberos Authentication Service" to organizational standards. CC ID 07679 | Configuration | Preventive | |
Configure the "Applications preference logging and tracing" setting to organizational standards. CC ID 10774 | Configuration | Preventive | |
Configure the "Data Sources preference logging and tracing" setting to organizational standards. CC ID 10779 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: IPsec Extended Mode" to organizational standards. CC ID 07683 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Handle Manipulation" to organizational standards. CC ID 07684 | Configuration | Preventive | |
Configure the "Devices preference logging and tracing" setting to organizational standards. CC ID 10782 | Configuration | Preventive | |
Configure the "Drive Maps preference logging and tracing" setting to organizational standards. CC ID 10783 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Detailed File Share" to organizational standards. CC ID 07687 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Network Policy Server" to organizational standards. CC ID 07701 | Configuration | Preventive | |
Configure the "Environment preference logging and tracing" setting to organizational standards. CC ID 10784 | Configuration | Preventive | |
Configure the "Audit Policy: Detailed Tracking: Process Creation" to organizational standards. CC ID 07707 | Configuration | Preventive | |
Configure the "Files preference logging and tracing" setting to organizational standards. CC ID 10785 | Configuration | Preventive | |
Configure the "Folder Options preference logging and tracing" setting to organizational standards. CC ID 10786 | Configuration | Preventive | |
Configure the "Audit Policy: System: IPsec Driver" to organizational standards. CC ID 07708 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Account Lockout" to organizational standards. CC ID 07713 | Configuration | Preventive | |
Configure the "Folders preference logging and tracing" setting to organizational standards. CC ID 10787 | Configuration | Preventive | |
Configure the "Ini Files preference logging and tracing" setting to organizational standards. CC ID 10788 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Kernel Object" to organizational standards. CC ID 07720 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Other Object Access Events" to organizational standards. CC ID 07724 | Configuration | Preventive | |
Configure the "Internet Settings preference logging and tracing" setting to organizational standards. CC ID 10789 | Configuration | Preventive | |
Configure the "Local Users and Groups preference logging and tracing" setting to organizational standards. CC ID 10793 | Configuration | Preventive | |
Configure the "Audit Policy: DS Access: Directory Service Replication" to organizational standards. CC ID 07734 | Configuration | Preventive | |
Configure the "Regional Options preference logging and tracing" setting to organizational standards. CC ID 10802 | Configuration | Preventive | |
Configure the "Audit Policy: Policy Change: Audit Policy Change" to organizational standards. CC ID 07735 | Configuration | Preventive | |
Configure the "Audit Policy: DS Access: Directory Service Changes" to organizational standards. CC ID 07736 | Configuration | Preventive | |
Configure the "Registry preference logging and tracing" setting to organizational standards. CC ID 10803 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Certification Services" to organizational standards. CC ID 07742 | Configuration | Preventive | |
Configure the "Scheduled Tasks preference logging and tracing" setting to organizational standards. CC ID 10815 | Configuration | Preventive | |
Configure the "Services preference logging and tracing" setting to organizational standards. CC ID 10818 | Configuration | Preventive | |
Configure the "Maximum Log Size (KB)" to organizational standards. CC ID 07744 | Configuration | Preventive | |
Configure the "Audit Policy: Detailed Tracking: DPAPI Activity" to organizational standards. CC ID 07746 | Configuration | Preventive | |
Configure the "Shortcuts preference logging and tracing" setting to organizational standards. CC ID 10819 | Configuration | Preventive | |
Configure the "Start Menu preference logging and tracing" setting to organizational standards. CC ID 10821 | Configuration | Preventive | |
Configure the "Audit Policy: Account Management: Other Account Management Events" to organizational standards. CC ID 07751 | Configuration | Preventive | |
Configure the "Delete data from devices running Microsoft firmware when a user logs off from the computer." setting to organizational standards. CC ID 10846 | Configuration | Preventive | |
Configure the "Audit Policy: Account Management: Computer Account Management" to organizational standards. CC ID 07752 | Configuration | Preventive | |
Configure the "Audit Policy: Privilege Use: Non Sensitive Privilege Use" to organizational standards. CC ID 07756 | Configuration | Preventive | |
Configure the "Disable logging via package settings" setting to organizational standards. CC ID 10864 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Application Generated" to organizational standards. CC ID 07757 | Configuration | Preventive | |
Configure the "Do not forcefully unload the users registry at user logoff" setting to organizational standards. CC ID 10930 | Configuration | Preventive | |
Configure the "Audit Policy: DS Access: Detailed Directory Service Replication" to organizational standards. CC ID 07764 | Configuration | Preventive | |
Configure the "Do not log users on with temporary profiles" setting to organizational standards. CC ID 10931 | Configuration | Preventive | |
Configure the "Audit Policy: Privilege Use: Other Privilege Use Events" to organizational standards. CC ID 07776 | Configuration | Preventive | |
Configure the "Log Access" setting for the "application log" to organizational standards. CC ID 11026 | Configuration | Preventive | |
Configure the "Audit Policy: Account Logon: Kerberos Service Ticket Operations" to organizational standards. CC ID 07786 | Configuration | Preventive | |
Configure the "Log Access" setting for the "setup log" to organizational standards. CC ID 11027 | Configuration | Preventive | |
Configure the "Audit Policy: DS Access: Directory Service Access" to organizational standards. CC ID 07790 | Configuration | Preventive | |
Configure the "Log Access" setting for the "system log" to organizational standards. CC ID 11028 | Configuration | Preventive | |
Configure the "Log directory pruning retry events" setting to organizational standards. CC ID 11029 | Configuration | Preventive | |
Configure the "Retain old events" to organizational standards. CC ID 07791 | Configuration | Preventive | |
Configure the "Log event when quota limit exceeded" setting to organizational standards. CC ID 11030 | Configuration | Preventive | |
Configure the "Audit: Audit the use of Backup and Restore privilege" to organizational standards. CC ID 07792 | Configuration | Preventive | |
Configure the "Log File Path" setting for the "application log" to organizational standards. CC ID 11033 | Configuration | Preventive | |
Configure the "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change" to organizational standards. CC ID 07793 | Configuration | Preventive | |
Configure the "Log File Path" setting for the "setup log" to organizational standards. CC ID 11034 | Configuration | Preventive | |
Configure the "Audit Policy: Policy Change: Other Policy Change Events" to organizational standards. CC ID 07810 | Configuration | Preventive | |
Configure the "Log File Path" setting for the "system log" to organizational standards. CC ID 11035 | Configuration | Preventive | |
Configure the "Audit: Shut down system immediately if unable to log security audits" to organizational standards. CC ID 07812 | Configuration | Preventive | |
Configure the "Logging" setting to organizational standards. CC ID 11036 | Configuration | Preventive | |
Configure the "Audit Policy: System: Other System Events" to organizational standards. CC ID 07817 | Configuration | Preventive | |
Configure the "Audit Policy: Account Management: Application Group Management" to organizational standards. CC ID 07819 | Configuration | Preventive | |
Configure the "Remove "Disconnect" option from Shut Down dialog" setting to organizational standards. CC ID 11126 | Configuration | Preventive | |
Configure the "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to organizational standards. CC ID 07820 | Configuration | Preventive | |
Configure the "Remove browse dialog box for new source" setting to organizational standards. CC ID 11127 | Configuration | Preventive | |
Configure the "Audit Policy: Account Logon: Other Account Logon Events" to organizational standards. CC ID 07825 | Configuration | Preventive | |
Configure the "Restricts the UI language Windows uses for all logged users" setting to organizational standards. CC ID 11147 | Configuration | Preventive | |
Configure the "Set roaming profile path for all users logging onto this computer" setting to organizational standards. CC ID 11182 | Configuration | Preventive | |
Configure the "Audit Policy: Account Management: Distribution Group Management" to organizational standards. CC ID 07828 | Configuration | Preventive | |
Configure the "Set the Time interval in minutes for logging accounting data" setting to organizational standards. CC ID 11193 | Configuration | Preventive | |
Configure the "Audit: Audit the access of global system objects" to organizational standards. CC ID 07831 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Special Logon" to organizational standards. CC ID 07835 | Configuration | Preventive | |
Configure the "Turn off Resultant Set of Policy logging" setting to organizational standards. CC ID 11307 | Configuration | Preventive | |
Configure the "Audit Policy: Detailed Tracking: RPC Events" to organizational standards. CC ID 07840 | Configuration | Preventive | |
Configure the "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" setting to organizational standards. CC ID 11343 | Configuration | Preventive | |
Configure the "Audit Policy: Policy Change: Authentication Policy Change" to organizational standards. CC ID 07846 | Configuration | Preventive | |
Configure the "Turn on extensive logging for Password Synchronization" setting to organizational standards. CC ID 11344 | Configuration | Preventive | |
Configure the "Audit Policy: Detailed Tracking: Process Termination" to organizational standards. CC ID 07849 | Configuration | Preventive | |
Configure the "Turn on logging" setting to organizational standards. CC ID 11345 | Configuration | Preventive | |
Configure the "Turn on session logging" setting to organizational standards. CC ID 11350 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: IPsec Quick Mode" to organizational standards. CC ID 07852 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Filtering Platform Packet Drop" to organizational standards. CC ID 07856 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Filtering Platform Connection" to organizational standards. CC ID 07864 | Configuration | Preventive | |
Configure the "Audit Policy: Policy Change: Authorization Policy Change" to organizational standards. CC ID 07875 | Configuration | Preventive | |
Configure the "Audit Policy: Account Management: Security Group Management" to organizational standards. CC ID 07880 | Configuration | Preventive | |
Configure the "Audit Policy: Privilege Use: Sensitive Privilege Use" to organizational standards. CC ID 07887 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: IPsec Main Mode" to organizational standards. CC ID 07888 | Configuration | Preventive | |
Configure the "Audit Policy: Account Logon: Credential Validation" to organizational standards. CC ID 07892 | Configuration | Preventive | |
Configure the "Audit Policy: Policy Change: Filtering Platform Policy Change" to organizational standards. CC ID 07895 | Configuration | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Other Logon/Logoff Events" to organizational standards. CC ID 07899 | Configuration | Preventive | |
Configure the "Audit Policy: System: Security State Change" to organizational standards. CC ID 07903 | Configuration | Preventive | |
Configure the "Audit Policy: System: Security System Extension" to organizational standards. CC ID 07904 | Configuration | Preventive | |
Configure the "Audit account logon events" to organizational standards. CC ID 08188 | Configuration | Preventive | |
Configure the "Retention method for security log" to organizational standards. CC ID 08197 | Configuration | Preventive | |
Configure the "Retention method for system log" to organizational standards. CC ID 08211 | Configuration | Preventive | |
Configure the "Audit logon events" to organizational standards. CC ID 08221 | Configuration | Preventive | |
Configure the "Retention method for application log" to organizational standards. CC ID 08226 | Configuration | Preventive | |
Configure the "Retain security log" to organizational standards. CC ID 08241 | Configuration | Preventive | |
Configure the "Audit system events" to organizational standards. CC ID 08244 | Configuration | Preventive | |
Configure the "Retain application log" to organizational standards. CC ID 08246 | Configuration | Preventive | |
Configure the "Prevent local guests group from accessing application log" to organizational standards. CC ID 08248 | Configuration | Preventive | |
Configure the "Maximum security log size" to organizational standards. CC ID 08251 | Configuration | Preventive | |
Configure the "Retain system log" to organizational standards. CC ID 08258 | Configuration | Preventive | |
Configure the "Audit privilege use" to organizational standards. CC ID 08266 | Configuration | Preventive | |
Configure the "Audit policy change" to organizational standards. CC ID 08272 | Configuration | Preventive | |
Configure the "Audit object access" to organizational standards. CC ID 08278 | Configuration | Preventive | |
Configure the "Audit process tracking" to organizational standards. CC ID 08283 | Configuration | Preventive | |
Configure the "Maximum system log size" to organizational standards. CC ID 08286 | Configuration | Preventive | |
Configure the "Maximum application log size" to organizational standards. CC ID 08296 | Configuration | Preventive | |
Configure the "Prevent local guests group from accessing security log" to organizational standards. CC ID 08297 | Configuration | Preventive | |
Configure the "Audit directory service access" to organizational standards. CC ID 08304 | Configuration | Preventive | |
Configure the "Audit account management" to organizational standards. CC ID 08316 | Configuration | Preventive | |
Configure the "Prevent local guests group from accessing system log" to organizational standards. CC ID 08336 | Configuration | Preventive | |
Configure the "Specify the maximum log file size (KB)" to organizational standards. CC ID 08352 | Configuration | Preventive | |
Configure the "Message tracking logging - Mailbox" to organizational standards. CC ID 08360 | Configuration | Preventive | |
Configure the "Turn on Connectivity logging" to organizational standards. CC ID 08398 | Configuration | Preventive | |
Configure the "Windows Firewall: Domain: Logging: Size limit (KB)" to organizational standards. CC ID 08405 | Configuration | Preventive | |
Configure the "Control Event Log behavior when the log file reaches its maximum size" to organizational standards. CC ID 08444 | Configuration | Preventive | |
Configure the "Windows Firewall: Private: Logging: Log dropped packets" to organizational standards. CC ID 08445 | Configuration | Preventive | |
Configure the "Windows Firewall: Public: Logging: Log dropped packets" to organizational standards. CC ID 08454 | Configuration | Preventive | |
Configure the "Configure Protocol logging" to organizational standards. CC ID 08463 | Configuration | Preventive | |
Configure the "Message tracking logging - Transport" to organizational standards. CC ID 08477 | Configuration | Preventive | |
Configure the "Windows Firewall: Domain: Logging: Log dropped packets" to organizational standards. CC ID 08501 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Removable Storage" to organizational standards. CC ID 08504 | Configuration | Preventive | |
Configure the "Windows Firewall: Domain: Logging: Name" to organizational standards. CC ID 08543 | Configuration | Preventive | |
Configure the "Windows Firewall: Public: Logging: Log successful connections" to organizational standards. CC ID 08545 | Configuration | Preventive | |
Configure the "Audit Policy: Object Access: Central Access Policy Staging" to organizational standards. CC ID 08558 | Configuration | Preventive | |
Configure the "Windows Firewall: Public: Logging: Name" to organizational standards. CC ID 08565 | Configuration | Preventive | |
Configure the "Windows Firewall: Private: Logging: Size limit (KB)" to organizational standards. CC ID 08606 | Configuration | Preventive | |
Configure the "kernel arguments" setting for "auditing early in the boot process" to organizational standards. CC ID 08749 | Establish/Maintain Documentation | Preventive | |
Configure the "record date and time modification events" setting for "auditing" to organizational standards. CC ID 08750 | Establish/Maintain Documentation | Preventive | |
Configure the "record user/group information modification events" setting for "auditing" to organizational standards. CC ID 08751 | Establish/Maintain Documentation | Preventive | |
Configure the "record changes to the system network environment" setting for "auditing" to organizational standards. CC ID 08752 | Establish/Maintain Documentation | Preventive | |
Configure the "record changes to the system's mandatory access controls" setting for "auditing" to organizational standards. CC ID 08753 | Establish/Maintain Documentation | Preventive | |
Configure the "record logon and logout events" setting for "auditing" to organizational standards. CC ID 08754 | Establish/Maintain Documentation | Preventive | |
Configure the "record process and session initiation events" setting for "auditing" to organizational standards. CC ID 08755 | Establish/Maintain Documentation | Preventive | |
Configure the "record changes to discretionary access control permissions" setting for "auditing" to organizational standards. CC ID 08756 | Establish/Maintain Documentation | Preventive | |
Configure the "record unauthorized attempts to access files" setting for "auditing" to organizational standards. CC ID 08757 | Establish/Maintain Documentation | Preventive | |
Configure the "record use of privileged commands" setting for "auditing" to organizational standards. CC ID 08758 | Establish/Maintain Documentation | Preventive | |
Configure the "record data export to media events" setting for "auditing" to organizational standards. CC ID 08759 | Establish/Maintain Documentation | Preventive | |
Configure the "record file and program deletion events" setting for "auditing" to organizational standards. CC ID 08760 | Establish/Maintain Documentation | Preventive | |
Configure the "record administrator and security personnel action events" setting for "auditing" to organizational standards. CC ID 08761 | Establish/Maintain Documentation | Preventive | |
Configure the "record kernel module loading and unloading events" setting for "auditing" to organizational standards. CC ID 08762 | Establish/Maintain Documentation | Preventive | |
Configure the "Ensure auditd configuration is immutable" setting for "auditing" to organizational standards. CC ID 08763 | Establish/Maintain Documentation | Preventive | |
Configure the "audit file ownership changes" setting to organizational standards. CC ID 08966 | Audits and Risk Management | Preventive | |
Configure the "audit change user functions" setting to organizational standards. CC ID 08982 | Configuration | Preventive | |
Configure the "audit the use of chmod command" setting to organizational standards. CC ID 08983 | Configuration | Preventive | |
Configure the "audit the chown command" setting to organizational standards. CC ID 08984 | Configuration | Preventive | |
Configure the "Collect Session Initiation Information" setting to organizational standards. CC ID 09948 | Configuration | Preventive | |
Configure the "Collect Discretionary Access Control Permission Modification Events" setting to organizational standards. CC ID 09949 | Configuration | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Fault Tolerant Heap" to organizational standards. CC ID 10808 | Configuration | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Boot Performance Diagnostics" to organizational standards. CC ID 10809 | Configuration | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Memory Leak Diagnosis" to organizational standards. CC ID 10810 | Configuration | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Resource Exhaustion Detection and Resolution" to organizational standards. CC ID 10811 | Configuration | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Shutdown Performance Diagnostics" to organizational standards. CC ID 10812 | Configuration | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Standby/Resume Performance Diagnostics" to organizational standards. CC ID 10813 | Configuration | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows System Responsiveness Diagnostics" to organizational standards. CC ID 10814 | Configuration | Preventive | |
Configure the "Default quota limit and warning level" setting to organizational standards. CC ID 10840 | Configuration | Preventive | |
Configure the "Detect application failures caused by deprecated COM objects" setting to organizational standards. CC ID 10851 | Configuration | Preventive | |
Configure the "Detect application failures caused by deprecated Windows DLLs" setting to organizational standards. CC ID 10852 | Configuration | Preventive | |
Configure the "Detect application install failures" setting to organizational standards. CC ID 10853 | Configuration | Preventive | |
Configure the "Detect application installers that need to be run as administrator" setting to organizational standards. CC ID 10854 | Configuration | Preventive | |
Configure the "Detect applications unable to launch installers under UAC" setting to organizational standards. CC ID 10855 | Configuration | Preventive | |
Configure the "Diagnostics: Configure scenario execution level" setting to organizational standards. CC ID 10856 | Configuration | Preventive | |
Configure the "Disk Diagnostic: Configure execution level" setting to organizational standards. CC ID 10883 | Configuration | Preventive | |
Configure the "Log event when quota warning level exceeded" setting to organizational standards. CC ID 11031 | Configuration | Preventive | |
Configure the "Log File Debug Output Level" setting to organizational standards. CC ID 11032 | Configuration | Preventive | |
Configure the "Microsoft Support Diagnostic Tool: Configure execution level" setting to organizational standards. CC ID 11043 | Configuration | Preventive | |
Configure the "Primary DNS Suffix Devolution Level" setting to organizational standards. CC ID 11096 | Configuration | Preventive | |
Configure the "Require user authentication for remote connections by using Network Level Authentication" setting to organizational standards. CC ID 11138 | Configuration | Preventive | |
Configure the "Specify channel binding token hardening level" setting to organizational standards. CC ID 11209 | Configuration | Preventive | |
Configure the "Update Security Level" setting to organizational standards. CC ID 11357 | Configuration | Preventive | |
Configure the "Update Top Level Domain Zones" setting to organizational standards. CC ID 11358 | Configuration | Preventive | |
Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621 | Configuration | Preventive | |
Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 [Enforce a minimum password complexity and change of characters when new passwords are created. 3.5.7] | Configuration | Preventive | |
Configure the "Enforce password history" to organizational standards. CC ID 07877 [Prevent reuse of identifiers for a defined period. 3.5.5 Prohibit password reuse for a specified number of generations. 3.5.8] | Configuration | Preventive | |
Configure security and protection software according to Organizational Standards. CC ID 11917 | Configuration | Preventive | |
Configure security and protection software to check for up-to-date signature files. CC ID 00576 [Update malicious code protection mechanisms when new releases are available. 3.14.4] | Testing | Detective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Systems design, build, and implementation CC ID 00989 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain a System Development Life Cycle program. CC ID 11823 | Systems Design, Build, and Implementation | Preventive | |
Include information security throughout the system development life cycle. CC ID 12042 [Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational information systems. 3.13.2] | Systems Design, Build, and Implementation | Preventive | |
Protect confidential information during the system development life cycle program. CC ID 13479 | Data and Information Management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
---|---|---|---|
Technical security CC ID 00508 | IT Impact Zone | IT Impact Zone | |
Establish, implement, and maintain an access control program. CC ID 11702 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain an access rights management plan. CC ID 00513 | Establish/Maintain Documentation | Preventive | |
Identify information system users. CC ID 12081 [Identify information system users, processes acting on behalf of users, or devices. 3.5.1] | Technical Security | Detective | |
Review user accounts. CC ID 00525 | Technical Security | Detective | |
Match user accounts to authorized parties. CC ID 12126 | Configuration | Detective | |
Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 [Identify information system users, processes acting on behalf of users, or devices. 3.5.1] | Technical Security | Detective | |
Establish and maintain contact information for user accounts, as necessary. CC ID 15418 | Data and Information Management | Preventive | |
Review shared accounts. CC ID 11840 | Technical Security | Detective | |
Control access rights to organizational assets. CC ID 00004 [Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). 3.1.1] | Technical Security | Preventive | |
Configure access control lists in accordance with organizational standards. CC ID 16465 | Configuration | Preventive | |
Add all devices requiring access control to the Access Control List. CC ID 06264 | Establish/Maintain Documentation | Preventive | |
Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835 | Technical Security | Preventive | |
Disallow application IDs from running as privileged users. CC ID 10050 | Configuration | Detective | |
Define roles for information systems. CC ID 12454 | Human Resources Management | Preventive | |
Define access needs for each role assigned to an information system. CC ID 12455 | Human Resources Management | Preventive | |
Define access needs for each system component of an information system. CC ID 12456 | Technical Security | Preventive | |
Define the level of privilege required for each system component of an information system. CC ID 12457 | Technical Security | Preventive | |
Establish access rights based on least privilege. CC ID 01411 [Limit information system access to the types of transactions and functions that authorized users are permitted to execute. 3.1.2 Employ the principle of least privilege, including for specific security functions and privileged accounts. 3.1.5] | Technical Security | Preventive | |
Assign user permissions based on job responsibilities. CC ID 00538 | Technical Security | Preventive | |
Assign user privileges after they have management sign off. CC ID 00542 | Technical Security | Preventive | |
Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767 | Configuration | Preventive | |
Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 [Limit unsuccessful logon attempts. 3.1.8] | Technical Security | Preventive | |
Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822 | Configuration | Preventive | |
Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818 | Communicate | Corrective | |
Disallow unlocking user accounts absent system administrator approval. CC ID 01413 | Technical Security | Preventive | |
Establish, implement, and maintain session lock capabilities. CC ID 01417 [Use session lock with pattern-hiding displays to prevent access/viewing of data after period of inactivity. 3.1.10] | Configuration | Preventive | |
Limit concurrent sessions according to account type. CC ID 01416 | Configuration | Preventive | |
Establish session authenticity through Transport Layer Security. CC ID 01627 [Protect the authenticity of communications sessions. 3.13.15] | Technical Security | Preventive | |
Configure the "tlsverify" argument to organizational standards. CC ID 14460 | Configuration | Preventive | |
Configure the "tlscacert" argument to organizational standards. CC ID 14521 | Configuration | Preventive | |
Configure the "tlscert" argument to organizational standards. CC ID 14520 | Configuration | Preventive | |
Configure the "tlskey" argument to organizational standards. CC ID 14519 | Configuration | Preventive | |
Enable access control for objects and users on each system. CC ID 04553 | Configuration | Preventive | |
Include all system components in the access control system. CC ID 11939 | Technical Security | Preventive | |
Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301 | Process or Activity | Preventive | |
Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850 | Technical Security | Preventive | |
Enable attribute-based access control for objects and users on information systems. CC ID 16351 | Technical Security | Preventive | |
Enable role-based access control for objects and users on information systems. CC ID 12458 | Technical Security | Preventive | |
Include the objects and users subject to access control in the security policy. CC ID 11836 | Establish/Maintain Documentation | Preventive | |
Assign Information System access authorizations if implementing segregation of duties. CC ID 06323 | Establish Roles | Preventive | |
Enforce access restrictions for change control. CC ID 01428 [{physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the information system. 3.4.5] | Technical Security | Preventive | |
Enforce access restrictions for restricted data. CC ID 01921 | Data and Information Management | Preventive | |
Permit a limited set of user actions absent identification and authentication. CC ID 04849 | Technical Security | Preventive | |
Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455 | Testing | Detective | |
Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262 | Technical Security | Preventive | |
Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 | Establish/Maintain Documentation | Preventive | |
Accept and sign the system use agreement before data or system access is enabled. CC ID 06501 | Establish/Maintain Documentation | Preventive | |
Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 | Technical Security | Preventive | |
Display previous logon information in the logon banner. CC ID 01415 | Configuration | Preventive | |
Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771 | Establish/Maintain Documentation | Preventive | |
Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964 | Technical Security | Preventive | |
Establish, implement, and maintain User Access Management procedures. CC ID 00514 | Technical Security | Preventive | |
Remove inactive user accounts, as necessary. CC ID 00517 [Disable identifiers after a defined period of inactivity. 3.5.6] | Technical Security | Corrective | |
Establish, implement, and maintain access control procedures. CC ID 11663 | Establish/Maintain Documentation | Preventive | |
Grant access to authorized personnel or systems. CC ID 12186 | Configuration | Preventive | |
Document approving and granting access in the access control log. CC ID 06786 [{remote access} Authorize wireless access prior to allowing such connections. 3.1.16] | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442 | Communicate | Preventive | |
Include digital identification procedures in the access control program. CC ID 11841 | Technical Security | Preventive | |
Authenticate user identities before unlocking an account. CC ID 11837 [Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. 3.5.2] | Testing | Detective | |
Identify and control all network access controls. CC ID 00529 | Technical Security | Preventive | |
Manage all external network connections. CC ID 11842 | Technical Security | Preventive | |
Prohibit systems from connecting directly to external networks. CC ID 08709 [Prevent remote devices from simultaneously establishing non-remote connections with the information system and communicating via some other connection to resources in external networks. 3.13.7] | Configuration | Preventive | |
Establish, implement, and maintain a Boundary Defense program. CC ID 00544 [Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. 3.13.1] | Establish/Maintain Documentation | Preventive | |
Refrain from disclosing private Internet Protocol addresses and routing information, unless necessary. CC ID 11891 | Technical Security | Preventive | |
Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034 | Communicate | Preventive | |
Segregate systems in accordance with organizational standards. CC ID 12546 | Technical Security | Preventive | |
Implement gateways between security domains. CC ID 16493 | Systems Design, Build, and Implementation | Preventive | |
Implement resource-isolation mechanisms in organizational networks. CC ID 16438 | Technical Security | Preventive | |
Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533 | Technical Security | Preventive | |
Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310 | Technical Security | Preventive | |
Design Demilitarized Zones with proper isolation rules. CC ID 00532 | Technical Security | Preventive | |
Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285 | Data and Information Management | Preventive | |
Restrict inbound network traffic into the Demilitarized Zone to Internet Protocol addresses within the Demilitarized Zone. CC ID 11998 | Technical Security | Preventive | |
Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993 | Technical Security | Preventive | |
Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 [Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. 3.13.5] | Data and Information Management | Preventive | |
Establish, implement, and maintain a network access control standard. CC ID 00546 | Establish/Maintain Documentation | Preventive | |
Include assigned roles and responsibilities in the network access control standard. CC ID 06410 | Establish Roles | Preventive | |
Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373 | Technical Security | Preventive | |
Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821 | Technical Security | Preventive | |
Place firewalls between all security domains and between any Demilitarized Zone and internal network zones. CC ID 01274 | Configuration | Preventive | |
Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293 | Configuration | Preventive | |
Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784 | Configuration | Preventive | |
Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588 | Technical Security | Preventive | |
Include configuration management and rulesets in the network access control standard. CC ID 11845 | Establish/Maintain Documentation | Preventive | |
Secure the network access control standard against unauthorized changes. CC ID 11920 | Establish/Maintain Documentation | Preventive | |
Employ centralized management systems to configure and control networks, as necessary. CC ID 12540 | Technical Security | Preventive | |
Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541 | Configuration | Preventive | |
Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270 | Process or Activity | Detective | |
Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948 | Establish/Maintain Documentation | Preventive | |
Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903 | Technical Security | Corrective | |
Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960 | Establish/Maintain Documentation | Preventive | |
Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961 | Establish/Maintain Documentation | Preventive | |
Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435 | Establish/Maintain Documentation | Preventive | |
Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434 | Establish/Maintain Documentation | Preventive | |
Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426 | Establish/Maintain Documentation | Preventive | |
Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847 | Configuration | Preventive | |
Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 | Establish/Maintain Documentation | Preventive | |
Configure network ports to organizational standards. CC ID 14007 | Configuration | Preventive | |
Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547 | Establish/Maintain Documentation | Preventive | |
Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539 | Establish/Maintain Documentation | Preventive | |
Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280 | Establish/Maintain Documentation | Preventive | |
Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033 | Establish/Maintain Documentation | Preventive | |
Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 | Establish/Maintain Documentation | Preventive | |
Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550 | Configuration | Preventive | |
Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420 | Technical Security | Preventive | |
Configure network access and control points to protect restricted data or restricted information. CC ID 01284 | Configuration | Preventive | |
Protect data stored at external locations. CC ID 16333 | Data and Information Management | Preventive | |
Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174 | Configuration | Detective | |
Protect the firewall's network connection interfaces. CC ID 01955 | Technical Security | Preventive | |
Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 [Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). 3.13.6] | Configuration | Preventive | |
Allow local program exceptions on the firewall, as necessary. CC ID 01956 | Configuration | Preventive | |
Allow remote administration exceptions on the firewall, as necessary. CC ID 01957 | Configuration | Preventive | |
Allow file sharing exceptions on the firewall, as necessary. CC ID 01958 | Configuration | Preventive | |
Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849 | Configuration | Preventive | |
Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959 | Configuration | Preventive | |
Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960 | Configuration | Preventive | |
Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961 | Configuration | Preventive | |
Allow notification exceptions on the firewall, as necessary. CC ID 01962 | Configuration | Preventive | |
Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964 | Configuration | Preventive | |
Allow protocol port exceptions on the firewall, as necessary. CC ID 01965 | Configuration | Preventive | |
Allow local port exceptions on the firewall, as necessary. CC ID 01966 | Configuration | Preventive | |
Establish, implement, and maintain ingress address filters on the firewall, as necessary. CC ID 01287 | Configuration | Preventive | |
Configure firewalls to perform dynamic packet filtering. CC ID 01288 | Testing | Detective | |
Establish, implement, and maintain packet filtering requirements. CC ID 16362 | Technical Security | Preventive | |
Configure firewall filtering to only permit established connections into the network. CC ID 12482 | Technical Security | Preventive | |
Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295 | Data and Information Management | Preventive | |
Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271 | Data and Information Management | Preventive | |
Synchronize and secure all router configuration files. CC ID 01291 | Configuration | Preventive | |
Synchronize and secure all firewall configuration files. CC ID 11851 | Configuration | Preventive | |
Configure firewalls to generate an audit log. CC ID 12038 | Audits and Risk Management | Preventive | |
Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165 | Configuration | Preventive | |
Record the configuration rules for network access and control points in the configuration management system. CC ID 12105 | Establish/Maintain Documentation | Preventive | |
Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107 | Establish/Maintain Documentation | Preventive | |
Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106 | Establish/Maintain Documentation | Preventive | |
Configure network access and control points to organizational standards. CC ID 12442 | Configuration | Detective | |
Install and configure application layer firewalls for all key web-facing applications. CC ID 01450 | Configuration | Preventive | |
Update application layer firewalls to the most current version. CC ID 12037 | Process or Activity | Preventive | |
Enforce information flow control. CC ID 11781 | Monitor and Evaluate Occurrences | Preventive | |
Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [Control the flow of CUI in accordance with approved authorizations. 3.1.3] | Establish/Maintain Documentation | Preventive | |
Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923 | Data and Information Management | Preventive | |
Establish, implement, and maintain a document printing policy. CC ID 14384 | Establish/Maintain Documentation | Preventive | |
Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain information flow procedures. CC ID 04542 [Control information posted or processed on publicly accessible information systems. 3.1.22 Verify and control/limit connections to and use of external information systems. 3.1.20] | Establish/Maintain Documentation | Preventive | |
Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242 | Data and Information Management | Preventive | |
Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243 | Data and Information Management | Preventive | |
Establish, implement, and maintain information exchange procedures. CC ID 11782 | Establish/Maintain Documentation | Preventive | |
Perform content sanitization on data-in-transit. CC ID 16512 | Data and Information Management | Preventive | |
Perform content conversion on data-in-transit. CC ID 16510 | Data and Information Management | Preventive | |
Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499 | Data and Information Management | Preventive | |
Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554 | Data and Information Management | Preventive | |
Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859 | Data and Information Management | Preventive | |
Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312 | Log Management | Preventive | |
Review and approve information exchange system connections. CC ID 07143 | Technical Security | Preventive | |
Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104 | Technical Security | Preventive | |
Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107 | Technical Security | Preventive | |
Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097 | Establish/Maintain Documentation | Preventive | |
Revoke membership in the whitelist, as necessary. CC ID 13827 | Establish/Maintain Documentation | Corrective | |
Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183 | Configuration | Preventive | |
Block uncategorized sites using URL filtering. CC ID 12140 | Technical Security | Preventive | |
Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139 | Technical Security | Detective | |
Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234 | Data and Information Management | Preventive | |
Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 [Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny- all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. 3.4.8] | Establish/Maintain Documentation | Preventive | |
Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094 | Behavior | Preventive | |
Secure access to each system component operating system. CC ID 00551 | Configuration | Preventive | |
Enforce privileged accounts and non-privileged accounts for system access. CC ID 00558 [Use non-privileged accounts or roles when accessing nonsecurity functions. 3.1.6 Prevent non-privileged users from executing privileged functions and audit the execution of such functions. 3.1.7] | Technical Security | Preventive | |
Create a full text analysis on executed privileged functions. CC ID 06778 | Monitor and Evaluate Occurrences | Detective | |
Separate user functionality from system management functionality. CC ID 11858 [Separate user functionality from information system management functionality. 3.13.3] | Technical Security | Preventive | |
Control all methods of remote access and teleworking. CC ID 00559 [Enforce safeguarding measures for CUI at alternate work sites (e.g., telework sites). 3.10.6] | Technical Security | Preventive | |
Assign virtual escorting to authorized personnel. CC ID 16440 | Process or Activity | Preventive | |
Establish, implement, and maintain a remote access and teleworking program. CC ID 04545 | Establish/Maintain Documentation | Preventive | |
Include information security requirements in the remote access and teleworking program. CC ID 15704 | Establish/Maintain Documentation | Preventive | |
Refrain from allowing remote users to copy files to remote devices. CC ID 06792 | Technical Security | Preventive | |
Control remote administration in accordance with organizational standards. CC ID 04459 [Authorize remote execution of privileged commands and remote access to security-relevant information. 3.1.15] | Configuration | Preventive | |
Scan the system to verify modems are disabled or removed, except the modems that are explicitly approved. CC ID 00560 | Testing | Detective | |
Control remote access through a network access control. CC ID 01421 [Authorize remote execution of privileged commands and remote access to security-relevant information. 3.1.15 Route remote access via managed access control points. 3.1.14] | Technical Security | Preventive | |
Install and maintain remote control software and other remote control mechanisms on critical systems. CC ID 06371 | Configuration | Preventive | |
Prohibit remote access to systems processing cleartext restricted data or restricted information. CC ID 12324 | Technical Security | Preventive | |
Employ multifactor authentication for remote access to the organization's network. CC ID 12505 | Technical Security | Preventive | |
Implement multifactor authentication techniques. CC ID 00561 [Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. 3.5.3 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. 3.7.5] | Configuration | Preventive | |
Implement phishing-resistant multifactor authentication techniques. CC ID 16541 | Technical Security | Preventive | |
Document and approve requests to bypass multifactor authentication. CC ID 15464 | Establish/Maintain Documentation | Preventive | |
Limit the source addresses from which remote administration is performed. CC ID 16393 | Technical Security | Preventive | |
Protect remote access accounts with encryption. CC ID 00562 [Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. 3.1.13] | Configuration | Preventive | |
Monitor and evaluate all remote access usage. CC ID 00563 [Monitor and control remote access sessions. 3.1.12] | Monitor and Evaluate Occurrences | Detective | |
Manage the use of encryption controls and cryptographic controls. CC ID 00570 | Technical Security | Preventive | |
Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [Establish and manage cryptographic keys for cryptography employed in the information system. 3.13.10] | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164 | Communicate | Preventive | |
Bind keys to each identity. CC ID 12337 | Technical Security | Preventive | |
Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152 | Establish/Maintain Documentation | Preventive | |
Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151 | Establish/Maintain Documentation | Preventive | |
Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301 | Data and Information Management | Preventive | |
Generate strong cryptographic keys. CC ID 01299 | Data and Information Management | Preventive | |
Generate unique cryptographic keys for each user. CC ID 12169 | Technical Security | Preventive | |
Use approved random number generators for creating cryptographic keys. CC ID 06574 | Data and Information Management | Preventive | |
Implement decryption keys so that they are not linked to user accounts. CC ID 06851 | Technical Security | Preventive | |
Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540 | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate cryptographic keys securely. CC ID 01300 | Data and Information Management | Preventive | |
Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541 | Data and Information Management | Preventive | |
Store cryptographic keys securely. CC ID 01298 | Data and Information Management | Preventive | |
Restrict access to cryptographic keys. CC ID 01297 | Data and Information Management | Preventive | |
Store cryptographic keys in encrypted format. CC ID 06084 | Data and Information Management | Preventive | |
Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085 | Technical Security | Preventive | |
Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127 | Establish/Maintain Documentation | Preventive | |
Change cryptographic keys in accordance with organizational standards. CC ID 01302 | Data and Information Management | Preventive | |
Destroy cryptographic keys promptly after the retention period. CC ID 01303 | Data and Information Management | Preventive | |
Control cryptographic keys with split knowledge and dual control. CC ID 01304 | Data and Information Management | Preventive | |
Prevent the unauthorized substitution of cryptographic keys. CC ID 01305 | Data and Information Management | Preventive | |
Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852 | Technical Security | Preventive | |
Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307 | Data and Information Management | Corrective | |
Replace known or suspected compromised cryptographic keys immediately. CC ID 01306 | Data and Information Management | Corrective | |
Archive outdated cryptographic keys. CC ID 06884 | Data and Information Management | Preventive | |
Archive revoked cryptographic keys. CC ID 11819 | Data and Information Management | Preventive | |
Require key custodians to sign the cryptographic key management policy. CC ID 01308 | Establish/Maintain Documentation | Preventive | |
Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820 | Human Resources Management | Preventive | |
Test cryptographic key management applications, as necessary. CC ID 04829 | Testing | Detective | |
Manage the digital signature cryptographic key pair. CC ID 06576 | Data and Information Management | Preventive | |
Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079 | Establish/Maintain Documentation | Preventive | |
Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725 | Establish Roles | Preventive | |
Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080 | Establish/Maintain Documentation | Preventive | |
Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081 | Establish/Maintain Documentation | Preventive | |
Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082 | Establish/Maintain Documentation | Preventive | |
Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083 | Establish/Maintain Documentation | Preventive | |
Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816 | Establish/Maintain Documentation | Preventive | |
Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092 | Technical Security | Preventive | |
Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084 | Technical Security | Preventive | |
Establish, implement, and maintain Public Key certificate procedures. CC ID 07085 | Establish/Maintain Documentation | Preventive | |
Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817 | Establish/Maintain Documentation | Preventive | |
Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087 | Establish/Maintain Documentation | Preventive | |
Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086 | Establish/Maintain Documentation | Preventive | |
Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091 | Technical Security | Preventive | |
Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090 | Records Management | Preventive | |
Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. 3.13.8 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. 3.13.11] | Technical Security | Preventive | |
Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 | Configuration | Preventive | |
Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492 | Technical Security | Preventive | |
Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490 | Technical Security | Preventive | |
Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566 | Establish/Maintain Documentation | Preventive | |
Implement non-repudiation for transactions. CC ID 00567 | Testing | Detective | |
Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416 | Technical Security | Preventive | |
Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568 | Technical Security | Preventive | |
Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021 | Technical Security | Preventive | |
Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020 | Technical Security | Preventive | |
Protect application services information transmitted over a public network from contract disputes. CC ID 12019 | Technical Security | Preventive | |
Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018 | Technical Security | Preventive | |
Establish, implement, and maintain a malicious code protection program. CC ID 00574 [Provide protection from malicious code at appropriate locations within organizational information systems. 3.14.2] | Establish/Maintain Documentation | Preventive | |
Disseminate and communicate the malicious code protection policy to all interested personnel and affected parties. CC ID 15485 | Communicate | Preventive | |
Disseminate and communicate the malicious code protection procedures to all interested personnel and affected parties. CC ID 15484 | Communicate | Preventive | |
Establish, implement, and maintain malicious code protection procedures. CC ID 15483 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a malicious code protection policy. CC ID 15478 | Establish/Maintain Documentation | Preventive | |
Restrict downloading to reduce malicious code attacks. CC ID 04576 | Behavior | Preventive | |
Install security and protection software, as necessary. CC ID 00575 | Configuration | Preventive | |
Install and maintain container security solutions. CC ID 16178 | Technical Security | Preventive | |
Scan for malicious code, as necessary. CC ID 11941 [Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. 3.14.5] | Investigate | Detective | |
Test all removable storage media for viruses and malicious code. CC ID 11861 [Check media containing diagnostic and test programs for malicious code before the media are used in the information system. 3.7.4] | Testing | Detective | |
Test all untrusted files or unverified files for viruses and malicious code. CC ID 01311 | Testing | Detective | |
Remove malware when malicious code is discovered. CC ID 13691 | Process or Activity | Corrective | |
Notify interested personnel and affected parties when malware is detected. CC ID 13689 | Communicate | Corrective | |
Protect the system against replay attacks. CC ID 04552 [{privileged accounts} Employ replay-resistant authentication mechanisms for network access to privileged and non- privileged accounts. 3.5.4] | Technical Security | Preventive | |
Define and assign roles and responsibilities for malicious code protection. CC ID 15474 | Establish Roles | Preventive | |
Establish, implement, and maintain a malicious code outbreak recovery plan. CC ID 01310 | Establish/Maintain Documentation | Corrective | |
Log and react to all malicious code activity. CC ID 07072 | Monitor and Evaluate Occurrences | Detective | |
Analyze the behavior and characteristics of the malicious code. CC ID 10672 | Technical Security | Detective | |
Incorporate the malicious code analysis into the patch management program. CC ID 10673 | Technical Security | Corrective | |
Lock antivirus configurations. CC ID 10047 | Configuration | Preventive | |
Establish, implement, and maintain a virtual environment and shared resources security program. CC ID 06551 | Establish/Maintain Documentation | Preventive | |
Establish, implement, and maintain a shared resources management program. CC ID 07096 [Prevent unauthorized and unintended information transfer via shared system resources. 3.13.4] | Establish/Maintain Documentation | Preventive | |
Maintain ownership of all shared resources. CC ID 12180 | Business Processes | Preventive | |
Employ resource-isolation mechanisms in virtual environments. CC ID 12178 | Configuration | Preventive |
Each Common Control is assigned a meta-data type to help you determine the objective of the Control and associated Authority Document mandates aligned with it. These types include behavioral controls, process controls, records management, technical security, configuration management, etc. They are provided as another tool to dissect the Authority Document’s mandates and assign them effectively within your organization.
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Refrain from including restricted information in the incident response notification. CC ID 16806 | Operational management | Preventive | |
Document the results of incident response tests and provide them to senior management. CC ID 14857 | Operational management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Address operational anomalies within the incident management system. CC ID 11633 | Monitoring and measurement | Preventive | |
Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 | Monitoring and measurement | Preventive | |
Compile the event logs of multiple components into a system-wide time-correlated audit trail. CC ID 01424 [Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity. 3.3.5] | Monitoring and measurement | Preventive | |
Provide cross-organizational audit information based on the cross-organizational audit sharing agreement. CC ID 10596 | Monitoring and measurement | Preventive | |
Audit in scope audit items and compliance documents. CC ID 06730 | Audits and risk management | Preventive | |
Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157 | Audits and risk management | Detective | |
Review audit reports to determine the effectiveness of in scope controls. CC ID 12156 | Audits and risk management | Detective | |
Observe processes to determine the effectiveness of in scope controls. CC ID 12155 | Audits and risk management | Detective | |
Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154 | Audits and risk management | Detective | |
Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144 | Audits and risk management | Detective | |
Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556 | Audits and risk management | Detective | |
Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555 | Audits and risk management | Detective | |
Approve the results of the risk assessment as documented in the risk assessment report. CC ID 07109 | Audits and risk management | Preventive | |
Review risks to the organization's audit function when changes in the supply chain occur. CC ID 01154 | Audits and risk management | Preventive | |
Review the risk to the audit function when the audit personnel status changes. CC ID 01153 | Audits and risk management | Preventive | |
Conduct external audits of risk assessments, as necessary. CC ID 13308 | Audits and risk management | Detective | |
Configure firewalls to generate an audit log. CC ID 12038 | Technical security | Preventive | |
Configure the "audit file ownership changes" setting to organizational standards. CC ID 08966 | System hardening through configuration management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Establish, implement, and maintain a testing program. CC ID 00654 | Monitoring and measurement | Preventive | |
Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 | Monitoring and measurement | Corrective | |
Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094 | Technical security | Preventive | |
Restrict downloading to reduce malicious code attacks. CC ID 04576 | Technical security | Preventive | |
Refrain from providing access to facilities that transmit, process, or store restricted data until the contract for accessing the facility is signed. CC ID 12311 | Physical and environmental protection | Preventive | |
Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 | Physical and environmental protection | Preventive | |
Manage constituent identification inside the facility. CC ID 02215 | Physical and environmental protection | Preventive | |
Issue visitor identification badges to all non-employees. CC ID 00543 | Physical and environmental protection | Preventive | |
Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 | Physical and environmental protection | Preventive | |
Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649 | Physical and environmental protection | Preventive | |
Refrain from search and seizure inside organizational facilities absent a warrant. CC ID 09980 | Physical and environmental protection | Preventive | |
Disallow either search or seizure of any person inside organizational facilities absent a warrant. CC ID 09981 | Physical and environmental protection | Preventive | |
Disallow inspecting computers or searching computer records inside organizational facilities absent a warrant. CC ID 09983 | Physical and environmental protection | Preventive | |
Do nothing to help during a search and seizure inside organizational facilities absent a warrant and being legally compelled to assist. CC ID 09984 | Physical and environmental protection | Preventive | |
Require removable storage media be in the custody of an authorized individual. CC ID 12319 | Physical and environmental protection | Preventive | |
Notify all interested personnel and affected parties when personnel status changes or an individual is terminated. CC ID 06677 | Human Resources management | Preventive | |
Disseminate and communicate the personnel status change and termination procedures to all interested personnel and affected parties. CC ID 06676 | Human Resources management | Preventive | |
Train all personnel and third parties, as necessary. CC ID 00785 | Human Resources management | Preventive | |
Tailor training to be taught at each person's level of responsibility. CC ID 06674 [Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities. 3.2.2] | Human Resources management | Preventive | |
Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823 [Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. 3.2.1] | Human Resources management | Preventive | |
Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211 [Provide security awareness training on recognizing and reporting potential indicators of insider threat. 3.2.3] | Human Resources management | Preventive | |
Perform periodic maintenance according to organizational standards. CC ID 01435 [Perform maintenance on organizational information systems. 3.7.1] | Operational management | Preventive | |
Respond to all alerts from security systems in a timely manner. CC ID 06434 [Monitor information system security alerts and advisories and take appropriate actions in response. 3.14.3] | Operational management | Corrective | |
Share data loss event information with the media. CC ID 01759 | Operational management | Corrective | |
Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731 | Operational management | Corrective | |
Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365 | Operational management | Corrective | |
Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801 | Operational management | Detective | |
Delay sending incident response notifications under predetermined conditions. CC ID 00804 | Operational management | Corrective | |
Avoid false positive incident response notifications. CC ID 04732 | Operational management | Detective | |
Send paper incident response notifications to affected parties, as necessary. CC ID 00366 | Operational management | Corrective | |
Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803 | Operational management | Corrective | |
Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368 | Operational management | Corrective | |
Telephone incident response notifications to affected parties, as necessary. CC ID 04650 | Operational management | Corrective | |
Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747 | Operational management | Preventive | |
Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750 | Operational management | Preventive | |
Publish the incident response notification in a general circulation periodical. CC ID 04651 | Operational management | Corrective | |
Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769 | Operational management | Preventive | |
Send electronic incident response notifications to affected parties, as necessary. CC ID 00367 | Operational management | Corrective | |
Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807 | Operational management | Preventive | |
Disseminate and communicate software update information to users and regulators. CC ID 06602 | Operational management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 | Monitoring and measurement | Preventive | |
Align corrective actions with the level of environmental impact. CC ID 15193 | Monitoring and measurement | Preventive | |
Accept the attestation engagement when all preconditions are met. CC ID 13933 | Audits and risk management | Preventive | |
Maintain ownership of all shared resources. CC ID 12180 | Technical security | Preventive | |
Include an appeal process in the identification issuance procedures. CC ID 15428 | Physical and environmental protection | Preventive | |
Disallow copying or excerpting from documents, books, or records that are on or in the premises of an organizational facility absent a warrant. CC ID 09982 | Physical and environmental protection | Preventive | |
Transport restricted media using a delivery method that can be tracked. CC ID 11777 [Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. 3.8.5] | Physical and environmental protection | Preventive | |
Require users to refrain from leaving mobile devices unattended. CC ID 16446 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain an education methodology. CC ID 06671 | Human Resources management | Preventive | |
Establish, implement, and maintain an Asset Management program. CC ID 06630 | Operational management | Preventive | |
Establish, implement, and maintain an asset inventory. CC ID 06631 [Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. 3.4.1] | Operational management | Preventive | |
Obtain approval before removing maintenance tools from the facility. CC ID 14298 | Operational management | Preventive | |
Establish, implement, and maintain an Incident Management program. CC ID 00853 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Preventive | |
Establish, implement, and maintain an anti-money laundering program. CC ID 13675 | Operational management | Detective | |
Remediate security violations according to organizational standards. CC ID 12338 | Operational management | Preventive | |
Refrain from charging for providing incident response notifications. CC ID 13876 | Operational management | Preventive | |
Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766 | Operational management | Corrective | |
Eradicate the cause of the incident after the incident has been contained. CC ID 01757 | Operational management | Corrective | |
Manage change requests. CC ID 00887 | Operational management | Preventive | |
Examine all changes to ensure they correspond with the change request. CC ID 12345 | Operational management | Detective | |
Implement changes according to the change control program. CC ID 11776 | Operational management | Preventive | |
Prioritize deploying patches according to vulnerability risk metrics. CC ID 06796 | Operational management | Preventive | |
Mitigate the adverse effects of unauthorized changes. CC ID 12244 | Operational management | Corrective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Disseminate and communicate information to customers about clock synchronization methods used by the organization. CC ID 13044 | Monitoring and measurement | Preventive | |
Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418 | Monitoring and measurement | Preventive | |
Disseminate and communicate the approved risk assessment report to interested personnel and affected parties. CC ID 10633 | Audits and risk management | Preventive | |
Notify the organization upon completion of the external audits of the organization's risk assessment. CC ID 13313 | Audits and risk management | Preventive | |
Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818 | Technical security | Corrective | |
Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442 | Technical security | Preventive | |
Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034 | Technical security | Preventive | |
Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164 | Technical security | Preventive | |
Disseminate and communicate the malicious code protection policy to all interested personnel and affected parties. CC ID 15485 | Technical security | Preventive | |
Disseminate and communicate the malicious code protection procedures to all interested personnel and affected parties. CC ID 15484 | Technical security | Preventive | |
Notify interested personnel and affected parties when malware is detected. CC ID 13689 | Technical security | Corrective | |
Post floor plans of critical facilities in secure locations. CC ID 16138 | Physical and environmental protection | Preventive | |
Disseminate and communicate the camera installation policy to interested personnel and affected parties. CC ID 15461 | Physical and environmental protection | Preventive | |
Notify terminated individuals of applicable, legally binding post-employment requirements. CC ID 10630 | Human Resources management | Preventive | |
Disseminate and communicate the information security policy to interested personnel and affected parties. CC ID 11739 [Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. 3.2.1] | Operational management | Preventive | |
Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539 | Operational management | Preventive | |
Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538 | Operational management | Preventive | |
Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797 | Operational management | Preventive | |
Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782 | Operational management | Preventive | |
Submit written requests to delay the notification of affected parties. CC ID 16783 | Operational management | Preventive | |
Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767 | Operational management | Corrective | |
Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085 | Operational management | Preventive | |
Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347 | Operational management | Corrective | |
Establish, implement, and maintain incident reporting time frame standards. CC ID 12142 | Operational management | Preventive | |
Notify interested personnel and affected parties that a security breach was detected. CC ID 11788 [Provide privacy and security notices consistent with applicable CUI rules. 3.1.9] | Operational management | Corrective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Document the event information to be logged in the event information log specification. CC ID 00639 | Monitoring and measurement | Preventive | |
Enable the logging capability to capture enough information to ensure the system is functioning according to its intended purpose throughout its life cycle. CC ID 15001 | Monitoring and measurement | Preventive | |
Enable and configure logging on all network access controls. CC ID 01963 | Monitoring and measurement | Preventive | |
Synchronize system clocks to an accurate and universal time source on all devices. CC ID 01340 [Provide an information system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. 3.3.7] | Monitoring and measurement | Preventive | |
Centralize network time servers to as few as practical. CC ID 06308 | Monitoring and measurement | Preventive | |
Update the vulnerability scanners' vulnerability list. CC ID 10634 | Monitoring and measurement | Corrective | |
Enforce dual authorization as a part of information flow control for logs. CC ID 10098 | Monitoring and measurement | Preventive | |
Match user accounts to authorized parties. CC ID 12126 | Technical security | Detective | |
Configure access control lists in accordance with organizational standards. CC ID 16465 | Technical security | Preventive | |
Disallow application IDs from running as privileged users. CC ID 10050 | Technical security | Detective | |
Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767 | Technical security | Preventive | |
Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822 | Technical security | Preventive | |
Establish, implement, and maintain session lock capabilities. CC ID 01417 [Use session lock with pattern-hiding displays to prevent access/viewing of data after period of inactivity. 3.1.10] | Technical security | Preventive | |
Limit concurrent sessions according to account type. CC ID 01416 | Technical security | Preventive | |
Configure the "tlsverify" argument to organizational standards. CC ID 14460 | Technical security | Preventive | |
Configure the "tlscacert" argument to organizational standards. CC ID 14521 | Technical security | Preventive | |
Configure the "tlscert" argument to organizational standards. CC ID 14520 | Technical security | Preventive | |
Configure the "tlskey" argument to organizational standards. CC ID 14519 | Technical security | Preventive | |
Enable access control for objects and users on each system. CC ID 04553 | Technical security | Preventive | |
Display previous logon information in the logon banner. CC ID 01415 | Technical security | Preventive | |
Grant access to authorized personnel or systems. CC ID 12186 | Technical security | Preventive | |
Prohibit systems from connecting directly to external networks. CC ID 08709 [Prevent remote devices from simultaneously establishing non-remote connections with the information system and communicating via some other connection to resources in external networks. 3.13.7] | Technical security | Preventive | |
Place firewalls between all security domains and between any Demilitarized Zone and internal network zones. CC ID 01274 | Technical security | Preventive | |
Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293 | Technical security | Preventive | |
Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784 | Technical security | Preventive | |
Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541 | Technical security | Preventive | |
Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847 | Technical security | Preventive | |
Configure network ports to organizational standards. CC ID 14007 | Technical security | Preventive | |
Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550 | Technical security | Preventive | |
Configure network access and control points to protect restricted data or restricted information. CC ID 01284 | Technical security | Preventive | |
Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174 | Technical security | Detective | |
Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 [Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). 3.13.6] | Technical security | Preventive | |
Allow local program exceptions on the firewall, as necessary. CC ID 01956 | Technical security | Preventive | |
Allow remote administration exceptions on the firewall, as necessary. CC ID 01957 | Technical security | Preventive | |
Allow file sharing exceptions on the firewall, as necessary. CC ID 01958 | Technical security | Preventive | |
Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849 | Technical security | Preventive | |
Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959 | Technical security | Preventive | |
Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960 | Technical security | Preventive | |
Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961 | Technical security | Preventive | |
Allow notification exceptions on the firewall, as necessary. CC ID 01962 | Technical security | Preventive | |
Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964 | Technical security | Preventive | |
Allow protocol port exceptions on the firewall, as necessary. CC ID 01965 | Technical security | Preventive | |
Allow local port exceptions on the firewall, as necessary. CC ID 01966 | Technical security | Preventive | |
Establish, implement, and maintain ingress address filters on the firewall, as necessary. CC ID 01287 | Technical security | Preventive | |
Synchronize and secure all router configuration files. CC ID 01291 | Technical security | Preventive | |
Synchronize and secure all firewall configuration files. CC ID 11851 | Technical security | Preventive | |
Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165 | Technical security | Preventive | |
Configure network access and control points to organizational standards. CC ID 12442 | Technical security | Detective | |
Install and configure application layer firewalls for all key web-facing applications. CC ID 01450 | Technical security | Preventive | |
Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183 | Technical security | Preventive | |
Secure access to each system component operating system. CC ID 00551 | Technical security | Preventive | |
Control remote administration in accordance with organizational standards. CC ID 04459 [Authorize remote execution of privileged commands and remote access to security-relevant information. 3.1.15] | Technical security | Preventive | |
Install and maintain remote control software and other remote control mechanisms on critical systems. CC ID 06371 | Technical security | Preventive | |
Implement multifactor authentication techniques. CC ID 00561 [Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. 3.5.3 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. 3.7.5] | Technical security | Preventive | |
Protect remote access accounts with encryption. CC ID 00562 [Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. 3.1.13] | Technical security | Preventive | |
Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 | Technical security | Preventive | |
Install security and protection software, as necessary. CC ID 00575 | Technical security | Preventive | |
Lock antivirus configurations. CC ID 10047 | Technical security | Preventive | |
Employ resource-isolation mechanisms in virtual environments. CC ID 12178 | Technical security | Preventive | |
Install doors so that exposed hinges are on the secured side. CC ID 06687 | Physical and environmental protection | Preventive | |
Install emergency doors to permit egress only. CC ID 06688 | Physical and environmental protection | Preventive | |
Install contact alarms on doors, as necessary. CC ID 06710 | Physical and environmental protection | Preventive | |
Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650 | Physical and environmental protection | Preventive | |
Install contact alarms on openable windows, as necessary. CC ID 06690 | Physical and environmental protection | Preventive | |
Install glass break alarms on windows, as necessary. CC ID 06691 | Physical and environmental protection | Preventive | |
Configure video cameras to cover all physical entry points. CC ID 06302 | Physical and environmental protection | Preventive | |
Configure video cameras to prevent physical tampering or disablement. CC ID 06303 | Physical and environmental protection | Preventive | |
Design interior walls that provide security to extend from true floor to true ceiling. CC ID 06693 | Physical and environmental protection | Preventive | |
Serialize all removable storage media. CC ID 00949 | Physical and environmental protection | Preventive | |
Deploy software patches in accordance with organizational standards. CC ID 07032 | Operational management | Corrective | |
Deploy software patches in the disaster recovery environment to mirror those in the production environment. CC ID 13174 | Operational management | Corrective | |
Remove outdated software after software has been updated. CC ID 11792 | Operational management | Corrective | |
Update computer firmware, as necessary. CC ID 11755 | Operational management | Corrective | |
Remove outdated computer firmware after the computer firmware has been updated. CC ID 10671 | Operational management | Corrective | |
Establish, implement, and maintain a configuration change log. CC ID 08710 | Operational management | Detective | |
Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 [Terminate (automatically) a user session after a defined condition. 3.1.11 Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. 3.13.9] | System hardening through configuration management | Preventive | |
Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 | System hardening through configuration management | Preventive | |
Invalidate unexpected session identifiers. CC ID 15307 | System hardening through configuration management | Preventive | |
Configure the "MaxStartups" settings to organizational standards. CC ID 15329 | System hardening through configuration management | Preventive | |
Reject session identifiers that are not valid. CC ID 15306 | System hardening through configuration management | Preventive | |
Configure the "MaxSessions" settings to organizational standards. CC ID 15330 | System hardening through configuration management | Preventive | |
Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 | System hardening through configuration management | Preventive | |
Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 | System hardening through configuration management | Preventive | |
Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738 | System hardening through configuration management | Preventive | |
Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 | System hardening through configuration management | Preventive | |
Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 | System hardening through configuration management | Preventive | |
Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 | System hardening through configuration management | Preventive | |
Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 | System hardening through configuration management | Preventive | |
Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 | System hardening through configuration management | Preventive | |
Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 | System hardening through configuration management | Preventive | |
Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 | System hardening through configuration management | Preventive | |
Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 | System hardening through configuration management | Preventive | |
Remove all unnecessary functionality. CC ID 00882 | System hardening through configuration management | Preventive | |
Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827 | System hardening through configuration management | Preventive | |
Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477 | System hardening through configuration management | Preventive | |
Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880 [Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols, and services. 3.4.7] | System hardening through configuration management | Preventive | |
Disable rquotad unless rquotad is absolutely necessary. CC ID 01473 | System hardening through configuration management | Preventive | |
Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983 | System hardening through configuration management | Preventive | |
Disable telnet unless telnet use is absolutely necessary. CC ID 01478 | System hardening through configuration management | Preventive | |
Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479 | System hardening through configuration management | Preventive | |
Configure anonymous FTP to restrict the use of restricted data. CC ID 16314 | System hardening through configuration management | Preventive | |
Disable anonymous access to File Transfer Protocol. CC ID 06739 | System hardening through configuration management | Preventive | |
Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485 | System hardening through configuration management | Preventive | |
Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486 | System hardening through configuration management | Preventive | |
Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500 | System hardening through configuration management | Preventive | |
Disable alerter unless alerter use is absolutely necessary. CC ID 01810 | System hardening through configuration management | Preventive | |
Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812 | System hardening through configuration management | Preventive | |
Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813 | System hardening through configuration management | Preventive | |
Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815 | System hardening through configuration management | Preventive | |
Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817 | System hardening through configuration management | Preventive | |
Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818 | System hardening through configuration management | Preventive | |
Disable net logon unless net logon use is absolutely necessary. CC ID 01820 | System hardening through configuration management | Preventive | |
Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822 | System hardening through configuration management | Preventive | |
Disable the "Offer Remote Assistance" setting. CC ID 04325 | System hardening through configuration management | Preventive | |
Disable the "Solicited Remote Assistance" setting. CC ID 04326 | System hardening through configuration management | Preventive | |
Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823 | System hardening through configuration management | Preventive | |
Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824 | System hardening through configuration management | Preventive | |
Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829 | System hardening through configuration management | Preventive | |
Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831 | System hardening through configuration management | Preventive | |
Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832 | System hardening through configuration management | Preventive | |
Disable File Service Protocol. CC ID 02167 | System hardening through configuration management | Preventive | |
Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282 | System hardening through configuration management | Preventive | |
Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285 | System hardening through configuration management | Preventive | |
Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286 | System hardening through configuration management | Preventive | |
Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287 | System hardening through configuration management | Preventive | |
Disable remote installation unless remote installation is absolutely necessary. CC ID 04288 | System hardening through configuration management | Preventive | |
Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289 | System hardening through configuration management | Preventive | |
Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290 | System hardening through configuration management | Preventive | |
Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291 | System hardening through configuration management | Preventive | |
Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292 | System hardening through configuration management | Preventive | |
Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293 | System hardening through configuration management | Preventive | |
Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294 | System hardening through configuration management | Preventive | |
Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315 | System hardening through configuration management | Preventive | |
Configure the "ntpd service" setting to organizational standards. CC ID 04911 | System hardening through configuration management | Preventive | |
Configure the "echo service" setting to organizational standards. CC ID 04912 | System hardening through configuration management | Preventive | |
Configure the "echo-dgram service" setting to organizational standards. CC ID 09927 | System hardening through configuration management | Preventive | |
Configure the "echo-stream service" setting to organizational standards. CC ID 09928 | System hardening through configuration management | Preventive | |
Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327 | System hardening through configuration management | Preventive | |
Configure the "tcpmux-server" setting to organizational standards. CC ID 09929 | System hardening through configuration management | Preventive | |
Configure the "netstat service" setting to organizational standards. CC ID 04913 | System hardening through configuration management | Preventive | |
Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914 | System hardening through configuration management | Preventive | |
Configure the "tftpd service" setting to organizational standards. CC ID 04915 | System hardening through configuration management | Preventive | |
Configure the "walld service" setting to organizational standards. CC ID 04916 | System hardening through configuration management | Preventive | |
Configure the "rstatd service" setting to organizational standards. CC ID 04917 | System hardening through configuration management | Preventive | |
Configure the "sprayd service" setting to organizational standards. CC ID 04918 | System hardening through configuration management | Preventive | |
Configure the "rusersd service" setting to organizational standards. CC ID 04919 | System hardening through configuration management | Preventive | |
Configure the "inn service" setting to organizational standards. CC ID 04920 | System hardening through configuration management | Preventive | |
Configure the "font service" setting to organizational standards. CC ID 04921 | System hardening through configuration management | Preventive | |
Configure the "ident service" setting to organizational standards. CC ID 04922 | System hardening through configuration management | Preventive | |
Configure the "rexd service" setting to organizational standards. CC ID 04923 | System hardening through configuration management | Preventive | |
Configure the "daytime service" setting to organizational standards. CC ID 04924 | System hardening through configuration management | Preventive | |
Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925 | System hardening through configuration management | Preventive | |
Configure the "cmsd service" setting to organizational standards. CC ID 04926 | System hardening through configuration management | Preventive | |
Configure the "ToolTalk service" setting to organizational standards. CC ID 04927 | System hardening through configuration management | Preventive | |
Configure the "discard service" setting to organizational standards. CC ID 04928 | System hardening through configuration management | Preventive | |
Configure the "vino-server service" setting to organizational standards. CC ID 04929 | System hardening through configuration management | Preventive | |
Configure the "bind service" setting to organizational standards. CC ID 04930 | System hardening through configuration management | Preventive | |
Configure the "nfsd service" setting to organizational standards. CC ID 04931 | System hardening through configuration management | Preventive | |
Configure the "mountd service" setting to organizational standards. CC ID 04932 | System hardening through configuration management | Preventive | |
Configure the "statd service" setting to organizational standards. CC ID 04933 | System hardening through configuration management | Preventive | |
Configure the "lockd service" setting to organizational standards. CC ID 04934 | System hardening through configuration management | Preventive | |
Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980 | System hardening through configuration management | Preventive | |
Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935 | System hardening through configuration management | Preventive | |
Configure the sendmail vrfy command, as appropriate. CC ID 04936 | System hardening through configuration management | Preventive | |
Configure the sendmail expn command, as appropriate. CC ID 04937 | System hardening through configuration management | Preventive | |
Configure .netrc with an appropriate set of services. CC ID 04938 | System hardening through configuration management | Preventive | |
Enable NFS insecure locks as necessary. CC ID 04939 | System hardening through configuration management | Preventive | |
Configure the "X server ac" setting to organizational standards. CC ID 04940 | System hardening through configuration management | Preventive | |
Configure the "X server core" setting to organizational standards. CC ID 04941 | System hardening through configuration management | Preventive | |
Enable or disable the setroubleshoot service, as appropriate. CC ID 05540 | System hardening through configuration management | Preventive | |
Configure the "X server nolock" setting to organizational standards. CC ID 04942 | System hardening through configuration management | Preventive | |
Enable or disable the mcstrans service, as appropriate. CC ID 05541 | System hardening through configuration management | Preventive | |
Configure the "PAM console" setting to organizational standards. CC ID 04943 | System hardening through configuration management | Preventive | |
Enable or disable the restorecond service, as appropriate. CC ID 05542 | System hardening through configuration management | Preventive | |
Enable the rhnsd service as necessary. CC ID 04944 | System hardening through configuration management | Preventive | |
Enable the yum-updatesd service as necessary. CC ID 04945 | System hardening through configuration management | Preventive | |
Enable the autofs service as necessary. CC ID 04946 | System hardening through configuration management | Preventive | |
Enable the ip6tables service as necessary. CC ID 04947 | System hardening through configuration management | Preventive | |
Configure syslog to organizational standards. CC ID 04949 | System hardening through configuration management | Preventive | |
Enable the auditd service as necessary. CC ID 04950 | System hardening through configuration management | Preventive | |
Enable the logwatch service as necessary. CC ID 04951 | System hardening through configuration management | Preventive | |
Enable the logrotate (syslog rotator) service as necessary. CC ID 04952 | System hardening through configuration management | Preventive | |
Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953 | System hardening through configuration management | Preventive | |
Enable the ypbind service as necessary. CC ID 04954 | System hardening through configuration management | Preventive | |
Enable the ypserv service as necessary. CC ID 04955 | System hardening through configuration management | Preventive | |
Enable the firstboot service as necessary. CC ID 04956 | System hardening through configuration management | Preventive | |
Enable the gpm service as necessary. CC ID 04957 | System hardening through configuration management | Preventive | |
Enable the irqbalance service as necessary. CC ID 04958 | System hardening through configuration management | Preventive | |
Enable the isdn service as necessary. CC ID 04959 | System hardening through configuration management | Preventive | |
Enable the kdump service as necessary. CC ID 04960 | System hardening through configuration management | Preventive | |
Enable the mdmonitor service as necessary. CC ID 04961 | System hardening through configuration management | Preventive | |
Enable the microcode_ctl service as necessary. CC ID 04962 | System hardening through configuration management | Preventive | |
Enable the pcscd service as necessary. CC ID 04963 | System hardening through configuration management | Preventive | |
Enable the smartd service as necessary. CC ID 04964 | System hardening through configuration management | Preventive | |
Enable the readahead_early service as necessary. CC ID 04965 | System hardening through configuration management | Preventive | |
Enable the readahead_later service as necessary. CC ID 04966 | System hardening through configuration management | Preventive | |
Enable the messagebus service as necessary. CC ID 04967 | System hardening through configuration management | Preventive | |
Enable the haldaemon service as necessary. CC ID 04968 | System hardening through configuration management | Preventive | |
Enable the apmd service as necessary. CC ID 04969 | System hardening through configuration management | Preventive | |
Enable the acpid service as necessary. CC ID 04970 | System hardening through configuration management | Preventive | |
Enable the cpuspeed service as necessary. CC ID 04971 | System hardening through configuration management | Preventive | |
Enable the network service as necessary. CC ID 04972 | System hardening through configuration management | Preventive | |
Enable the hidd service as necessary. CC ID 04973 | System hardening through configuration management | Preventive | |
Enable the crond service as necessary. CC ID 04974 | System hardening through configuration management | Preventive | |
Install and enable the anacron service as necessary. CC ID 04975 | System hardening through configuration management | Preventive | |
Enable the xfs service as necessary. CC ID 04976 | System hardening through configuration management | Preventive | |
Install and enable the Avahi daemon service, as necessary. CC ID 04977 | System hardening through configuration management | Preventive | |
Enable the CUPS service, as necessary. CC ID 04978 | System hardening through configuration management | Preventive | |
Enable the hplip service as necessary. CC ID 04979 | System hardening through configuration management | Preventive | |
Enable the dhcpd service as necessary. CC ID 04980 | System hardening through configuration management | Preventive | |
Enable the nfslock service as necessary. CC ID 04981 | System hardening through configuration management | Preventive | |
Enable the rpcgssd service as necessary. CC ID 04982 | System hardening through configuration management | Preventive | |
Enable the rpcidmapd service as necessary. CC ID 04983 | System hardening through configuration management | Preventive | |
Enable the rpcsvcgssd service as necessary. CC ID 04985 | System hardening through configuration management | Preventive | |
Configure root squashing for all NFS shares, as appropriate. CC ID 04986 | System hardening through configuration management | Preventive | |
Configure write access to NFS shares, as appropriate. CC ID 04987 | System hardening through configuration management | Preventive | |
Configure the named service, as appropriate. CC ID 04988 | System hardening through configuration management | Preventive | |
Configure the vsftpd service, as appropriate. CC ID 04989 | System hardening through configuration management | Preventive | |
Configure the “dovecot” service to organizational standards. CC ID 04990 | System hardening through configuration management | Preventive | |
Configure Server Message Block (SMB) to organizational standards. CC ID 04991 | System hardening through configuration management | Preventive | |
Enable the snmpd service as necessary. CC ID 04992 | System hardening through configuration management | Preventive | |
Enable the calendar manager as necessary. CC ID 04993 | System hardening through configuration management | Preventive | |
Enable the GNOME logon service as necessary. CC ID 04994 | System hardening through configuration management | Preventive | |
Enable the WBEM services as necessary. CC ID 04995 | System hardening through configuration management | Preventive | |
Enable the keyserv service as necessary. CC ID 04996 | System hardening through configuration management | Preventive | |
Enable the Generic Security Service daemon as necessary. CC ID 04997 | System hardening through configuration management | Preventive | |
Enable the volfs service as necessary. CC ID 04998 | System hardening through configuration management | Preventive | |
Enable the smserver service as necessary. CC ID 04999 | System hardening through configuration management | Preventive | |
Enable the mpxio-upgrade service as necessary. CC ID 05000 | System hardening through configuration management | Preventive | |
Enable the metainit service as necessary. CC ID 05001 | System hardening through configuration management | Preventive | |
Enable the meta service as necessary. CC ID 05003 | System hardening through configuration management | Preventive | |
Enable the metaed service as necessary. CC ID 05004 | System hardening through configuration management | Preventive | |
Enable the metamh service as necessary. CC ID 05005 | System hardening through configuration management | Preventive | |
Enable the Local RPC Port Mapping Service as necessary. CC ID 05006 | System hardening through configuration management | Preventive | |
Enable the Kerberos kadmind service as necessary. CC ID 05007 | System hardening through configuration management | Preventive | |
Enable the Kerberos krb5kdc service as necessary. CC ID 05008 | System hardening through configuration management | Preventive | |
Enable the Kerberos kpropd service as necessary. CC ID 05009 | System hardening through configuration management | Preventive | |
Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010 | System hardening through configuration management | Preventive | |
Enable the sadmin service as necessary. CC ID 05011 | System hardening through configuration management | Preventive | |
Enable the IPP listener as necessary. CC ID 05012 | System hardening through configuration management | Preventive | |
Enable the serial port listener as necessary. CC ID 05013 | System hardening through configuration management | Preventive | |
Enable the Smart Card Helper service as necessary. CC ID 05014 | System hardening through configuration management | Preventive | |
Enable the Application Management service as necessary. CC ID 05015 | System hardening through configuration management | Preventive | |
Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016 | System hardening through configuration management | Preventive | |
Enable the Network News Transport Protocol service as necessary. CC ID 05017 | System hardening through configuration management | Preventive | |
Enable the network Dynamic Data Exchange service as necessary. CC ID 05018 | System hardening through configuration management | Preventive | |
Enable the Distributed Link Tracking Server service as necessary. CC ID 05019 | System hardening through configuration management | Preventive | |
Enable the RARP service as necessary. CC ID 05020 | System hardening through configuration management | Preventive | |
Configure the ".NET Framework service" setting to organizational standards. CC ID 05021 | System hardening through configuration management | Preventive | |
Enable the Network DDE Share Database Manager service as necessary. CC ID 05022 | System hardening through configuration management | Preventive | |
Enable the Certificate Services service as necessary. CC ID 05023 | System hardening through configuration management | Preventive | |
Configure the ATI hotkey poller service properly. CC ID 05024 | System hardening through configuration management | Preventive | |
Configure the Interix Subsystem Startup service properly. CC ID 05025 | System hardening through configuration management | Preventive | |
Configure the Cluster Service service properly. CC ID 05026 | System hardening through configuration management | Preventive | |
Configure the IAS Jet Database Access service properly. CC ID 05027 | System hardening through configuration management | Preventive | |
Configure the IAS service properly. CC ID 05028 | System hardening through configuration management | Preventive | |
Configure the IP Version 6 Helper service properly. CC ID 05029 | System hardening through configuration management | Preventive | |
Configure "Message Queuing service" to organizational standards. CC ID 05030 | System hardening through configuration management | Preventive | |
Configure the Message Queuing Down Level Clients service properly. CC ID 05031 | System hardening through configuration management | Preventive | |
Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033 | System hardening through configuration management | Preventive | |
Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034 | System hardening through configuration management | Preventive | |
Configure the Utility Manager service properly. CC ID 05035 | System hardening through configuration management | Preventive | |
Configure the secondary logon service properly. CC ID 05036 | System hardening through configuration management | Preventive | |
Configure the Windows Management Instrumentation service properly. CC ID 05037 | System hardening through configuration management | Preventive | |
Configure the Workstation service properly. CC ID 05038 | System hardening through configuration management | Preventive | |
Configure the Windows Installer service properly. CC ID 05039 | System hardening through configuration management | Preventive | |
Configure the Windows System Resource Manager service properly. CC ID 05040 | System hardening through configuration management | Preventive | |
Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041 | System hardening through configuration management | Preventive | |
Configure the Services for Unix Client for NFS service properly. CC ID 05042 | System hardening through configuration management | Preventive | |
Configure the Services for Unix Server for PCNFS service properly. CC ID 05043 | System hardening through configuration management | Preventive | |
Configure the Services for Unix Perl Socket service properly. CC ID 05044 | System hardening through configuration management | Preventive | |
Configure the Services for Unix User Name Mapping service properly. CC ID 05045 | System hardening through configuration management | Preventive | |
Configure the Services for Unix Windows Cron service properly. CC ID 05046 | System hardening through configuration management | Preventive | |
Configure the Windows Media Services service properly. CC ID 05047 | System hardening through configuration management | Preventive | |
Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048 | System hardening through configuration management | Preventive | |
Configure the Web Element Manager service properly. CC ID 05049 | System hardening through configuration management | Preventive | |
Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050 | System hardening through configuration management | Preventive | |
Configure the Terminal Services Licensing service properly. CC ID 05051 | System hardening through configuration management | Preventive | |
Configure the COM+ Event System service properly. CC ID 05052 | System hardening through configuration management | Preventive | |
Configure the Event Log service properly. CC ID 05053 | System hardening through configuration management | Preventive | |
Configure the Infrared Monitor service properly. CC ID 05054 | System hardening through configuration management | Preventive | |
Configure the Services for Unix Server for NFS service properly. CC ID 05055 | System hardening through configuration management | Preventive | |
Configure the System Event Notification Service properly. CC ID 05056 | System hardening through configuration management | Preventive | |
Configure the NTLM Security Support Provider service properly. CC ID 05057 | System hardening through configuration management | Preventive | |
Configure the Performance Logs and Alerts service properly. CC ID 05058 | System hardening through configuration management | Preventive | |
Configure the Protected Storage service properly. CC ID 05059 | System hardening through configuration management | Preventive | |
Configure the QoS Admission Control (RSVP) service properly. CC ID 05060 | System hardening through configuration management | Preventive | |
Configure the Remote Procedure Call service properly. CC ID 05061 | System hardening through configuration management | Preventive | |
Configure the Removable Storage service properly. CC ID 05062 | System hardening through configuration management | Preventive | |
Configure the Server service properly. CC ID 05063 | System hardening through configuration management | Preventive | |
Configure the Security Accounts Manager service properly. CC ID 05064 | System hardening through configuration management | Preventive | |
Configure the “Network Connections” service to organizational standards. CC ID 05065 | System hardening through configuration management | Preventive | |
Configure the Logical Disk Manager service properly. CC ID 05066 | System hardening through configuration management | Preventive | |
Configure the Logical Disk Manager Administrative Service properly. CC ID 05067 | System hardening through configuration management | Preventive | |
Configure the File Replication service properly. CC ID 05068 | System hardening through configuration management | Preventive | |
Configure the Kerberos Key Distribution Center service properly. CC ID 05069 | System hardening through configuration management | Preventive | |
Configure the Intersite Messaging service properly. CC ID 05070 | System hardening through configuration management | Preventive | |
Configure the Remote Procedure Call locator service properly. CC ID 05071 | System hardening through configuration management | Preventive | |
Configure the Distributed File System service properly. CC ID 05072 | System hardening through configuration management | Preventive | |
Configure the Windows Internet Name Service service properly. CC ID 05073 | System hardening through configuration management | Preventive | |
Configure the FTP Publishing Service properly. CC ID 05074 | System hardening through configuration management | Preventive | |
Configure the Windows Search service properly. CC ID 05075 | System hardening through configuration management | Preventive | |
Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076 | System hardening through configuration management | Preventive | |
Configure the Remote Shell service properly. CC ID 05077 | System hardening through configuration management | Preventive | |
Configure Simple TCP/IP services to organizational standards. CC ID 05078 | System hardening through configuration management | Preventive | |
Configure the Print Services for Unix service properly. CC ID 05079 | System hardening through configuration management | Preventive | |
Configure the File Shares service to organizational standards. CC ID 05080 | System hardening through configuration management | Preventive | |
Configure the NetMeeting service properly. CC ID 05081 | System hardening through configuration management | Preventive | |
Configure the Application Layer Gateway service properly. CC ID 05082 | System hardening through configuration management | Preventive | |
Configure the Cryptographic Services service properly. CC ID 05083 | System hardening through configuration management | Preventive | |
Configure the Help and Support Service properly. CC ID 05084 | System hardening through configuration management | Preventive | |
Configure the Human Interface Device Access service properly. CC ID 05085 | System hardening through configuration management | Preventive | |
Configure the IMAPI CD-Burning COM service properly. CC ID 05086 | System hardening through configuration management | Preventive | |
Configure the MS Software Shadow Copy Provider service properly. CC ID 05087 | System hardening through configuration management | Preventive | |
Configure the Network Location Awareness service properly. CC ID 05088 | System hardening through configuration management | Preventive | |
Configure the Portable Media Serial Number Service service properly. CC ID 05089 | System hardening through configuration management | Preventive | |
Configure the System Restore Service service properly. CC ID 05090 | System hardening through configuration management | Preventive | |
Configure the Themes service properly. CC ID 05091 | System hardening through configuration management | Preventive | |
Configure the Uninterruptible Power Supply service properly. CC ID 05092 | System hardening through configuration management | Preventive | |
Configure the Upload Manager service properly. CC ID 05093 | System hardening through configuration management | Preventive | |
Configure the Volume Shadow Copy Service properly. CC ID 05094 | System hardening through configuration management | Preventive | |
Configure the WebClient service properly. CC ID 05095 | System hardening through configuration management | Preventive | |
Configure the Windows Audio service properly. CC ID 05096 | System hardening through configuration management | Preventive | |
Configure the Windows Image Acquisition service properly. CC ID 05097 | System hardening through configuration management | Preventive | |
Configure the WMI Performance Adapter service properly. CC ID 05098 | System hardening through configuration management | Preventive | |
Enable file uploads via vsftpd service, as appropriate. CC ID 05100 | System hardening through configuration management | Preventive | |
Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885 | System hardening through configuration management | Preventive | |
Configure the "SNMP version 1" setting to organizational standards. CC ID 08976 | System hardening through configuration management | Preventive | |
Configure the "xdmcp service" setting to organizational standards. CC ID 08985 | System hardening through configuration management | Preventive | |
Configure authenticators to comply with organizational standards. CC ID 06412 | System hardening through configuration management | Preventive | |
Configure the system to require new users to change their authenticator on first use. CC ID 05268 [Allow temporary password use for system logons with an immediate change to a permanent password. 3.5.9] | System hardening through configuration management | Preventive | |
Configure the system to encrypt authenticators. CC ID 06735 [Store and transmit only encrypted representation of passwords. 3.5.10] | System hardening through configuration management | Preventive | |
Configure the system to mask authenticators. CC ID 02037 [Obscure feedback of authentication information. 3.5.11] | System hardening through configuration management | Preventive | |
Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881 | System hardening through configuration management | Preventive | |
Configure the default locking Screen saver timeout to a predetermined time period. CC ID 01570 [Use session lock with pattern-hiding displays to prevent access/viewing of data after period of inactivity. 3.1.10] | System hardening through configuration management | Preventive | |
Configure Wireless Access Points in accordance with organizational standards. CC ID 12477 | System hardening through configuration management | Preventive | |
Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 [Protect wireless access using authentication and encryption. 3.1.17] | System hardening through configuration management | Preventive | |
Configure mobile device settings in accordance with organizational standards. CC ID 04600 | System hardening through configuration management | Preventive | |
Enable data-at-rest encryption on mobile devices. CC ID 04842 [Protect the confidentiality of CUI at rest. 3.13.16] | System hardening through configuration management | Preventive | |
Configure Logging settings in accordance with organizational standards. CC ID 07611 [Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. 3.3.1] | System hardening through configuration management | Preventive | |
Configure "CloudTrail" to organizational standards. CC ID 15443 | System hardening through configuration management | Preventive | |
Configure "CloudTrail log file validation" to organizational standards. CC ID 15437 | System hardening through configuration management | Preventive | |
Configure "VPC flow logging" to organizational standards. CC ID 15436 | System hardening through configuration management | Preventive | |
Configure "object-level logging" to organizational standards. CC ID 15433 | System hardening through configuration management | Preventive | |
Configure "Turn on PowerShell Transcription" to organizational standards. CC ID 15415 | System hardening through configuration management | Preventive | |
Configure "Turn on PowerShell Script Block Logging" to organizational standards. CC ID 15413 | System hardening through configuration management | Preventive | |
Configure "Audit PNP Activity" to organizational standards. CC ID 15393 | System hardening through configuration management | Preventive | |
Configure "Include command line in process creation events" to organizational standards. CC ID 15358 | System hardening through configuration management | Preventive | |
Configure "Audit Group Membership" to organizational standards. CC ID 15341 | System hardening through configuration management | Preventive | |
Configure the "audit_backlog_limit" setting to organizational standards. CC ID 15324 | System hardening through configuration management | Preventive | |
Configure the "/etc/docker/daemon.json" files and directories auditing to organizational standards. CC ID 14467 | System hardening through configuration management | Detective | |
Configure the "systemd-journald" to organizational standards. CC ID 15326 | System hardening through configuration management | Preventive | |
Configure the "/etc/docker" files and directories auditing to organizational standards. CC ID 14459 | System hardening through configuration management | Detective | |
Configure the "docker.socket" files and directories auditing to organizational standards. CC ID 14458 | System hardening through configuration management | Detective | |
Configure the "docker.service" files and directories auditing to organizational standards. CC ID 14454 | System hardening through configuration management | Detective | |
Configure the "/var/lib/docker" files and directories auditing to organizational standards. CC ID 14453 | System hardening through configuration management | Detective | |
Configure the "/usr/sbin/runc" files and directories auditing to organizational standards. CC ID 14452 | System hardening through configuration management | Detective | |
Configure the "/usr/bin/containerd" files and directories auditing to organizational standards. CC ID 14451 | System hardening through configuration management | Detective | |
Configure the "/etc/default/docker" files and directories auditing to organizational standards. CC ID 14450 | System hardening through configuration management | Detective | |
Configure the "/etc/sysconfig/docker" files and directories auditing to organizational standards. CC ID 14449 | System hardening through configuration management | Detective | |
Configure the storage parameters for all logs. CC ID 06330 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: SAM" to organizational standards. CC ID 07612 | System hardening through configuration management | Preventive | |
Configure sufficient log storage capacity and prevent the capacity from being exceeded. CC ID 01425 | System hardening through configuration management | Preventive | |
Configure the log retention method. CC ID 01715 | System hardening through configuration management | Preventive | |
Configure the log retention size. CC ID 01716 | System hardening through configuration management | Preventive | |
Configure syslogd to send logs to a Remote LogHost. CC ID 01526 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Management: User Account Management" to organizational standards. CC ID 07613 | System hardening through configuration management | Preventive | |
Configure the security parameters for all logs. CC ID 01712 | System hardening through configuration management | Preventive | |
Configure the log so that it cannot be disabled. CC ID 00595 | System hardening through configuration management | Preventive | |
Configure the event log size capacity limits for the application log, the security log, and the system log. CC ID 01713 | System hardening through configuration management | Preventive | |
Configure the application log, the security log, and the system log to restrict guest access. CC ID 01714 | System hardening through configuration management | Preventive | |
Configure the "mss: (warninglevel) percentage threshold for the security event log at which the system will generate a warning" setting. CC ID 04275 | System hardening through configuration management | Preventive | |
Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 [Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions. 3.3.2] | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: System: System Integrity" to organizational standards. CC ID 07652 | System hardening through configuration management | Preventive | |
Configure the log to capture the user's identification. CC ID 01334 | System hardening through configuration management | Preventive | |
Configure the log to capture a date and time stamp. CC ID 01336 [Provide an information system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. 3.3.7] | System hardening through configuration management | Preventive | |
Configure the log to uniquely identify each asset. CC ID 01339 | System hardening through configuration management | Preventive | |
Configure the log to capture remote access information. CC ID 05596 | System hardening through configuration management | Detective | |
Configure the log to capture the type of each event. CC ID 06423 | System hardening through configuration management | Preventive | |
Configure the log to capture each event's success or failure indication. CC ID 06424 | System hardening through configuration management | Preventive | |
Configure all logs to capture auditable events or actionable events. CC ID 06332 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: File Share" to organizational standards. CC ID 07655 | System hardening through configuration management | Preventive | |
Configure the log to capture account lockouts. CC ID 16470 | System hardening through configuration management | Preventive | |
Configure the log to capture execution events. CC ID 16469 | System hardening through configuration management | Preventive | |
Configure the log to capture AWS Organizations changes. CC ID 15445 | System hardening through configuration management | Preventive | |
Configure the log to capture Identity and Access Management policy changes. CC ID 15442 | System hardening through configuration management | Preventive | |
Configure the log to capture management console sign-in without multi-factor authentication. CC ID 15441 | System hardening through configuration management | Preventive | |
Configure the log to capture route table changes. CC ID 15439 | System hardening through configuration management | Preventive | |
Configure the log to capture virtual private cloud changes. CC ID 15435 | System hardening through configuration management | Preventive | |
Configure the log to capture changes to encryption keys. CC ID 15432 | System hardening through configuration management | Preventive | |
Configure the log to capture unauthorized API calls. CC ID 15429 | System hardening through configuration management | Preventive | |
Configure the log to capture changes to network gateways. CC ID 15421 | System hardening through configuration management | Preventive | |
Configure the log to capture all spoofed addresses. CC ID 01313 | System hardening through configuration management | Preventive | |
Configure the "logging level" to organizational standards. CC ID 14456 | System hardening through configuration management | Detective | |
Configure inetd tracing. CC ID 01523 | System hardening through configuration management | Preventive | |
Configure the system to capture messages sent to the syslog AUTH facility. CC ID 01525 | System hardening through configuration management | Preventive | |
Configure Cron logging. CC ID 01528 | System hardening through configuration management | Preventive | |
Configure the kernel level auditing setting. CC ID 01530 | System hardening through configuration management | Preventive | |
Configure the "audit successful file system mounts" setting to organizational standards. CC ID 09923 | System hardening through configuration management | Preventive | |
Configure system accounting/system events. CC ID 01529 | System hardening through configuration management | Preventive | |
Configure the privilege use auditing setting. CC ID 01699 | System hardening through configuration management | Preventive | |
Configure the log to record the Denial of Access that results from an excessive number of unsuccessful logon attempts. CC ID 01919 | System hardening through configuration management | Preventive | |
Configure the Audit Process Tracking setting. CC ID 01700 | System hardening through configuration management | Preventive | |
Configure the EEPROM security-mode accesses and EEPROM log-failed accesses. CC ID 01575 | System hardening through configuration management | Preventive | |
Configure the log to capture user identifier, address, port blocking or blacklisting. CC ID 01918 | System hardening through configuration management | Preventive | |
Enable directory service access events, as appropriate. CC ID 05616 | System hardening through configuration management | Preventive | |
Configure the log to capture failed transactions. CC ID 06334 | System hardening through configuration management | Preventive | |
Configure the log to capture successful transactions. CC ID 06335 | System hardening through configuration management | Preventive | |
Audit non attributable events (na class). CC ID 05604 | System hardening through configuration management | Preventive | |
Configure the log to capture configuration changes. CC ID 06881 | System hardening through configuration management | Preventive | |
Log, monitor, and review all changes to time settings on critical systems. CC ID 11608 | System hardening through configuration management | Preventive | |
Configure the log to capture all changes to certificates. CC ID 05595 | System hardening through configuration management | Preventive | |
Configure the "inetd logging" setting to organizational standards. CC ID 08970 | System hardening through configuration management | Preventive | |
Configure the "audit sudoers" setting to organizational standards. CC ID 09950 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Registry" to organizational standards. CC ID 07658 | System hardening through configuration management | Preventive | |
Configure the event log settings for specific Operating System functions. CC ID 06337 | System hardening through configuration management | Preventive | |
Configure the "Audit: Audit the use of Backup and Restore privilege" setting. CC ID 01724 | System hardening through configuration management | Preventive | |
Configure the "Audit: Shut down the system immediately if unable to log security audits" setting. CC ID 01725 | System hardening through configuration management | Preventive | |
Configure "Audit account management" to organizational standards. CC ID 02039 | System hardening through configuration management | Preventive | |
Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later)" setting. CC ID 04387 | System hardening through configuration management | Preventive | |
Configure console logging. CC ID 04454 | System hardening through configuration management | Preventive | |
Configure boot error logging. CC ID 04455 | System hardening through configuration management | Preventive | |
Disable the "Audit password" setting in NetWare. CC ID 04456 | System hardening through configuration management | Preventive | |
Configure the "Disable Logging" setting. CC ID 05590 | System hardening through configuration management | Preventive | |
Enable BIN mode auditing. CC ID 05591 | System hardening through configuration management | Preventive | |
Enable or disable the BSM auditing setting, as appropriate. CC ID 05592 | System hardening through configuration management | Preventive | |
Set the X server audit level appropriately. CC ID 05600 | System hardening through configuration management | Preventive | |
Configure the "Turn on session logging" properly. CC ID 05618 | System hardening through configuration management | Preventive | |
Configure Sendmail with the appropriate logging levels. CC ID 06028 | System hardening through configuration management | Preventive | |
Enable or disable auditing in the runcontrol scripts, as appropriate. CC ID 06029 | System hardening through configuration management | Preventive | |
Enable or disable auditing for user accounts, as appropriate. CC ID 06030 | System hardening through configuration management | Preventive | |
Enable or disable auditing at boot time, as appropriate. CC ID 06031 | System hardening through configuration management | Preventive | |
Enable or disable the auditing of chgrp usage, as appropriate. CC ID 06033 | System hardening through configuration management | Preventive | |
Enable or disable the auditing of mkgroup usage, as appropriate. CC ID 06034 | System hardening through configuration management | Preventive | |
Enable or disable the auditing of rmgroup usage, as appropriate. CC ID 06035 | System hardening through configuration management | Preventive | |
Enable or disable the auditing of the exit function, as appropriate. CC ID 06036 | System hardening through configuration management | Preventive | |
Generate an alert when an audit log failure occurs. CC ID 06737 [{generate} Alert in the event of an audit process failure. 3.3.4] | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Logoff" to organizational standards. CC ID 07662 | System hardening through configuration management | Preventive | |
Configure additional log settings. CC ID 06333 | System hardening through configuration management | Preventive | |
Configure additional logging for the FTP daemon. CC ID 01524 | System hardening through configuration management | Preventive | |
Configure additional log file parameters appropriately. CC ID 06338 | System hardening through configuration management | Preventive | |
Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" to organizational standards. CC ID 07664 | System hardening through configuration management | Preventive | |
Create the /var/adm/loginlog file. CC ID 01527 | System hardening through configuration management | Preventive | |
Verify the audit config file contains only accounts that should be present. CC ID 05594 | System hardening through configuration management | Preventive | |
Specify the PRI audit file properly. CC ID 05597 | System hardening through configuration management | Preventive | |
Specify the SEC audit file properly. CC ID 05598 | System hardening through configuration management | Preventive | |
Verify the user audit file contains the appropriate never-audit flags. CC ID 05605 | System hardening through configuration management | Preventive | |
Configure the "Background upload of a roaming user profile's registry file while user is logged on" setting to organizational standards. CC ID 10761 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: File System" to organizational standards. CC ID 07666 | System hardening through configuration management | Preventive | |
Configure the "Backup log automatically when full" setting for the "setup log" to organizational standards. CC ID 10762 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Logon" to organizational standards. CC ID 07669 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Logon: Kerberos Authentication Service" to organizational standards. CC ID 07679 | System hardening through configuration management | Preventive | |
Configure the "Applications preference logging and tracing" setting to organizational standards. CC ID 10774 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: IPsec Extended Mode" to organizational standards. CC ID 07683 | System hardening through configuration management | Preventive | |
Configure the "Data Sources preference logging and tracing" setting to organizational standards. CC ID 10779 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Handle Manipulation" to organizational standards. CC ID 07684 | System hardening through configuration management | Preventive | |
Configure the "Devices preference logging and tracing" setting to organizational standards. CC ID 10782 | System hardening through configuration management | Preventive | |
Configure the "Drive Maps preference logging and tracing" setting to organizational standards. CC ID 10783 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Detailed File Share" to organizational standards. CC ID 07687 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Network Policy Server" to organizational standards. CC ID 07701 | System hardening through configuration management | Preventive | |
Configure the "Environment preference logging and tracing" setting to organizational standards. CC ID 10784 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Detailed Tracking: Process Creation" to organizational standards. CC ID 07707 | System hardening through configuration management | Preventive | |
Configure the "Files preference logging and tracing" setting to organizational standards. CC ID 10785 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: System: IPsec Driver" to organizational standards. CC ID 07708 | System hardening through configuration management | Preventive | |
Configure the "Folder Options preference logging and tracing" setting to organizational standards. CC ID 10786 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Account Lockout" to organizational standards. CC ID 07713 | System hardening through configuration management | Preventive | |
Configure the "Folders preference logging and tracing" setting to organizational standards. CC ID 10787 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Kernel Object" to organizational standards. CC ID 07720 | System hardening through configuration management | Preventive | |
Configure the "Ini Files preference logging and tracing" setting to organizational standards. CC ID 10788 | System hardening through configuration management | Preventive | |
Configure the "Internet Settings preference logging and tracing" setting to organizational standards. CC ID 10789 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Other Object Access Events" to organizational standards. CC ID 07724 | System hardening through configuration management | Preventive | |
Configure the "Local Users and Groups preference logging and tracing" setting to organizational standards. CC ID 10793 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: DS Access: Directory Service Replication" to organizational standards. CC ID 07734 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Policy Change: Audit Policy Change" to organizational standards. CC ID 07735 | System hardening through configuration management | Preventive | |
Configure the "Regional Options preference logging and tracing" setting to organizational standards. CC ID 10802 | System hardening through configuration management | Preventive | |
Configure the "Registry preference logging and tracing" setting to organizational standards. CC ID 10803 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: DS Access: Directory Service Changes" to organizational standards. CC ID 07736 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Certification Services" to organizational standards. CC ID 07742 | System hardening through configuration management | Preventive | |
Configure the "Scheduled Tasks preference logging and tracing" setting to organizational standards. CC ID 10815 | System hardening through configuration management | Preventive | |
Configure the "Services preference logging and tracing" setting to organizational standards. CC ID 10818 | System hardening through configuration management | Preventive | |
Configure the "Maximum Log Size (KB)" to organizational standards. CC ID 07744 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Detailed Tracking: DPAPI Activity" to organizational standards. CC ID 07746 | System hardening through configuration management | Preventive | |
Configure the "Shortcuts preference logging and tracing" setting to organizational standards. CC ID 10819 | System hardening through configuration management | Preventive | |
Configure the "Start Menu preference logging and tracing" setting to organizational standards. CC ID 10821 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Management: Other Account Management Events" to organizational standards. CC ID 07751 | System hardening through configuration management | Preventive | |
Configure the "Delete data from devices running Microsoft firmware when a user logs off from the computer." setting to organizational standards. CC ID 10846 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Management: Computer Account Management" to organizational standards. CC ID 07752 | System hardening through configuration management | Preventive | |
Configure the "Disable logging via package settings" setting to organizational standards. CC ID 10864 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Privilege Use: Non Sensitive Privilege Use" to organizational standards. CC ID 07756 | System hardening through configuration management | Preventive | |
Configure the "Do not forcefully unload the users registry at user logoff" setting to organizational standards. CC ID 10930 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Application Generated" to organizational standards. CC ID 07757 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: DS Access: Detailed Directory Service Replication" to organizational standards. CC ID 07764 | System hardening through configuration management | Preventive | |
Configure the "Do not log users on with temporary profiles" setting to organizational standards. CC ID 10931 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Privilege Use: Other Privilege Use Events" to organizational standards. CC ID 07776 | System hardening through configuration management | Preventive | |
Configure the "Log Access" setting for the "application log" to organizational standards. CC ID 11026 | System hardening through configuration management | Preventive | |
Configure the "Log Access" setting for the "setup log" to organizational standards. CC ID 11027 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Logon: Kerberos Service Ticket Operations" to organizational standards. CC ID 07786 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: DS Access: Directory Service Access" to organizational standards. CC ID 07790 | System hardening through configuration management | Preventive | |
Configure the "Log Access" setting for the "system log" to organizational standards. CC ID 11028 | System hardening through configuration management | Preventive | |
Configure the "Retain old events" to organizational standards. CC ID 07791 | System hardening through configuration management | Preventive | |
Configure the "Log directory pruning retry events" setting to organizational standards. CC ID 11029 | System hardening through configuration management | Preventive | |
Configure the "Audit: Audit the use of Backup and Restore privilege" to organizational standards. CC ID 07792 | System hardening through configuration management | Preventive | |
Configure the "Log event when quota limit exceeded" setting to organizational standards. CC ID 11030 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change" to organizational standards. CC ID 07793 | System hardening through configuration management | Preventive | |
Configure the "Log File Path" setting for the "application log" to organizational standards. CC ID 11033 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Policy Change: Other Policy Change Events" to organizational standards. CC ID 07810 | System hardening through configuration management | Preventive | |
Configure the "Log File Path" setting for the "setup log" to organizational standards. CC ID 11034 | System hardening through configuration management | Preventive | |
Configure the "Audit: Shut down system immediately if unable to log security audits" to organizational standards. CC ID 07812 | System hardening through configuration management | Preventive | |
Configure the "Log File Path" setting for the "system log" to organizational standards. CC ID 11035 | System hardening through configuration management | Preventive | |
Configure the "Logging" setting to organizational standards. CC ID 11036 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: System: Other System Events" to organizational standards. CC ID 07817 | System hardening through configuration management | Preventive | |
Configure the "Remove "Disconnect" option from Shut Down dialog" setting to organizational standards. CC ID 11126 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Management: Application Group Management" to organizational standards. CC ID 07819 | System hardening through configuration management | Preventive | |
Configure the "Remove browse dialog box for new source" setting to organizational standards. CC ID 11127 | System hardening through configuration management | Preventive | |
Configure the "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to organizational standards. CC ID 07820 | System hardening through configuration management | Preventive | |
Configure the "Restricts the UI language Windows uses for all logged users" setting to organizational standards. CC ID 11147 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Logon: Other Account Logon Events" to organizational standards. CC ID 07825 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Management: Distribution Group Management" to organizational standards. CC ID 07828 | System hardening through configuration management | Preventive | |
Configure the "Set roaming profile path for all users logging onto this computer" setting to organizational standards. CC ID 11182 | System hardening through configuration management | Preventive | |
Configure the "Set the Time interval in minutes for logging accounting data" setting to organizational standards. CC ID 11193 | System hardening through configuration management | Preventive | |
Configure the "Audit: Audit the access of global system objects" to organizational standards. CC ID 07831 | System hardening through configuration management | Preventive | |
Configure the "Turn off Resultant Set of Policy logging" setting to organizational standards. CC ID 11307 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Special Logon" to organizational standards. CC ID 07835 | System hardening through configuration management | Preventive | |
Configure the "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" setting to organizational standards. CC ID 11343 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Detailed Tracking: RPC Events" to organizational standards. CC ID 07840 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Policy Change: Authentication Policy Change" to organizational standards. CC ID 07846 | System hardening through configuration management | Preventive | |
Configure the "Turn on extensive logging for Password Synchronization" setting to organizational standards. CC ID 11344 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Detailed Tracking: Process Termination" to organizational standards. CC ID 07849 | System hardening through configuration management | Preventive | |
Configure the "Turn on logging" setting to organizational standards. CC ID 11345 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: IPsec Quick Mode" to organizational standards. CC ID 07852 | System hardening through configuration management | Preventive | |
Configure the "Turn on session logging" setting to organizational standards. CC ID 11350 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Filtering Platform Packet Drop" to organizational standards. CC ID 07856 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Filtering Platform Connection" to organizational standards. CC ID 07864 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Policy Change: Authorization Policy Change" to organizational standards. CC ID 07875 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Management: Security Group Management" to organizational standards. CC ID 07880 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Privilege Use: Sensitive Privilege Use" to organizational standards. CC ID 07887 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: IPsec Main Mode" to organizational standards. CC ID 07888 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Account Logon: Credential Validation" to organizational standards. CC ID 07892 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Policy Change: Filtering Platform Policy Change" to organizational standards. CC ID 07895 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Logon-Logoff: Other Logon/Logoff Events" to organizational standards. CC ID 07899 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: System: Security State Change" to organizational standards. CC ID 07903 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: System: Security System Extension" to organizational standards. CC ID 07904 | System hardening through configuration management | Preventive | |
Configure the "Audit account logon events" to organizational standards. CC ID 08188 | System hardening through configuration management | Preventive | |
Configure the "Retention method for security log" to organizational standards. CC ID 08197 | System hardening through configuration management | Preventive | |
Configure the "Retention method for system log" to organizational standards. CC ID 08211 | System hardening through configuration management | Preventive | |
Configure the "Audit logon events" to organizational standards. CC ID 08221 | System hardening through configuration management | Preventive | |
Configure the "Retention method for application log" to organizational standards. CC ID 08226 | System hardening through configuration management | Preventive | |
Configure the "Retain security log" to organizational standards. CC ID 08241 | System hardening through configuration management | Preventive | |
Configure the "Audit system events" to organizational standards. CC ID 08244 | System hardening through configuration management | Preventive | |
Configure the "Retain application log" to organizational standards. CC ID 08246 | System hardening through configuration management | Preventive | |
Configure the "Prevent local guests group from accessing application log" to organizational standards. CC ID 08248 | System hardening through configuration management | Preventive | |
Configure the "Maximum security log size" to organizational standards. CC ID 08251 | System hardening through configuration management | Preventive | |
Configure the "Retain system log" to organizational standards. CC ID 08258 | System hardening through configuration management | Preventive | |
Configure the "Audit privilege use" to organizational standards. CC ID 08266 | System hardening through configuration management | Preventive | |
Configure the "Audit policy change" to organizational standards. CC ID 08272 | System hardening through configuration management | Preventive | |
Configure the "Audit object access" to organizational standards. CC ID 08278 | System hardening through configuration management | Preventive | |
Configure the "Audit process tracking" to organizational standards. CC ID 08283 | System hardening through configuration management | Preventive | |
Configure the "Maximum system log size" to organizational standards. CC ID 08286 | System hardening through configuration management | Preventive | |
Configure the "Maximum application log size" to organizational standards. CC ID 08296 | System hardening through configuration management | Preventive | |
Configure the "Prevent local guests group from accessing security log" to organizational standards. CC ID 08297 | System hardening through configuration management | Preventive | |
Configure the "Audit directory service access" to organizational standards. CC ID 08304 | System hardening through configuration management | Preventive | |
Configure the "Audit account management" to organizational standards. CC ID 08316 | System hardening through configuration management | Preventive | |
Configure the "Prevent local guests group from accessing system log" to organizational standards. CC ID 08336 | System hardening through configuration management | Preventive | |
Configure the "Specify the maximum log file size (KB)" to organizational standards. CC ID 08352 | System hardening through configuration management | Preventive | |
Configure the "Message tracking logging - Mailbox" to organizational standards. CC ID 08360 | System hardening through configuration management | Preventive | |
Configure the "Turn on Connectivity logging" to organizational standards. CC ID 08398 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Domain: Logging: Size limit (KB)" to organizational standards. CC ID 08405 | System hardening through configuration management | Preventive | |
Configure the "Control Event Log behavior when the log file reaches its maximum size" to organizational standards. CC ID 08444 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Private: Logging: Log dropped packets" to organizational standards. CC ID 08445 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Public: Logging: Log dropped packets" to organizational standards. CC ID 08454 | System hardening through configuration management | Preventive | |
Configure the "Configure Protocol logging" to organizational standards. CC ID 08463 | System hardening through configuration management | Preventive | |
Configure the "Message tracking logging - Transport" to organizational standards. CC ID 08477 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Domain: Logging: Log dropped packets" to organizational standards. CC ID 08501 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Removable Storage" to organizational standards. CC ID 08504 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Domain: Logging: Name" to organizational standards. CC ID 08543 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Public: Logging: Log successful connections" to organizational standards. CC ID 08545 | System hardening through configuration management | Preventive | |
Configure the "Audit Policy: Object Access: Central Access Policy Staging" to organizational standards. CC ID 08558 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Public: Logging: Name" to organizational standards. CC ID 08565 | System hardening through configuration management | Preventive | |
Configure the "Windows Firewall: Private: Logging: Size limit (KB)" to organizational standards. CC ID 08606 | System hardening through configuration management | Preventive | |
Configure the "audit change user functions" setting to organizational standards. CC ID 08982 | System hardening through configuration management | Preventive | |
Configure the "audit the use of chmod command" setting to organizational standards. CC ID 08983 | System hardening through configuration management | Preventive | |
Configure the "audit the chown command" setting to organizational standards. CC ID 08984 | System hardening through configuration management | Preventive | |
Configure the "Collect Session Initiation Information" setting to organizational standards. CC ID 09948 | System hardening through configuration management | Preventive | |
Configure the "Collect Discretionary Access Control Permission Modification Events" setting to organizational standards. CC ID 09949 | System hardening through configuration management | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Fault Tolerant Heap" to organizational standards. CC ID 10808 | System hardening through configuration management | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Boot Performance Diagnostics" to organizational standards. CC ID 10809 | System hardening through configuration management | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Memory Leak Diagnosis" to organizational standards. CC ID 10810 | System hardening through configuration management | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Resource Exhaustion Detection and Resolution" to organizational standards. CC ID 10811 | System hardening through configuration management | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Shutdown Performance Diagnostics" to organizational standards. CC ID 10812 | System hardening through configuration management | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Standby/Resume Performance Diagnostics" to organizational standards. CC ID 10813 | System hardening through configuration management | Preventive | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows System Responsiveness Diagnostics" to organizational standards. CC ID 10814 | System hardening through configuration management | Preventive | |
Configure the "Default quota limit and warning level" setting to organizational standards. CC ID 10840 | System hardening through configuration management | Preventive | |
Configure the "Detect application failures caused by deprecated COM objects" setting to organizational standards. CC ID 10851 | System hardening through configuration management | Preventive | |
Configure the "Detect application failures caused by deprecated Windows DLLs" setting to organizational standards. CC ID 10852 | System hardening through configuration management | Preventive | |
Configure the "Detect application install failures" setting to organizational standards. CC ID 10853 | System hardening through configuration management | Preventive | |
Configure the "Detect application installers that need to be run as administrator" setting to organizational standards. CC ID 10854 | System hardening through configuration management | Preventive | |
Configure the "Detect applications unable to launch installers under UAC" setting to organizational standards. CC ID 10855 | System hardening through configuration management | Preventive | |
Configure the "Diagnostics: Configure scenario execution level" setting to organizational standards. CC ID 10856 | System hardening through configuration management | Preventive | |
Configure the "Disk Diagnostic: Configure execution level" setting to organizational standards. CC ID 10883 | System hardening through configuration management | Preventive | |
Configure the "Log event when quota warning level exceeded" setting to organizational standards. CC ID 11031 | System hardening through configuration management | Preventive | |
Configure the "Log File Debug Output Level" setting to organizational standards. CC ID 11032 | System hardening through configuration management | Preventive | |
Configure the "Microsoft Support Diagnostic Tool: Configure execution level" setting to organizational standards. CC ID 11043 | System hardening through configuration management | Preventive | |
Configure the "Primary DNS Suffix Devolution Level" setting to organizational standards. CC ID 11096 | System hardening through configuration management | Preventive | |
Configure the "Require user authentication for remote connections by using Network Level Authentication" setting to organizational standards. CC ID 11138 | System hardening through configuration management | Preventive | |
Configure the "Specify channel binding token hardening level" setting to organizational standards. CC ID 11209 | System hardening through configuration management | Preventive | |
Configure the "Update Security Level" setting to organizational standards. CC ID 11357 | System hardening through configuration management | Preventive | |
Configure the "Update Top Level Domain Zones" setting to organizational standards. CC ID 11358 | System hardening through configuration management | Preventive | |
Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621 | System hardening through configuration management | Preventive | |
Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 [Enforce a minimum password complexity and change of characters when new passwords are created. 3.5.7] | System hardening through configuration management | Preventive | |
Configure the "Enforce password history" to organizational standards. CC ID 07877 [Prevent reuse of identifiers for a defined period. 3.5.5 Prohibit password reuse for a specified number of generations. 3.5.8] | System hardening through configuration management | Preventive | |
Configure security and protection software according to Organizational Standards. CC ID 11917 | System hardening through configuration management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Include the system components that generate audit records in the event logging procedures. CC ID 16426 | Monitoring and measurement | Preventive | |
Overwrite the oldest records when audit logging fails. CC ID 14308 | Monitoring and measurement | Preventive | |
Establish and maintain contact information for user accounts, as necessary. CC ID 15418 | Technical security | Preventive | |
Enforce access restrictions for restricted data. CC ID 01921 | Technical security | Preventive | |
Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285 | Technical security | Preventive | |
Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 [Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. 3.13.5] | Technical security | Preventive | |
Protect data stored at external locations. CC ID 16333 | Technical security | Preventive | |
Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295 | Technical security | Preventive | |
Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271 | Technical security | Preventive | |
Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923 | Technical security | Preventive | |
Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242 | Technical security | Preventive | |
Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243 | Technical security | Preventive | |
Perform content sanitization on data-in-transit. CC ID 16512 | Technical security | Preventive | |
Perform content conversion on data-in-transit. CC ID 16510 | Technical security | Preventive | |
Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499 | Technical security | Preventive | |
Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554 | Technical security | Preventive | |
Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859 | Technical security | Preventive | |
Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234 | Technical security | Preventive | |
Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301 | Technical security | Preventive | |
Generate strong cryptographic keys. CC ID 01299 | Technical security | Preventive | |
Use approved random number generators for creating cryptographic keys. CC ID 06574 | Technical security | Preventive | |
Disseminate and communicate cryptographic keys securely. CC ID 01300 | Technical security | Preventive | |
Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541 | Technical security | Preventive | |
Store cryptographic keys securely. CC ID 01298 | Technical security | Preventive | |
Restrict access to cryptographic keys. CC ID 01297 | Technical security | Preventive | |
Store cryptographic keys in encrypted format. CC ID 06084 | Technical security | Preventive | |
Change cryptographic keys in accordance with organizational standards. CC ID 01302 | Technical security | Preventive | |
Destroy cryptographic keys promptly after the retention period. CC ID 01303 | Technical security | Preventive | |
Control cryptographic keys with split knowledge and dual control. CC ID 01304 | Technical security | Preventive | |
Prevent the unauthorized substitution of cryptographic keys. CC ID 01305 | Technical security | Preventive | |
Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307 | Technical security | Corrective | |
Replace known or suspected compromised cryptographic keys immediately. CC ID 01306 | Technical security | Corrective | |
Archive outdated cryptographic keys. CC ID 06884 | Technical security | Preventive | |
Archive revoked cryptographic keys. CC ID 11819 | Technical security | Preventive | |
Manage the digital signature cryptographic key pair. CC ID 06576 | Technical security | Preventive | |
Track restricted storage media while it is in transit. CC ID 00967 | Physical and environmental protection | Detective | |
Establish, implement, and maintain removable storage media controls. CC ID 06680 [Limit use of organizational portable storage devices on external information systems. 3.1.21 Control the use of removable media on information system components. 3.8.7] | Physical and environmental protection | Preventive | |
Control access to restricted storage media. CC ID 04889 [Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. 3.8.5] | Physical and environmental protection | Preventive | |
Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242 | Physical and environmental protection | Preventive | |
Encrypt information stored on mobile devices. CC ID 01422 [Encrypt CUI on mobile devices. 3.1.19] | Physical and environmental protection | Preventive | |
Deny access to restricted data or restricted information when a personnel status change occurs or an individual is terminated. CC ID 01309 | Human Resources management | Corrective | |
Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289 | Operational management | Preventive | |
Record a unique name for each asset in the asset inventory. CC ID 16305 | Operational management | Preventive | |
Record the status of information systems in the asset inventory. CC ID 16304 | Operational management | Preventive | |
Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301 | Operational management | Preventive | |
Record software license information for each asset in the asset inventory. CC ID 11736 | Operational management | Preventive | |
Record the operating system version for applicable assets in the asset inventory. CC ID 11748 | Operational management | Preventive | |
Record rooms at external locations in the asset inventory. CC ID 16302 | Operational management | Preventive | |
Record trusted keys and certificates in the asset inventory. CC ID 15486 | Operational management | Preventive | |
Record cipher suites and protocols in the asset inventory. CC ID 15489 | Operational management | Preventive | |
Share incident information with interested personnel and affected parties. CC ID 01212 | Operational management | Corrective | |
Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036 | Operational management | Preventive | |
Report data loss event information to breach notification organizations. CC ID 01210 | Operational management | Corrective | |
Include a description of the restored data that was restored manually in the restoration log. CC ID 15463 | Operational management | Preventive | |
Include a description of the restored data in the restoration log. CC ID 15462 | Operational management | Preventive | |
Approve tested change requests. CC ID 11783 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Preventive | |
Allow interested personnel and affected parties to opt out of specific version releases and software updates. CC ID 06809 | Operational management | Preventive | |
Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 [Prohibit the use of portable storage devices when such devices have no identifiable owner. 3.8.8] | System hardening through configuration management | Preventive | |
Sanitize electronic storage media in accordance with organizational standards. CC ID 16464 [Ensure equipment removed for off-site maintenance is sanitized of any CUI. 3.7.3] | Records management | Preventive | |
Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [Sanitize or destroy information system media containing CUI before disposal or release for reuse. 3.8.3] | Records management | Preventive | |
Label restricted storage media appropriately. CC ID 00966 | Records management | Preventive | |
Mark all forms of electronic messages that contain restricted data or restricted information with the appropriate classification. CC ID 01896 | Records management | Preventive | |
Protect confidential information during the system development life cycle program. CC ID 13479 | Systems design, build, and implementation | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Assign Information System access authorizations if implementing segregation of duties. CC ID 06323 | Technical security | Preventive | |
Include assigned roles and responsibilities in the network access control standard. CC ID 06410 | Technical security | Preventive | |
Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725 | Technical security | Preventive | |
Define and assign roles and responsibilities for malicious code protection. CC ID 15474 | Technical security | Preventive | |
Employ security guards to provide physical security, as necessary. CC ID 06653 | Physical and environmental protection | Preventive | |
Establish and maintain the staff structure in line with the strategic plan. CC ID 00764 | Human Resources management | Preventive | |
Include the incident response team member's roles and responsibilities in the Incident Response program. CC ID 01652 | Operational management | Preventive | |
Include the incident response point of contact's roles and responsibilities in the Incident Response program. CC ID 01877 | Operational management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Establish, implement, and maintain an event logging policy. CC ID 15217 | Monitoring and measurement | Preventive | |
Provide predefined suspicious activity reports for suspicious activity discovered in the event log. CC ID 06774 | Monitoring and measurement | Corrective | |
Include identity information of suspects in the suspicious activity report. CC ID 16648 | Monitoring and measurement | Preventive | |
Review and update the list of auditable events in the event logging procedures. CC ID 10097 [Review and update audited events. 3.3.3] | Monitoring and measurement | Preventive | |
Establish, implement, and maintain a vulnerability management program. CC ID 15721 | Monitoring and measurement | Preventive | |
Establish, implement, and maintain a vulnerability assessment program. CC ID 11636 | Monitoring and measurement | Preventive | |
Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 | Monitoring and measurement | Preventive | |
Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Monitoring and measurement | Preventive | |
Establish, implement, and maintain a log management program. CC ID 00673 [Limit management of audit functionality to a subset of privileged users. 3.3.9] | Monitoring and measurement | Preventive | |
Establish, implement, and maintain a cross-organizational audit sharing agreement. CC ID 10595 | Monitoring and measurement | Preventive | |
Include risks and opportunities in the corrective action plan. CC ID 15178 | Monitoring and measurement | Preventive | |
Include environmental aspects in the corrective action plan. CC ID 15177 | Monitoring and measurement | Preventive | |
Include the completion date in the corrective action plan. CC ID 13272 | Monitoring and measurement | Preventive | |
Establish, implement, and maintain an audit program. CC ID 00684 | Audits and risk management | Preventive | |
Establish, implement, and maintain a risk management program. CC ID 12051 | Audits and risk management | Preventive | |
Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Audits and risk management | Preventive | |
Establish, implement, and maintain a risk assessment program. CC ID 00687 | Audits and risk management | Preventive | |
Include the probability and potential impact of pandemics in the scope of the risk assessment. CC ID 13241 | Audits and risk management | Preventive | |
Include physical assets in the scope of the risk assessment. CC ID 13075 | Audits and risk management | Preventive | |
Include the results of the risk assessment in the risk assessment report. CC ID 06481 | Audits and risk management | Preventive | |
Update the risk assessment upon discovery of a new threat. CC ID 00708 | Audits and risk management | Detective | |
Update the risk assessment upon changes to the risk profile. CC ID 11627 | Audits and risk management | Detective | |
Document any reasons for modifying or refraining from modifying the organization's risk assessment when the risk assessment has been reviewed. CC ID 13312 | Audits and risk management | Preventive | |
Create a risk assessment report based on the risk assessment results. CC ID 15695 | Audits and risk management | Preventive | |
Establish, implement, and maintain an access control program. CC ID 11702 | Technical security | Preventive | |
Establish, implement, and maintain an access rights management plan. CC ID 00513 | Technical security | Preventive | |
Add all devices requiring access control to the Access Control List. CC ID 06264 | Technical security | Preventive | |
Include the objects and users subject to access control in the security policy. CC ID 11836 | Technical security | Preventive | |
Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 | Technical security | Preventive | |
Accept and sign the system use agreement before data or system access is enabled. CC ID 06501 | Technical security | Preventive | |
Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771 | Technical security | Preventive | |
Establish, implement, and maintain access control procedures. CC ID 11663 | Technical security | Preventive | |
Document approving and granting access in the access control log. CC ID 06786 [{remote access} Authorize wireless access prior to allowing such connections. 3.1.16] | Technical security | Preventive | |
Establish, implement, and maintain a Boundary Defense program. CC ID 00544 [Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. 3.13.1] | Technical security | Preventive | |
Establish, implement, and maintain a network access control standard. CC ID 00546 | Technical security | Preventive | |
Include configuration management and rulesets in the network access control standard. CC ID 11845 | Technical security | Preventive | |
Secure the network access control standard against unauthorized changes. CC ID 11920 | Technical security | Preventive | |
Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948 | Technical security | Preventive | |
Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960 | Technical security | Preventive | |
Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961 | Technical security | Preventive | |
Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435 | Technical security | Preventive | |
Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434 | Technical security | Preventive | |
Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426 | Technical security | Preventive | |
Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 | Technical security | Preventive | |
Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547 | Technical security | Preventive | |
Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539 | Technical security | Preventive | |
Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280 | Technical security | Preventive | |
Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033 | Technical security | Preventive | |
Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 | Technical security | Preventive | |
Record the configuration rules for network access and control points in the configuration management system. CC ID 12105 | Technical security | Preventive | |
Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107 | Technical security | Preventive | |
Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106 | Technical security | Preventive | |
Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [Control the flow of CUI in accordance with approved authorizations. 3.1.3] | Technical security | Preventive | |
Establish, implement, and maintain a document printing policy. CC ID 14384 | Technical security | Preventive | |
Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396 | Technical security | Preventive | |
Establish, implement, and maintain information flow procedures. CC ID 04542 [Control information posted or processed on publicly accessible information systems. 3.1.22 Verify and control/limit connections to and use of external information systems. 3.1.20] | Technical security | Preventive | |
Establish, implement, and maintain information exchange procedures. CC ID 11782 | Technical security | Preventive | |
Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097 | Technical security | Preventive | |
Revoke membership in the whitelist, as necessary. CC ID 13827 | Technical security | Corrective | |
Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 [Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny- all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. 3.4.8] | Technical security | Preventive | |
Establish, implement, and maintain a remote access and teleworking program. CC ID 04545 | Technical security | Preventive | |
Include information security requirements in the remote access and teleworking program. CC ID 15704 | Technical security | Preventive | |
Document and approve requests to bypass multifactor authentication. CC ID 15464 | Technical security | Preventive | |
Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [Establish and manage cryptographic keys for cryptography employed in the information system. 3.13.10] | Technical security | Preventive | |
Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152 | Technical security | Preventive | |
Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151 | Technical security | Preventive | |
Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540 | Technical security | Preventive | |
Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127 | Technical security | Preventive | |
Require key custodians to sign the cryptographic key management policy. CC ID 01308 | Technical security | Preventive | |
Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587 | Technical security | Preventive | |
Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079 | Technical security | Preventive | |
Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080 | Technical security | Preventive | |
Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081 | Technical security | Preventive | |
Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082 | Technical security | Preventive | |
Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089 | Technical security | Preventive | |
Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083 | Technical security | Preventive | |
Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816 | Technical security | Preventive | |
Establish, implement, and maintain Public Key certificate procedures. CC ID 07085 | Technical security | Preventive | |
Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817 | Technical security | Preventive | |
Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087 | Technical security | Preventive | |
Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086 | Technical security | Preventive | |
Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566 | Technical security | Preventive | |
Establish, implement, and maintain a malicious code protection program. CC ID 00574 [Provide protection from malicious code at appropriate locations within organizational information systems. 3.14.2] | Technical security | Preventive | |
Establish, implement, and maintain malicious code protection procedures. CC ID 15483 | Technical security | Preventive | |
Establish, implement, and maintain a malicious code protection policy. CC ID 15478 | Technical security | Preventive | |
Establish, implement, and maintain a malicious code outbreak recovery plan. CC ID 01310 | Technical security | Corrective | |
Establish, implement, and maintain a virtual environment and shared resources security program. CC ID 06551 | Technical security | Preventive | |
Establish, implement, and maintain a shared resources management program. CC ID 07096 [Prevent unauthorized and unintended information transfer via shared system resources. 3.13.4] | Technical security | Preventive | |
Establish, implement, and maintain a physical security program. CC ID 11757 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a facility physical security program. CC ID 00711 [Protect and monitor the physical facility and support infrastructure for those information systems. 3.10.2] | Physical and environmental protection | Preventive | |
Establish, implement, and maintain opening procedures for businesses. CC ID 16671 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain closing procedures for businesses. CC ID 16670 | Physical and environmental protection | Preventive | |
Establish and maintain a contract for accessing facilities that transmit, process, or store restricted data. CC ID 12050 | Physical and environmental protection | Preventive | |
Define communication methods for reporting crimes. CC ID 06349 | Physical and environmental protection | Preventive | |
Include identification cards or badges in the physical security program. CC ID 14818 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain security procedures for virtual meetings. CC ID 15581 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain floor plans. CC ID 16419 | Physical and environmental protection | Preventive | |
Include network infrastructure and cabling infrastructure on the floor plan. CC ID 16420 | Physical and environmental protection | Preventive | |
Post and maintain security signage for all facilities. CC ID 02201 | Physical and environmental protection | Preventive | |
Identify and document physical access controls for all physical entry points. CC ID 01637 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain physical access procedures. CC ID 13629 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a visitor access permission policy. CC ID 06699 | Physical and environmental protection | Preventive | |
Escort visitors within the facility, as necessary. CC ID 06417 [Escort visitors and monitor visitor activity. 3.10.3] | Physical and environmental protection | Preventive | |
Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 | Physical and environmental protection | Preventive | |
Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 | Physical and environmental protection | Preventive | |
Authorize physical access to sensitive areas based on job functions. CC ID 12462 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain physical identification procedures. CC ID 00713 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 | Physical and environmental protection | Preventive | |
Document all lost badges in a lost badge list. CC ID 12448 | Physical and environmental protection | Corrective | |
Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 | Physical and environmental protection | Preventive | |
Include error handling controls in identification issuance procedures. CC ID 13709 | Physical and environmental protection | Preventive | |
Include information security in the identification issuance procedures. CC ID 15425 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 | Physical and environmental protection | Preventive | |
Include an identity registration process in the identification issuance procedures. CC ID 11671 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a door security standard. CC ID 06686 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a lock and access mechanism inventory (keys, lock combinations, or key cards) for all physical access control systems. CC ID 00748 [Control and manage physical access devices. 3.10.5] | Physical and environmental protection | Preventive | |
Record the assigned access mechanism serial number or cipher lock code when issuing controlled items. CC ID 06715 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a window security standard. CC ID 06689 | Physical and environmental protection | Preventive | |
Post signs at all physical entry points stating the organization's right to inspect upon entry. CC ID 02204 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain after hours facility access procedures. CC ID 06340 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a guideline for working in a secure area. CC ID 04538 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain emergency re-entry procedures. CC ID 11672 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain emergency exit procedures. CC ID 01252 | Physical and environmental protection | Preventive | |
Establish, Implement, and maintain a camera operating policy. CC ID 15456 | Physical and environmental protection | Preventive | |
Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700 | Physical and environmental protection | Preventive | |
Record the date and time of entry in the visitor log. CC ID 13255 | Physical and environmental protection | Preventive | |
Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a physical access log. CC ID 12080 [Maintain audit logs of physical access. 3.10.4] | Physical and environmental protection | Preventive | |
Establish, implement, and maintain physical security threat reports. CC ID 02207 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a facility wall standard. CC ID 06692 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain storage media access control procedures. CC ID 00959 [Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital. 3.8.1 Limit access to CUI on information system media to authorized users. 3.8.2] | Physical and environmental protection | Preventive | |
Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [Control connection of mobile devices. 3.1.18] | Physical and environmental protection | Preventive | |
Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292 | Physical and environmental protection | Preventive | |
Include legal requirements in the mobile device security guidelines. CC ID 12291 | Physical and environmental protection | Preventive | |
Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290 | Physical and environmental protection | Preventive | |
Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289 | Physical and environmental protection | Preventive | |
Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain a personnel management program. CC ID 14018 | Human Resources management | Preventive | |
Establish, implement, and maintain a personnel security program. CC ID 10628 | Human Resources management | Preventive | |
Establish, implement, and maintain security clearance procedures. CC ID 00783 | Human Resources management | Preventive | |
Establish, implement, and maintain personnel status change and termination procedures. CC ID 06549 [Ensure that CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers. 3.9.2] | Human Resources management | Preventive | |
Require terminated individuals to sign an acknowledgment of post-employment requirements. CC ID 10631 | Human Resources management | Preventive | |
Establish, implement, and maintain training plans. CC ID 00828 | Human Resources management | Preventive | |
Establish, implement, and maintain a security awareness program. CC ID 11746 | Human Resources management | Preventive | |
Require personnel to acknowledge, through writing their signature, that they have read and understand the organization's security policies. CC ID 01363 | Human Resources management | Preventive | |
Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Operational management | Preventive | |
Establish, implement, and maintain an information security program. CC ID 00812 | Operational management | Preventive | |
Establish, implement, and maintain operational control procedures. CC ID 00831 | Operational management | Preventive | |
Establish, implement, and maintain Voice over Internet Protocol operating procedures. CC ID 04583 [Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. 3.13.14] | Operational management | Preventive | |
Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 | Operational management | Preventive | |
Include a software installation policy in the Acceptable Use Policy. CC ID 06749 [Control and monitor user-installed software. 3.4.9] | Operational management | Preventive | |
Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689 | Operational management | Preventive | |
Include all account types in the Information Technology inventory. CC ID 13311 | Operational management | Preventive | |
Include each Information System's major applications in the Information Technology inventory. CC ID 01407 | Operational management | Preventive | |
Categorize all major applications according to the business information they process. CC ID 07182 | Operational management | Preventive | |
Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164 | Operational management | Preventive | |
Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408 | Operational management | Preventive | |
Include each Information System's minor applications in the Information Technology inventory. CC ID 01409 | Operational management | Preventive | |
Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729 | Operational management | Preventive | |
Establish, implement, and maintain a hardware asset inventory. CC ID 00691 | Operational management | Preventive | |
Include network equipment in the Information Technology inventory. CC ID 00693 | Operational management | Preventive | |
Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719 | Operational management | Preventive | |
Include software in the Information Technology inventory. CC ID 00692 | Operational management | Preventive | |
Establish and maintain a list of authorized software and versions required for each system. CC ID 12093 | Operational management | Preventive | |
Establish, implement, and maintain a storage media inventory. CC ID 00694 | Operational management | Preventive | |
Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962 | Operational management | Detective | |
Establish, implement, and maintain a records inventory and database inventory. CC ID 01260 | Operational management | Preventive | |
Add inventoried assets to the asset register database, as necessary. CC ID 07051 | Operational management | Preventive | |
Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181 | Operational management | Preventive | |
Record the decommission date for applicable assets in the asset inventory. CC ID 14920 | Operational management | Preventive | |
Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918 | Operational management | Preventive | |
Record the review date for applicable assets in the asset inventory. CC ID 14919 | Operational management | Preventive | |
Record services for applicable assets in the asset inventory. CC ID 13733 | Operational management | Preventive | |
Record protocols for applicable assets in the asset inventory. CC ID 13734 | Operational management | Preventive | |
Record the software version in the asset inventory. CC ID 12196 | Operational management | Preventive | |
Record the publisher for applicable assets in the asset inventory. CC ID 13725 | Operational management | Preventive | |
Record the authentication system in the asset inventory. CC ID 13724 | Operational management | Preventive | |
Tag unsupported assets in the asset inventory. CC ID 13723 | Operational management | Preventive | |
Record the install date for applicable assets in the asset inventory. CC ID 13720 | Operational management | Preventive | |
Record the make, model of device for applicable assets in the asset inventory. CC ID 12465 | Operational management | Preventive | |
Record the asset tag for physical assets in the asset inventory. CC ID 06632 | Operational management | Preventive | |
Record the host name of applicable assets in the asset inventory. CC ID 13722 | Operational management | Preventive | |
Record network ports for applicable assets in the asset inventory. CC ID 13730 | Operational management | Preventive | |
Record the MAC address for applicable assets in the asset inventory. CC ID 13721 | Operational management | Preventive | |
Record the operating system type for applicable assets in the asset inventory. CC ID 06633 | Operational management | Preventive | |
Record the department associated with the asset in the asset inventory. CC ID 12084 | Operational management | Preventive | |
Record the physical location for applicable assets in the asset inventory. CC ID 06634 | Operational management | Preventive | |
Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635 | Operational management | Preventive | |
Record the firmware version for applicable assets in the asset inventory. CC ID 12195 | Operational management | Preventive | |
Record the related business function for applicable assets in the asset inventory. CC ID 06636 | Operational management | Preventive | |
Record the deployment environment for applicable assets in the asset inventory. CC ID 06637 | Operational management | Preventive | |
Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638 | Operational management | Preventive | |
Link the software asset inventory to the hardware asset inventory. CC ID 12085 | Operational management | Preventive | |
Record the owner for applicable assets in the asset inventory. CC ID 06640 | Operational management | Preventive | |
Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696 | Operational management | Preventive | |
Record all changes to assets in the asset inventory. CC ID 12190 | Operational management | Preventive | |
Record cloud service derived data in the asset inventory. CC ID 13007 | Operational management | Preventive | |
Include cloud service customer data in the asset inventory. CC ID 13006 | Operational management | Preventive | |
Establish, implement, and maintain a system preventive maintenance program. CC ID 00885 | Operational management | Preventive | |
Establish, implement, and maintain a customer service program. CC ID 00846 | Operational management | Preventive | |
Establish, implement, and maintain an incident management policy. CC ID 16414 | Operational management | Preventive | |
Define the uses and capabilities of the Incident Management program. CC ID 00854 | Operational management | Preventive | |
Include incident escalation procedures in the Incident Management program. CC ID 00856 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Preventive | |
Define the characteristics of the Incident Management program. CC ID 00855 | Operational management | Preventive | |
Include the criteria for a data loss event in the Incident Management program. CC ID 12179 | Operational management | Preventive | |
Include the criteria for an incident in the Incident Management program. CC ID 12173 | Operational management | Preventive | |
Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504 | Operational management | Preventive | |
Include detection procedures in the Incident Management program. CC ID 00588 | Operational management | Preventive | |
Define and document impact thresholds to be used in categorizing incidents. CC ID 10033 | Operational management | Preventive | |
Document the incident and any relevant evidence in the incident report. CC ID 08659 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Operational management | Detective | |
Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095 | Operational management | Preventive | |
Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674 | Operational management | Detective | |
Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678 | Operational management | Detective | |
Share data loss event information with interconnected system owners. CC ID 01209 | Operational management | Corrective | |
Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547 | Operational management | Preventive | |
Include data loss event notifications in the Incident Response program. CC ID 00364 | Operational management | Preventive | |
Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954 | Operational management | Preventive | |
Include required information in the written request to delay the notification to affected parties. CC ID 16785 | Operational management | Preventive | |
Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985 | Operational management | Preventive | |
Establish, implement, and maintain incident response notifications. CC ID 12975 | Operational management | Corrective | |
Include information required by law in incident response notifications. CC ID 00802 | Operational management | Detective | |
Title breach notifications "Notice of Data Breach". CC ID 12977 | Operational management | Preventive | |
Display titles of incident response notifications clearly and conspicuously. CC ID 12986 | Operational management | Preventive | |
Display headings in incident response notifications clearly and conspicuously. CC ID 12987 | Operational management | Preventive | |
Design the incident response notification to call attention to its nature and significance. CC ID 12984 | Operational management | Preventive | |
Use plain language to write incident response notifications. CC ID 12976 | Operational management | Preventive | |
Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983 | Operational management | Preventive | |
Include the affected parties rights in the incident response notification. CC ID 16811 | Operational management | Preventive | |
Include details of the investigation in incident response notifications. CC ID 12296 | Operational management | Preventive | |
Include the issuer's name in incident response notifications. CC ID 12062 | Operational management | Preventive | |
Include a "What Happened" heading in breach notifications. CC ID 12978 | Operational management | Preventive | |
Include a general description of the data loss event in incident response notifications. CC ID 04734 | Operational management | Preventive | |
Include time information in incident response notifications. CC ID 04745 | Operational management | Preventive | |
Include the identification of the data source in incident response notifications. CC ID 12305 | Operational management | Preventive | |
Include a "What Information Was Involved" heading in the breach notification. CC ID 12979 | Operational management | Preventive | |
Include the type of information that was lost in incident response notifications. CC ID 04735 | Operational management | Preventive | |
Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776 | Operational management | Preventive | |
Include a "What We Are Doing" heading in the breach notification. CC ID 12982 | Operational management | Preventive | |
Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736 | Operational management | Preventive | |
Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737 | Operational management | Preventive | |
Include a "For More Information" heading in breach notifications. CC ID 12981 | Operational management | Preventive | |
Include details of the companies and persons involved in incident response notifications. CC ID 12295 | Operational management | Preventive | |
Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744 | Operational management | Preventive | |
Include the reporting individual's contact information in incident response notifications. CC ID 12297 | Operational management | Preventive | |
Include any consequences in the incident response notifications. CC ID 12604 | Operational management | Preventive | |
Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746 | Operational management | Preventive | |
Include a "What You Can Do" heading in the breach notification. CC ID 12980 | Operational management | Preventive | |
Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738 | Operational management | Detective | |
Include contact information in incident response notifications. CC ID 04739 | Operational management | Preventive | |
Include contact information in the substitute incident response notification. CC ID 16776 | Operational management | Preventive | |
Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748 | Operational management | Preventive | |
Establish, implement, and maintain a containment strategy. CC ID 13480 | Operational management | Preventive | |
Include the containment approach in the containment strategy. CC ID 13486 | Operational management | Preventive | |
Include response times in the containment strategy. CC ID 13485 | Operational management | Preventive | |
Include incident recovery procedures in the Incident Management program. CC ID 01758 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Corrective | |
Establish, implement, and maintain a restoration log. CC ID 12745 | Operational management | Preventive | |
Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592 | Operational management | Preventive | |
Analyze security violations in Suspicious Activity Reports. CC ID 00591 | Operational management | Preventive | |
Update the incident response procedures using the lessons learned. CC ID 01233 | Operational management | Preventive | |
Include incident monitoring procedures in the Incident Management program. CC ID 01207 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Preventive | |
Include incident response procedures in the Incident Management program. CC ID 01218 | Operational management | Preventive | |
Include incident management procedures in the Incident Management program. CC ID 12689 | Operational management | Preventive | |
Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858 | Operational management | Corrective | |
Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334 | Operational management | Preventive | |
Include after-action analysis procedures in the Incident Management program. CC ID 01219 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Preventive | |
Establish, implement, and maintain security and breach investigation procedures. CC ID 16844 | Operational management | Preventive | |
Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830 | Operational management | Preventive | |
Log incidents in the Incident Management audit log. CC ID 00857 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Operational management | Preventive | |
Include corrective actions in the incident management audit log. CC ID 16466 | Operational management | Preventive | |
Include emergency processing priorities in the Incident Management program. CC ID 00859 | Operational management | Preventive | |
Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387 | Operational management | Preventive | |
Include incident record closure procedures in the Incident Management program. CC ID 01620 | Operational management | Preventive | |
Include incident reporting procedures in the Incident Management program. CC ID 11772 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Operational management | Preventive | |
Establish, implement, and maintain an Incident Response program. CC ID 00579 | Operational management | Preventive | |
Include incident response team structures in the Incident Response program. CC ID 01237 | Operational management | Preventive | |
Establish, implement, and maintain incident response procedures. CC ID 01206 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Detective | |
Include references to industry best practices in the incident response procedures. CC ID 11956 | Operational management | Preventive | |
Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949 | Operational management | Preventive | |
Include business recovery procedures in the Incident Response program. CC ID 11774 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Preventive | |
Establish, implement, and maintain a change control program. CC ID 00886 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Preventive | |
Include potential consequences of unintended changes in the change control program. CC ID 12243 | Operational management | Preventive | |
Include version control in the change control program. CC ID 13119 | Operational management | Preventive | |
Include service design and transition in the change control program. CC ID 13920 | Operational management | Preventive | |
Establish, implement, and maintain a back-out plan. CC ID 13623 | Operational management | Preventive | |
Establish, implement, and maintain back-out procedures for each proposed change in a change request. CC ID 00373 | Operational management | Preventive | |
Approve back-out plans, as necessary. CC ID 13627 | Operational management | Corrective | |
Include documentation of the impact level of proposed changes in the change request. CC ID 11942 | Operational management | Preventive | |
Establish and maintain a change request approver list. CC ID 06795 | Operational management | Preventive | |
Document all change requests in change request forms. CC ID 06794 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Preventive | |
Establish, implement, and maintain emergency change procedures. CC ID 00890 | Operational management | Preventive | |
Log emergency changes after they have been performed. CC ID 12733 | Operational management | Preventive | |
Provide audit trails for all approved changes. CC ID 13120 | Operational management | Preventive | |
Document the sources of all software updates. CC ID 13316 | Operational management | Preventive | |
Establish, implement, and maintain a patch management policy. CC ID 16432 | Operational management | Preventive | |
Establish, implement, and maintain patch management procedures. CC ID 15224 | Operational management | Preventive | |
Establish, implement, and maintain a patch log. CC ID 01642 | Operational management | Preventive | |
Establish, implement, and maintain a software release policy. CC ID 00893 | Operational management | Preventive | |
Establish, implement, and maintain approved change acceptance testing procedures. CC ID 06391 | Operational management | Detective | |
Establish, implement, and maintain a change acceptance testing log. CC ID 06392 | Operational management | Corrective | |
Update associated documentation after the system configuration has been changed. CC ID 00891 | Operational management | Preventive | |
Document approved configuration deviations. CC ID 08711 | Operational management | Corrective | |
Establish, implement, and maintain a Configuration Management program. CC ID 00867 | System hardening through configuration management | Preventive | |
Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [Establish and enforce security configuration settings for information technology products employed in organizational information systems. 3.4.2 Employ the principle of least functionality by configuring the information system to provide only essential capabilities. 3.4.6 Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. 3.4.1] | System hardening through configuration management | Preventive | |
Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285 | System hardening through configuration management | Preventive | |
Include the differences between test environments and production environments in the baseline configuration. CC ID 13284 | System hardening through configuration management | Preventive | |
Include the applied security patches in the baseline configuration. CC ID 13271 | System hardening through configuration management | Preventive | |
Include the installed application software and version numbers in the baseline configuration. CC ID 13270 | System hardening through configuration management | Preventive | |
Include installed custom software in the baseline configuration. CC ID 13274 | System hardening through configuration management | Preventive | |
Include network ports in the baseline configuration. CC ID 13273 | System hardening through configuration management | Preventive | |
Include the operating systems and version numbers in the baseline configuration. CC ID 13269 | System hardening through configuration management | Preventive | |
Establish, implement, and maintain system hardening procedures. CC ID 12001 | System hardening through configuration management | Preventive | |
Establish, implement, and maintain an authenticator standard. CC ID 01702 | System hardening through configuration management | Preventive | |
Establish, implement, and maintain an authenticator management system. CC ID 12031 | System hardening through configuration management | Preventive | |
Establish, implement, and maintain authenticator procedures. CC ID 12002 | System hardening through configuration management | Preventive | |
Configure the "kernel arguments" setting for "auditing early in the boot process" to organizational standards. CC ID 08749 | System hardening through configuration management | Preventive | |
Configure the "record date and time modification events" setting for "auditing" to organizational standards. CC ID 08750 | System hardening through configuration management | Preventive | |
Configure the "record user/group information modification events" setting for "auditing" to organizational standards. CC ID 08751 | System hardening through configuration management | Preventive | |
Configure the "record changes to the system network environment" setting for "auditing" to organizational standards. CC ID 08752 | System hardening through configuration management | Preventive | |
Configure the "record changes to the system's mandatory access controls" setting for "auditing" to organizational standards. CC ID 08753 | System hardening through configuration management | Preventive | |
Configure the "record logon and logout events" setting for "auditing" to organizational standards. CC ID 08754 | System hardening through configuration management | Preventive | |
Configure the "record process and session initiation events" setting for "auditing" to organizational standards. CC ID 08755 | System hardening through configuration management | Preventive | |
Configure the "record changes to discretionary access control permissions" setting for "auditing" to organizational standards. CC ID 08756 | System hardening through configuration management | Preventive | |
Configure the "record unauthorized attempts to access files" setting for "auditing" to organizational standards. CC ID 08757 | System hardening through configuration management | Preventive | |
Configure the "record use of privileged commands" setting for "auditing" to organizational standards. CC ID 08758 | System hardening through configuration management | Preventive | |
Configure the "record data export to media events" setting for "auditing" to organizational standards. CC ID 08759 | System hardening through configuration management | Preventive | |
Configure the "record file and program deletion events" setting for "auditing" to organizational standards. CC ID 08760 | System hardening through configuration management | Preventive | |
Configure the "record administrator and security personnel action events" setting for "auditing" to organizational standards. CC ID 08761 | System hardening through configuration management | Preventive | |
Configure the "record kernel module loading and unloading events" setting for "auditing" to organizational standards. CC ID 08762 | System hardening through configuration management | Preventive | |
Configure the "Ensure auditd configuration is immutable" setting for "auditing" to organizational standards. CC ID 08763 | System hardening through configuration management | Preventive | |
Establish, implement, and maintain records management policies. CC ID 00903 | Records management | Preventive | |
Define each system's preservation requirements for records and logs. CC ID 00904 | Records management | Detective | |
Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657 | Records management | Preventive | |
Establish, implement, and maintain records management procedures. CC ID 11619 | Records management | Preventive | |
Establish, implement, and maintain document security requirements for the output of records. CC ID 11656 | Records management | Preventive | |
Establish, implement, and maintain document handling procedures for paper documents. CC ID 00926 [Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital. 3.8.1] | Records management | Preventive | |
Establish, implement, and maintain electronic storage media management procedures. CC ID 00931 | Records management | Preventive | |
Establish, implement, and maintain security label procedures. CC ID 06747 [Mark media with necessary CUI markings and distribution limitations. 3.8.4] | Records management | Preventive | |
Establish, implement, and maintain restricted material identification procedures. CC ID 01889 | Records management | Preventive | |
Conspicuously locate the restricted record's overall classification. CC ID 01890 | Records management | Preventive | |
Mark a restricted record's displayed pages or printed pages with the appropriate classification. CC ID 01891 | Records management | Preventive | |
Mark a restricted record's components (appendices, annexes) with the appropriate classification. CC ID 01892 | Records management | Preventive | |
Mark a restricted record's portions (paragraphs, sections) with the appropriate classification. CC ID 01893 | Records management | Preventive | |
Mark a restricted record's subject line or title with the appropriate classification. CC ID 01894 | Records management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 | Monitoring and measurement | Detective | |
Define roles for information systems. CC ID 12454 | Technical security | Preventive | |
Define access needs for each role assigned to an information system. CC ID 12455 | Technical security | Preventive | |
Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820 | Technical security | Preventive | |
Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 | Physical and environmental protection | Preventive | |
Direct each employee to be responsible for their identification card or badge. CC ID 12332 | Physical and environmental protection | Preventive | |
Assign employees the responsibility for controlling their identification badges. CC ID 12333 | Physical and environmental protection | Preventive | |
Perform security clearance procedures, as necessary. CC ID 06644 [Screen individuals prior to authorizing access to information systems containing CUI. 3.9.1] | Human Resources management | Preventive | |
Establish and maintain security clearances. CC ID 01634 | Human Resources management | Preventive | |
Assign an owner of the personnel status change and termination procedures. CC ID 11805 | Human Resources management | Preventive | |
Notify the security manager, in writing, prior to an employee's job change. CC ID 12283 | Human Resources management | Preventive | |
Enforce the information security responsibilities and duties that remain valid after termination or change of employment. CC ID 11992 | Human Resources management | Preventive | |
Update contact information of any individual undergoing a personnel status change, as necessary. CC ID 12692 | Human Resources management | Corrective | |
Conduct exit interviews upon termination of employment. CC ID 14290 | Human Resources management | Preventive | |
Verify completion of each activity in the employee termination checklist when an individual is terminated. CC ID 12449 | Human Resources management | Detective | |
Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344 | Operational management | Preventive | |
Control granting access to appropriate parties performing maintenance on organizational assets. CC ID 11873 | Operational management | Preventive | |
Define and assign the roles and responsibilities for Incident Management program. CC ID 13055 | Operational management | Preventive | |
Implement security controls for personnel that have accessed information absent authorization. CC ID 10611 | Operational management | Corrective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Monitoring and measurement CC ID 00636 | Monitoring and measurement | IT Impact Zone | |
Audits and risk management CC ID 00677 | Audits and risk management | IT Impact Zone | |
Technical security CC ID 00508 | Technical security | IT Impact Zone | |
Physical and environmental protection CC ID 00709 | Physical and environmental protection | IT Impact Zone | |
Operational and Systems Continuity CC ID 00731 | Operational and Systems Continuity | IT Impact Zone | |
Human Resources management CC ID 00763 | Human Resources management | IT Impact Zone | |
Operational management CC ID 00805 | Operational management | IT Impact Zone | |
System hardening through configuration management CC ID 00860 | System hardening through configuration management | IT Impact Zone | |
Records management CC ID 00902 | Records management | IT Impact Zone | |
Systems design, build, and implementation CC ID 00989 | Systems design, build, and implementation | IT Impact Zone |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Follow up exceptions and anomalies identified when reviewing logs. CC ID 11925 | Monitoring and measurement | Corrective | |
Rank discovered vulnerabilities. CC ID 11940 | Monitoring and measurement | Detective | |
Scan for malicious code, as necessary. CC ID 11941 [Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. 3.14.5] | Technical security | Detective | |
Detect anomalies in physical barriers. CC ID 13533 | Physical and environmental protection | Detective | |
Report anomalies in the visitor log to appropriate personnel. CC ID 14755 | Physical and environmental protection | Detective | |
Identify root causes of incidents that force system changes. CC ID 13482 | Operational management | Detective | |
Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677 | Operational management | Detective | |
Analyze the incident response process following an incident response. CC ID 13179 | Operational management | Detective | |
Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298 | Operational management | Preventive | |
Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042 | Operational management | Detective | |
Identify the affected parties during incident investigations. CC ID 16781 | Operational management | Detective | |
Interview suspects during incident investigations, as necessary. CC ID 14041 | Operational management | Detective | |
Interview victims and witnesses during incident investigations, as necessary. CC ID 14038 | Operational management | Detective | |
Analyze mitigating controls for vulnerabilities in the network when certifying the network. CC ID 13126 | Operational management | Detective | |
Collect data about the network environment when certifying the network. CC ID 13125 | Operational management | Detective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Establish, implement, and maintain logging and monitoring operations. CC ID 00637 | Monitoring and measurement | Detective | |
Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638 [Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. 3.3.1] | Monitoring and measurement | Detective | |
Establish, implement, and maintain event logging procedures. CC ID 01335 | Monitoring and measurement | Detective | |
Include a standard to collect and interpret event logs in the event logging procedures. CC ID 00643 | Monitoring and measurement | Preventive | |
Protect the event logs from failure. CC ID 06290 | Monitoring and measurement | Preventive | |
Review and update event logs and audit logs, as necessary. CC ID 00596 | Monitoring and measurement | Detective | |
Eliminate false positives in event logs and audit logs. CC ID 07047 | Monitoring and measurement | Corrective | |
Correlate log entries to security controls to verify the security control's effectiveness. CC ID 13207 | Monitoring and measurement | Detective | |
Reproduce the event log if a log failure is captured. CC ID 01426 | Monitoring and measurement | Preventive | |
Enable logging for all systems that meet a traceability criteria. CC ID 00640 | Monitoring and measurement | Detective | |
Analyze firewall logs for the correct capturing of data. CC ID 00549 | Monitoring and measurement | Detective | |
Define the frequency to capture and log events. CC ID 06313 | Monitoring and measurement | Preventive | |
Include logging frequencies in the event logging procedures. CC ID 00642 | Monitoring and measurement | Preventive | |
Restrict access to logs to authorized individuals. CC ID 01342 | Monitoring and measurement | Preventive | |
Refrain from recording unnecessary restricted data in logs. CC ID 06318 | Monitoring and measurement | Preventive | |
Back up logs according to backup procedures. CC ID 01344 | Monitoring and measurement | Preventive | |
Copy logs from all predefined hosts onto a log management infrastructure. CC ID 01346 | Monitoring and measurement | Preventive | |
Identify hosts with logs that are not being stored. CC ID 06314 | Monitoring and measurement | Preventive | |
Identify hosts with logs that are being stored at the system level only. CC ID 06315 | Monitoring and measurement | Preventive | |
Identify hosts with logs that should be stored at both the system level and the infrastructure level. CC ID 06316 | Monitoring and measurement | Preventive | |
Identify hosts with logs that are being stored at the infrastructure level only. CC ID 06317 | Monitoring and measurement | Preventive | |
Protect logs from unauthorized activity. CC ID 01345 [Protect audit information and audit tools from unauthorized access, modification, and deletion. 3.3.8] | Monitoring and measurement | Preventive | |
Perform testing and validating activities on all logs. CC ID 06322 | Monitoring and measurement | Preventive | |
Archive the audit trail in accordance with compliance requirements. CC ID 00674 | Monitoring and measurement | Preventive | |
Preserve the identity of individuals in audit trails. CC ID 10594 | Monitoring and measurement | Preventive | |
Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312 | Technical security | Preventive | |
Establish and maintain a visitor log. CC ID 00715 | Physical and environmental protection | Preventive | |
Record the visitor's name in the visitor log. CC ID 00557 | Physical and environmental protection | Preventive | |
Record the visitor's organization in the visitor log. CC ID 12121 | Physical and environmental protection | Preventive | |
Record the visitor's acceptable access areas in the visitor log. CC ID 12237 | Physical and environmental protection | Preventive | |
Retain all records in the visitor log as prescribed by law. CC ID 00572 | Physical and environmental protection | Preventive | |
Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641 | Physical and environmental protection | Preventive | |
Log when the vault is accessed. CC ID 06725 | Physical and environmental protection | Detective | |
Log when the cabinet is accessed. CC ID 11674 | Physical and environmental protection | Detective | |
Store facility access logs in off-site storage. CC ID 06958 | Physical and environmental protection | Preventive | |
Log the transfer of removable storage media. CC ID 12322 | Physical and environmental protection | Preventive | |
Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754 | Operational management | Corrective | |
Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326 | Operational management | Detective | |
Include who the incident was reported to in the incident management audit log. CC ID 16487 | Operational management | Preventive | |
Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 | Operational management | Corrective | |
Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 | Operational management | Preventive | |
Provide the reference database used to verify input data in the logging capability. CC ID 15018 | System hardening through configuration management | Preventive | |
Configure the log to capture audit log initialization, along with auditable event selection. CC ID 00649 | System hardening through configuration management | Detective | |
Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890 | System hardening through configuration management | Detective | |
Configure the log to capture the information referent when personal data is being accessed. CC ID 11968 | System hardening through configuration management | Detective | |
Configure the log to capture each auditable event's origination. CC ID 01338 | System hardening through configuration management | Detective | |
Configure the log to capture the amount of data uploaded and downloaded. CC ID 16494 | System hardening through configuration management | Preventive | |
Configure the log to capture startups and shutdowns. CC ID 16491 | System hardening through configuration management | Preventive | |
Configure the log to capture user queries and searches. CC ID 16479 | System hardening through configuration management | Preventive | |
Configure the log to capture Internet Protocol addresses. CC ID 16495 | System hardening through configuration management | Preventive | |
Configure the log to capture error messages. CC ID 16477 | System hardening through configuration management | Preventive | |
Configure the log to capture system failures. CC ID 16475 | System hardening through configuration management | Preventive | |
Configure the log to capture all malicious code that has been discovered, quarantined, and/or eradicated. CC ID 00577 | System hardening through configuration management | Detective | |
Capture successful operating system access and successful software access. CC ID 00527 | System hardening through configuration management | Detective | |
Configure the log to capture hardware and software access attempts. CC ID 01220 | System hardening through configuration management | Detective | |
Configure the log to capture logons, logouts, logon attempts, and logout attempts. CC ID 01915 | System hardening through configuration management | Detective | |
Configure the log to capture access to restricted data or restricted information. CC ID 00644 | System hardening through configuration management | Detective | |
Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 [Prevent non-privileged users from executing privileged functions and audit the execution of such functions. 3.1.7] | System hardening through configuration management | Detective | |
Configure the log to capture identification and authentication mechanism use. CC ID 00648 | System hardening through configuration management | Detective | |
Configure the log to capture all access to the audit trail. CC ID 00646 | System hardening through configuration management | Detective | |
Configure the log to capture Object access to key directories or key files. CC ID 01697 | System hardening through configuration management | Detective | |
Configure the log to capture both access and access attempts to security-relevant objects and security-relevant directories. CC ID 01916 | System hardening through configuration management | Detective | |
Configure the log to capture system level object creation and deletion. CC ID 00650 | System hardening through configuration management | Detective | |
Configure the log to capture changes to User privileges, audit policies, and trust policies by enabling audit policy changes. CC ID 01698 | System hardening through configuration management | Detective | |
Configure the log to capture user account additions, modifications, and deletions. CC ID 16482 | System hardening through configuration management | Preventive | |
Configure the log to capture user authenticator changes. CC ID 01917 | System hardening through configuration management | Detective | |
Enable or disable NFS server logging, as appropriate. CC ID 05593 | System hardening through configuration management | Detective | |
Log Pluggable Authentication Modules access at an appropriate level. CC ID 05599 | System hardening through configuration management | Detective | |
Enable or disable the logging of "martian" packets (impossible addresses), as appropriate. CC ID 05601 | System hardening through configuration management | Detective | |
Enable or disable dhcpd logging, as appropriate. CC ID 05602 | System hardening through configuration management | Detective | |
Enable or disable attempted stack exploit logging, as appropriate. CC ID 05614 | System hardening through configuration management | Detective | |
Enable or disable the debug logging option, as appropriate. CC ID 05617 | System hardening through configuration management | Detective | |
Enable or disable the logging of vsftpd transactions, as appropriate. CC ID 06032 | System hardening through configuration management | Detective | |
Configure the log to send alerts for each auditable events success or failure. CC ID 01337 | System hardening through configuration management | Preventive | |
Verify auditing is logged to an appropriate directory. CC ID 05603 | System hardening through configuration management | Detective | |
Enable or disable the /var/log/authlog log, as appropriate. CC ID 05606 | System hardening through configuration management | Detective | |
Enable or disable the /var/log/syslog log, as appropriate. CC ID 05607 | System hardening through configuration management | Detective | |
Enable or disable the /var/adm/messages log, as appropriate. CC ID 05608 | System hardening through configuration management | Detective | |
Enable or disable the /var/adm/sulog log, as appropriate. CC ID 05609 | System hardening through configuration management | Detective | |
Enable or disable the /var/adm/utmp(x) log, as appropriate. CC ID 05610 | System hardening through configuration management | Detective | |
Enable or disable the /var/adm/wtmp(x) log, as appropriate. CC ID 05611 | System hardening through configuration management | Detective | |
Enable or disable the /var/adm/sshlog log, as appropriate. CC ID 05612 | System hardening through configuration management | Detective | |
Enable or disable the /var/log/pamlog log, as appropriate. CC ID 05613 | System hardening through configuration management | Detective | |
Perform filesystem logging and filesystem journaling. CC ID 05615 | System hardening through configuration management | Detective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295 | Operational management | Preventive | |
Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291 | Operational management | Preventive | |
Restart systems on a periodic basis. CC ID 16498 | Operational management | Preventive | |
Remove components being serviced from the information system prior to performing maintenance. CC ID 14251 | Operational management | Preventive | |
Separate the production environment from development environment or test environment for the change control process. CC ID 11864 | Operational management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Establish, implement, and maintain intrusion management operations. CC ID 00580 | Monitoring and measurement | Preventive | |
Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Monitor information system security alerts and advisories and take appropriate actions in response. 3.14.3 Monitor the information system including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. 3.14.6] | Monitoring and measurement | Detective | |
Monitor systems for blended attacks and multiple component incidents. CC ID 01225 | Monitoring and measurement | Detective | |
Monitor systems for Denial of Service attacks. CC ID 01222 | Monitoring and measurement | Detective | |
Monitor systems for unauthorized data transfers. CC ID 12971 | Monitoring and measurement | Preventive | |
Monitor systems for access to restricted data or restricted information. CC ID 04721 | Monitoring and measurement | Detective | |
Detect unauthorized access to systems. CC ID 06798 [Identify unauthorized use of the information system. 3.14.7] | Monitoring and measurement | Detective | |
Incorporate potential red flags into the organization's incident management system. CC ID 04652 | Monitoring and measurement | Detective | |
Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430 | Monitoring and measurement | Detective | |
Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 | Monitoring and measurement | Detective | |
Monitor systems for unauthorized mobile code. CC ID 10034 [Control and monitor the use of mobile code. 3.13.13] | Monitoring and measurement | Preventive | |
Establish, implement, and maintain a corrective action plan. CC ID 00675 [Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems. 3.12.2] | Monitoring and measurement | Detective | |
Include monitoring in the corrective action plan. CC ID 11645 | Monitoring and measurement | Detective | |
Enforce information flow control. CC ID 11781 | Technical security | Preventive | |
Create a full text analysis on executed privileged functions. CC ID 06778 | Technical security | Detective | |
Monitor and evaluate all remote access usage. CC ID 00563 [Monitor and control remote access sessions. 3.1.12] | Technical security | Detective | |
Log and react to all malicious code activity. CC ID 07072 | Technical security | Detective | |
Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 [Supervise the maintenance activities of maintenance personnel without required access authorization. 3.7.6] | Physical and environmental protection | Preventive | |
Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 | Physical and environmental protection | Detective | |
Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675 | Physical and environmental protection | Preventive | |
Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328 | Physical and environmental protection | Detective | |
Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609 | Physical and environmental protection | Detective | |
Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677 | Physical and environmental protection | Detective | |
Monitor for alarmed security doors being propped open. CC ID 06684 | Physical and environmental protection | Detective | |
Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052 | Operational management | Corrective | |
Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053 | Operational management | Corrective | |
Determine the incident severity level when assessing the security incidents. CC ID 01650 | Operational management | Corrective | |
Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453 | Operational management | Detective | |
Require personnel to monitor for and report suspicious account activity. CC ID 16462 | Operational management | Detective | |
Respond to and triage when an incident is detected. CC ID 06942 | Operational management | Detective | |
Escalate incidents, as necessary. CC ID 14861 | Operational management | Corrective | |
Check the precursors and indicators when assessing the security incidents. CC ID 01761 | Operational management | Corrective | |
Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265 | Operational management | Detective | |
Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234 | Operational management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Protect the facility from crime. CC ID 06347 | Physical and environmental protection | Preventive | |
Protect facilities from eavesdropping. CC ID 02222 | Physical and environmental protection | Preventive | |
Inspect telephones for eavesdropping devices. CC ID 02223 | Physical and environmental protection | Detective | |
Hold conferences requiring sensitive information discussions in spaces that have commensurate security. CC ID 11440 | Physical and environmental protection | Preventive | |
Provide one-time meeting support for discussions involving Top Secret information. CC ID 11441 | Physical and environmental protection | Preventive | |
Create security zones in facilities, as necessary. CC ID 16295 | Physical and environmental protection | Preventive | |
Establish clear zones around any sensitive facilities. CC ID 02214 | Physical and environmental protection | Preventive | |
Inspect items brought into the facility. CC ID 06341 | Physical and environmental protection | Preventive | |
Maintain all physical security systems. CC ID 02206 | Physical and environmental protection | Preventive | |
Maintain all security alarm systems. CC ID 11669 | Physical and environmental protection | Preventive | |
Control physical access to (and within) the facility. CC ID 01329 | Physical and environmental protection | Preventive | |
Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 | Physical and environmental protection | Preventive | |
Secure physical entry points with physical access controls or security guards. CC ID 01640 | Physical and environmental protection | Detective | |
Configure the access control system to grant access only during authorized working hours. CC ID 12325 | Physical and environmental protection | Preventive | |
Check the visitor's stated identity against a provided government issued identification. CC ID 06701 | Physical and environmental protection | Preventive | |
Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 | Physical and environmental protection | Corrective | |
Issue photo identification badges to all employees. CC ID 12326 | Physical and environmental protection | Preventive | |
Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 | Physical and environmental protection | Preventive | |
Manage visitor identification inside the facility. CC ID 11670 | Physical and environmental protection | Preventive | |
Secure unissued visitor identification badges. CC ID 06712 | Physical and environmental protection | Preventive | |
Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 | Physical and environmental protection | Preventive | |
Restrict access to the badge system to authorized personnel. CC ID 12043 | Physical and environmental protection | Preventive | |
Enforce dual control for badge assignments. CC ID 12328 | Physical and environmental protection | Preventive | |
Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 | Physical and environmental protection | Preventive | |
Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 | Physical and environmental protection | Preventive | |
Prevent tailgating through physical entry points. CC ID 06685 | Physical and environmental protection | Preventive | |
Use locks to protect against unauthorized physical access. CC ID 06342 | Physical and environmental protection | Preventive | |
Install and maintain security lighting at all physical entry points. CC ID 02205 | Physical and environmental protection | Preventive | |
Use vandal resistant light fixtures for all security lighting. CC ID 16130 | Physical and environmental protection | Preventive | |
Manage access to loading docks, unloading docks, and mail rooms. CC ID 02210 | Physical and environmental protection | Preventive | |
Secure the loading dock with physical access controls or security guards. CC ID 06703 | Physical and environmental protection | Preventive | |
Isolate loading areas from information processing facilities, if possible. CC ID 12028 | Physical and environmental protection | Preventive | |
Screen incoming mail and deliveries. CC ID 06719 | Physical and environmental protection | Preventive | |
Protect access to the facility's mechanical systems area. CC ID 02212 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain elevator security guidelines. CC ID 02232 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain stairwell security guidelines. CC ID 02233 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain glass opening security guidelines. CC ID 02234 | Physical and environmental protection | Preventive | |
Establish a security room, if necessary. CC ID 00738 | Physical and environmental protection | Preventive | |
Implement physical security standards for mainframe rooms or data centers. CC ID 00749 | Physical and environmental protection | Preventive | |
Establish and maintain equipment security cages in a shared space environment. CC ID 06711 | Physical and environmental protection | Preventive | |
Secure systems in lockable equipment cabinets, as necessary. CC ID 06716 | Physical and environmental protection | Preventive | |
Lock all lockable equipment cabinets. CC ID 11673 | Physical and environmental protection | Detective | |
Establish, implement, and maintain vault physical security standards. CC ID 02203 | Physical and environmental protection | Preventive | |
Monitor physical entry point alarms. CC ID 01639 | Physical and environmental protection | Detective | |
Build and maintain fencing, as necessary. CC ID 02235 | Physical and environmental protection | Preventive | |
Implement security measures for all interior spaces that allow for any payment transactions. CC ID 06352 | Physical and environmental protection | Preventive | |
Physically segregate business areas in accordance with organizational standards. CC ID 16718 | Physical and environmental protection | Preventive | |
Design interior walls with sound absorbing materials as well as thermal resistant materials. CC ID 06372 | Physical and environmental protection | Preventive | |
Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718 | Physical and environmental protection | Preventive | |
Restrict physical access to distributed assets. CC ID 11865 [Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. 3.10.1] | Physical and environmental protection | Preventive | |
House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 | Physical and environmental protection | Preventive | |
Protect electronic storage media with physical access controls. CC ID 00720 | Physical and environmental protection | Preventive | |
Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 | Physical and environmental protection | Preventive | |
Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717 | Physical and environmental protection | Preventive | |
Protect the combinations for all combination locks. CC ID 02199 | Physical and environmental protection | Preventive | |
Establish and maintain eavesdropping protection for vaults. CC ID 02231 | Physical and environmental protection | Preventive | |
Include the use of privacy filters in the mobile device security guidelines. CC ID 16452 | Physical and environmental protection | Preventive | |
Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430 | Physical and environmental protection | Preventive | |
Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429 | Physical and environmental protection | Preventive | |
Conduct environmental surveys. CC ID 00690 | Operational management | Preventive | |
Control and monitor all maintenance tools. CC ID 01432 [Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance. 3.7.2] | Operational management | Detective | |
Identify and authenticate appropriate parties prior to granting access to maintain assets. CC ID 11874 | Operational management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Review documentation to determine the effectiveness of in scope controls. CC ID 16522 | Audits and risk management | Preventive | |
Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301 | Technical security | Preventive | |
Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270 | Technical security | Detective | |
Update application layer firewalls to the most current version. CC ID 12037 | Technical security | Preventive | |
Assign virtual escorting to authorized personnel. CC ID 16440 | Technical security | Preventive | |
Remove malware when malicious code is discovered. CC ID 13691 | Technical security | Corrective | |
Implement physical identification processes. CC ID 13715 | Physical and environmental protection | Preventive | |
Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 | Physical and environmental protection | Preventive | |
Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 | Physical and environmental protection | Preventive | |
Include identity proofing processes in the identification issuance procedures. CC ID 06597 | Physical and environmental protection | Preventive | |
Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885 | Operational management | Preventive | |
Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197 | Operational management | Corrective | |
Coordinate incident response activities with interested personnel and affected parties. CC ID 13196 | Operational management | Corrective | |
Contain the incident to prevent further loss. CC ID 01751 | Operational management | Corrective | |
Revoke the written request to delay the notification. CC ID 16843 | Operational management | Preventive | |
Post the incident response notification on the organization's website. CC ID 16809 | Operational management | Preventive | |
Document the determination for providing a substitute incident response notification. CC ID 16841 | Operational management | Preventive | |
Conduct incident investigations, as necessary. CC ID 13826 | Operational management | Detective | |
Perform emergency changes, as necessary. CC ID 12707 | Operational management | Preventive | |
Back up emergency changes after the change has been performed. CC ID 12734 | Operational management | Preventive | |
Conduct network certifications prior to approving change requests for networks. CC ID 13121 | Operational management | Detective | |
Establish, implement, and maintain a patch management program. CC ID 00896 [Identify, report, and correct information and information system flaws in a timely manner. 3.14.1] | Operational management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Maintain vulnerability scan reports as organizational records. CC ID 12092 | Monitoring and measurement | Preventive | |
Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090 | Technical security | Preventive | |
Retain video events according to Records Management procedures. CC ID 06304 | Physical and environmental protection | Preventive | |
Control the transiting and internal distribution or external distribution of assets. CC ID 00963 | Physical and environmental protection | Preventive | |
Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961 | Physical and environmental protection | Preventive | |
Treat archive media as evidence. CC ID 00960 | Physical and environmental protection | Preventive | |
Control the storage of restricted storage media. CC ID 00965 | Physical and environmental protection | Preventive | |
Include source code in the asset inventory. CC ID 14858 | Operational management | Preventive | |
Establish, implement, and maintain incident management audit logs. CC ID 13514 | Operational management | Preventive | |
Label printed output for specific record categories as directed by the organization's information classification standard. CC ID 01420 | Records management | Detective | |
Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943 | Records management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Back up audit trails according to backup procedures. CC ID 11642 | Monitoring and measurement | Preventive | |
Prepare the alternate facility for an emergency offsite relocation. CC ID 00744 | Operational and Systems Continuity | Preventive | |
Protect backup systems and restoration systems at the alternate facility. CC ID 04883 [Protect the confidentiality of backup CUI at storage locations. 3.8.9] | Operational and Systems Continuity | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Implement gateways between security domains. CC ID 16493 | Technical security | Preventive | |
Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695 | Operational management | Preventive | |
Validate the system before implementing approved changes. CC ID 01510 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Preventive | |
Establish, implement, and maintain traceability documentation. CC ID 16388 | Operational management | Preventive | |
Establish, implement, and maintain a System Development Life Cycle program. CC ID 11823 | Systems design, build, and implementation | Preventive | |
Include information security throughout the system development life cycle. CC ID 12042 [Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational information systems. 3.13.2] | Systems design, build, and implementation | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Identify cybersecurity events in event logs and audit logs. CC ID 13206 | Monitoring and measurement | Detective | |
Perform vulnerability scans, as necessary. CC ID 11637 [Scan for vulnerabilities in the information system and applications periodically and when new vulnerabilities affecting the system are identified. 3.11.2] | Monitoring and measurement | Detective | |
Identify and document security vulnerabilities. CC ID 11857 | Monitoring and measurement | Detective | |
Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 | Monitoring and measurement | Preventive | |
Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 | Monitoring and measurement | Detective | |
Correlate vulnerability scan reports from the various systems. CC ID 10636 | Monitoring and measurement | Detective | |
Perform vulnerability scans prior to installing payment applications. CC ID 12192 | Monitoring and measurement | Detective | |
Implement scanning tools, as necessary. CC ID 14282 | Monitoring and measurement | Detective | |
Repeat vulnerability scanning after an approved change occurs. CC ID 12468 | Monitoring and measurement | Detective | |
Perform external vulnerability scans, as necessary. CC ID 11624 | Monitoring and measurement | Detective | |
Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 | Monitoring and measurement | Detective | |
Deploy log normalization tools, as necessary. CC ID 12141 | Monitoring and measurement | Preventive | |
Restrict access to audit trails to a need to know basis. CC ID 11641 | Monitoring and measurement | Preventive | |
Identify information system users. CC ID 12081 [Identify information system users, processes acting on behalf of users, or devices. 3.5.1] | Technical security | Detective | |
Review user accounts. CC ID 00525 | Technical security | Detective | |
Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 [Identify information system users, processes acting on behalf of users, or devices. 3.5.1] | Technical security | Detective | |
Review shared accounts. CC ID 11840 | Technical security | Detective | |
Control access rights to organizational assets. CC ID 00004 [Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). 3.1.1] | Technical security | Preventive | |
Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835 | Technical security | Preventive | |
Define access needs for each system component of an information system. CC ID 12456 | Technical security | Preventive | |
Define the level of privilege required for each system component of an information system. CC ID 12457 | Technical security | Preventive | |
Establish access rights based on least privilege. CC ID 01411 [Limit information system access to the types of transactions and functions that authorized users are permitted to execute. 3.1.2 Employ the principle of least privilege, including for specific security functions and privileged accounts. 3.1.5] | Technical security | Preventive | |
Assign user permissions based on job responsibilities. CC ID 00538 | Technical security | Preventive | |
Assign user privileges after they have management sign off. CC ID 00542 | Technical security | Preventive | |
Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 [Limit unsuccessful logon attempts. 3.1.8] | Technical security | Preventive | |
Disallow unlocking user accounts absent system administrator approval. CC ID 01413 | Technical security | Preventive | |
Establish session authenticity through Transport Layer Security. CC ID 01627 [Protect the authenticity of communications sessions. 3.13.15] | Technical security | Preventive | |
Include all system components in the access control system. CC ID 11939 | Technical security | Preventive | |
Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850 | Technical security | Preventive | |
Enable attribute-based access control for objects and users on information systems. CC ID 16351 | Technical security | Preventive | |
Enable role-based access control for objects and users on information systems. CC ID 12458 | Technical security | Preventive | |
Enforce access restrictions for change control. CC ID 01428 [{physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the information system. 3.4.5] | Technical security | Preventive | |
Permit a limited set of user actions absent identification and authentication. CC ID 04849 | Technical security | Preventive | |
Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262 | Technical security | Preventive | |
Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 | Technical security | Preventive | |
Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964 | Technical security | Preventive | |
Establish, implement, and maintain User Access Management procedures. CC ID 00514 | Technical security | Preventive | |
Remove inactive user accounts, as necessary. CC ID 00517 [Disable identifiers after a defined period of inactivity. 3.5.6] | Technical security | Corrective | |
Include digital identification procedures in the access control program. CC ID 11841 | Technical security | Preventive | |
Identify and control all network access controls. CC ID 00529 | Technical security | Preventive | |
Manage all external network connections. CC ID 11842 | Technical security | Preventive | |
Refrain from disclosing private Internet Protocol addresses and routing information, unless necessary. CC ID 11891 | Technical security | Preventive | |
Segregate systems in accordance with organizational standards. CC ID 12546 | Technical security | Preventive | |
Implement resource-isolation mechanisms in organizational networks. CC ID 16438 | Technical security | Preventive | |
Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533 | Technical security | Preventive | |
Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310 | Technical security | Preventive | |
Design Demilitarized Zones with proper isolation rules. CC ID 00532 | Technical security | Preventive | |
Restrict inbound network traffic into the Demilitarized Zone to Internet Protocol addresses within the Demilitarized Zone. CC ID 11998 | Technical security | Preventive | |
Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993 | Technical security | Preventive | |
Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373 | Technical security | Preventive | |
Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821 | Technical security | Preventive | |
Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588 | Technical security | Preventive | |
Employ centralized management systems to configure and control networks, as necessary. CC ID 12540 | Technical security | Preventive | |
Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903 | Technical security | Corrective | |
Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420 | Technical security | Preventive | |
Protect the firewall's network connection interfaces. CC ID 01955 | Technical security | Preventive | |
Establish, implement, and maintain packet filtering requirements. CC ID 16362 | Technical security | Preventive | |
Configure firewall filtering to only permit established connections into the network. CC ID 12482 | Technical security | Preventive | |
Review and approve information exchange system connections. CC ID 07143 | Technical security | Preventive | |
Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104 | Technical security | Preventive | |
Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107 | Technical security | Preventive | |
Block uncategorized sites using URL filtering. CC ID 12140 | Technical security | Preventive | |
Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139 | Technical security | Detective | |
Enforce privileged accounts and non-privileged accounts for system access. CC ID 00558 [Use non-privileged accounts or roles when accessing nonsecurity functions. 3.1.6 Prevent non-privileged users from executing privileged functions and audit the execution of such functions. 3.1.7] | Technical security | Preventive | |
Separate user functionality from system management functionality. CC ID 11858 [Separate user functionality from information system management functionality. 3.13.3] | Technical security | Preventive | |
Control all methods of remote access and teleworking. CC ID 00559 [Enforce safeguarding measures for CUI at alternate work sites (e.g., telework sites). 3.10.6] | Technical security | Preventive | |
Refrain from allowing remote users to copy files to remote devices. CC ID 06792 | Technical security | Preventive | |
Control remote access through a network access control. CC ID 01421 [Authorize remote execution of privileged commands and remote access to security-relevant information. 3.1.15 Route remote access via managed access control points. 3.1.14] | Technical security | Preventive | |
Prohibit remote access to systems processing cleartext restricted data or restricted information. CC ID 12324 | Technical security | Preventive | |
Employ multifactor authentication for remote access to the organization's network. CC ID 12505 | Technical security | Preventive | |
Implement phishing-resistant multifactor authentication techniques. CC ID 16541 | Technical security | Preventive | |
Limit the source addresses from which remote administration is performed. CC ID 16393 | Technical security | Preventive | |
Manage the use of encryption controls and cryptographic controls. CC ID 00570 | Technical security | Preventive | |
Bind keys to each identity. CC ID 12337 | Technical security | Preventive | |
Generate unique cryptographic keys for each user. CC ID 12169 | Technical security | Preventive | |
Implement decryption keys so that they are not linked to user accounts. CC ID 06851 | Technical security | Preventive | |
Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085 | Technical security | Preventive | |
Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852 | Technical security | Preventive | |
Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092 | Technical security | Preventive | |
Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084 | Technical security | Preventive | |
Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091 | Technical security | Preventive | |
Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. 3.13.8 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. 3.13.11] | Technical security | Preventive | |
Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492 | Technical security | Preventive | |
Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490 | Technical security | Preventive | |
Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416 | Technical security | Preventive | |
Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568 | Technical security | Preventive | |
Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021 | Technical security | Preventive | |
Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020 | Technical security | Preventive | |
Protect application services information transmitted over a public network from contract disputes. CC ID 12019 | Technical security | Preventive | |
Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018 | Technical security | Preventive | |
Install and maintain container security solutions. CC ID 16178 | Technical security | Preventive | |
Protect the system against replay attacks. CC ID 04552 [{privileged accounts} Employ replay-resistant authentication mechanisms for network access to privileged and non- privileged accounts. 3.5.4] | Technical security | Preventive | |
Analyze the behavior and characteristics of the malicious code. CC ID 10672 | Technical security | Detective | |
Incorporate the malicious code analysis into the patch management program. CC ID 10673 | Technical security | Corrective | |
Implement audio protection controls on telephone systems in controlled areas. CC ID 16455 | Physical and environmental protection | Preventive | |
Secure unissued access mechanisms. CC ID 06713 | Physical and environmental protection | Preventive | |
Change cipher lock codes, as necessary. CC ID 06651 | Physical and environmental protection | Preventive | |
Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 [Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device. 3.13.12] | Physical and environmental protection | Preventive | |
Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 [Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device. 3.13.12] | Physical and environmental protection | Preventive | |
Terminate user accounts when notified that an individual is terminated. CC ID 11614 | Human Resources management | Corrective | |
Terminate access rights when notified of a personnel status change or an individual is terminated. CC ID 11826 | Human Resources management | Corrective | |
Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960 | Human Resources management | Preventive | |
Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054 | Operational management | Preventive | |
Link the authentication system to the asset inventory. CC ID 13718 | Operational management | Preventive | |
Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110 | Operational management | Detective | |
Control remote maintenance according to the system's asset classification. CC ID 01433 | Operational management | Preventive | |
Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 [Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. 3.7.5] | Operational management | Preventive | |
Employ dedicated systems during system maintenance. CC ID 12108 | Operational management | Preventive | |
Isolate dedicated systems used for system maintenance from Internet access. CC ID 12114 | Operational management | Preventive | |
Categorize the incident following an incident response. CC ID 13208 | Operational management | Preventive | |
Wipe data and memory after an incident has been detected. CC ID 16850 | Operational management | Corrective | |
Refrain from accessing compromised systems. CC ID 01752 | Operational management | Corrective | |
Isolate compromised systems from the network. CC ID 01753 | Operational management | Corrective | |
Change authenticators after a security incident has been detected. CC ID 06789 | Operational management | Corrective | |
Change wireless access variables after a data loss event has been detected. CC ID 01756 | Operational management | Corrective | |
Re-image compromised systems with secure builds. CC ID 12086 | Operational management | Corrective | |
Integrate configuration management procedures into the incident management program. CC ID 13647 | Operational management | Preventive | |
Respond when an integrity violation is detected, as necessary. CC ID 10678 | Operational management | Corrective | |
Shut down systems when an integrity violation is detected, as necessary. CC ID 10679 | Operational management | Corrective | |
Restart systems when an integrity violation is detected, as necessary. CC ID 10680 | Operational management | Corrective | |
Integrate configuration management procedures into the change control program. CC ID 13646 | Operational management | Preventive | |
Implement patch management software, as necessary. CC ID 12094 | Operational management | Preventive | |
Include updates and exceptions to hardened images as a part of the patch management program. CC ID 12087 | Operational management | Preventive | |
Review the patch log for missing patches. CC ID 13186 | Operational management | Detective | |
Patch software. CC ID 11825 | Operational management | Corrective | |
Patch the operating system, as necessary. CC ID 11824 | Operational management | Corrective | |
Implement cryptographic mechanisms to authenticate software and computer firmware before installation. CC ID 10682 | Operational management | Detective | |
Refrain from using assertion lifetimes to limit each session. CC ID 13871 | System hardening through configuration management | Preventive | |
Establish, implement, and maintain authenticators. CC ID 15305 | System hardening through configuration management | Preventive | |
Configure the log to capture all URL requests. CC ID 12138 | System hardening through configuration management | Detective | |
Establish, implement, and maintain online storage controls. CC ID 00942 | Records management | Preventive | |
Provide encryption for different types of electronic storage media. CC ID 00945 [Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. 3.8.6] | Records management | Preventive |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Supply each in scope asset with audit reduction tool and report generation capabilities to support after-the-fact investigations without altering the event logs. CC ID 01427 [Provide audit reduction and report generation to support on-demand analysis and reporting. 3.3.6] | Monitoring and measurement | Preventive | |
Repeat vulnerability scanning, as necessary. CC ID 11646 [Remediate vulnerabilities in accordance with assessments of risk. 3.11.3] | Monitoring and measurement | Detective | |
Perform internal vulnerability scans, as necessary. CC ID 00656 | Monitoring and measurement | Detective | |
Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 | Monitoring and measurement | Preventive | |
Determine if the audit assertion's in scope controls are reasonable. CC ID 06980 | Audits and risk management | Detective | |
Document test plans for auditing in scope controls. CC ID 06985 | Audits and risk management | Detective | |
Determine the effectiveness of in scope controls. CC ID 06984 [Periodically assess the security controls in organizational information systems to determine if the controls are effective in their application. 3.12.1 Monitor information system security controls on an ongoing basis to ensure the continued effectiveness of the controls. 3.12.3] | Audits and risk management | Detective | |
Perform risk assessments for all target environments, as necessary. CC ID 06452 [Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission of CUI. 3.11.1] | Audits and risk management | Preventive | |
Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455 | Technical security | Detective | |
Authenticate user identities before unlocking an account. CC ID 11837 [Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. 3.5.2] | Technical security | Detective | |
Configure firewalls to perform dynamic packet filtering. CC ID 01288 | Technical security | Detective | |
Scan the system to verify modems are disabled or removed, except the modems that are explicitly approved. CC ID 00560 | Technical security | Detective | |
Test cryptographic key management applications, as necessary. CC ID 04829 | Technical security | Detective | |
Implement non-repudiation for transactions. CC ID 00567 | Technical security | Detective | |
Test all removable storage media for viruses and malicious code. CC ID 11861 [Check media containing diagnostic and test programs for malicious code before the media are used in the information system. 3.7.4] | Technical security | Detective | |
Test all untrusted files or unverified files for viruses and malicious code. CC ID 01311 | Technical security | Detective | |
Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 | Physical and environmental protection | Preventive | |
Implement operational requirements for card readers. CC ID 02225 | Physical and environmental protection | Preventive | |
Test locks for physical security vulnerabilities. CC ID 04880 | Physical and environmental protection | Detective | |
Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 | Human Resources management | Detective | |
Implement segregation of duties in roles and responsibilities. CC ID 00774 [Separate the duties of individuals to reduce the risk of malevolent activity without collusion. 3.1.4] | Human Resources management | Detective | |
Conduct maintenance with authorized personnel. CC ID 01434 [Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance. 3.7.2] | Operational management | Detective | |
Assess all incidents to determine what information was accessed. CC ID 01226 | Operational management | Corrective | |
Test incident monitoring procedures. CC ID 13194 | Operational management | Detective | |
Test the incident response procedures. CC ID 01216 [Test the organizational incident response capability. 3.6.3] | Operational management | Detective | |
Test proposed changes prior to their approval. CC ID 00548 | Operational management | Detective | |
Perform risk assessments prior to approving change requests. CC ID 00888 [Analyze the security impact of changes prior to implementation. 3.4.4] | Operational management | Preventive | |
Perform a patch test prior to deploying a patch. CC ID 00898 | Operational management | Detective | |
Test software patches for any potential compromise of the system's security. CC ID 13175 | Operational management | Detective | |
Review changes to computer firmware. CC ID 12226 | Operational management | Detective | |
Certify changes to computer firmware are free of malicious logic. CC ID 12227 | Operational management | Detective | |
Test the system's operational functionality after implementing approved changes. CC ID 06294 | Operational management | Detective | |
Perform and pass acceptance testing before moving a system back into operation after an approved change has occurred. CC ID 04541 | Operational management | Detective | |
Configure security and protection software to check for up-to-date signature files. CC ID 00576 [Update malicious code protection mechanisms when new releases are available. 3.14.4] | System hardening through configuration management | Detective |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
---|---|---|---|
Train all personnel and third parties on how to recognize and report system failures. CC ID 13475 | Human Resources management | Preventive |
There are three types of Common Control classifications; corrective, detective, and preventive. Common Controls at the top level have the default assignment of Impact Zone.
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
---|---|---|---|
Provide predefined suspicious activity reports for suspicious activity discovered in the event log. CC ID 06774 | Monitoring and measurement | Establish/Maintain Documentation | |
Eliminate false positives in event logs and audit logs. CC ID 07047 | Monitoring and measurement | Log Management | |
Follow up exceptions and anomalies identified when reviewing logs. CC ID 11925 | Monitoring and measurement | Investigate | |
Update the vulnerability scanners' vulnerability list. CC ID 10634 | Monitoring and measurement | Configuration | |
Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 | Monitoring and measurement | Behavior | |
Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818 | Technical security | Communicate | |
Remove inactive user accounts, as necessary. CC ID 00517 [Disable identifiers after a defined period of inactivity. 3.5.6] | Technical security | Technical Security | |
Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903 | Technical security | Technical Security | |
Revoke membership in the whitelist, as necessary. CC ID 13827 | Technical security | Establish/Maintain Documentation | |
Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307 | Technical security | Data and Information Management | |
Replace known or suspected compromised cryptographic keys immediately. CC ID 01306 | Technical security | Data and Information Management | |
Remove malware when malicious code is discovered. CC ID 13691 | Technical security | Process or Activity | |
Notify interested personnel and affected parties when malware is detected. CC ID 13689 | Technical security | Communicate | |
Establish, implement, and maintain a malicious code outbreak recovery plan. CC ID 01310 | Technical security | Establish/Maintain Documentation | |
Incorporate the malicious code analysis into the patch management program. CC ID 10673 | Technical security | Technical Security | |
Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 | Physical and environmental protection | Physical and Environmental Protection | |
Document all lost badges in a lost badge list. CC ID 12448 | Physical and environmental protection | Establish/Maintain Documentation | |
Terminate user accounts when notified that an individual is terminated. CC ID 11614 | Human Resources management | Technical Security | |
Terminate access rights when notified of a personnel status change or an individual is terminated. CC ID 11826 | Human Resources management | Technical Security | |
Deny access to restricted data or restricted information when a personnel status change occurs or an individual is terminated. CC ID 01309 | Human Resources management | Data and Information Management | |
Update contact information of any individual undergoing a personnel status change, as necessary. CC ID 12692 | Human Resources management | Human Resources Management | |
Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052 | Operational management | Monitor and Evaluate Occurrences | |
Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053 | Operational management | Monitor and Evaluate Occurrences | |
Determine the incident severity level when assessing the security incidents. CC ID 01650 | Operational management | Monitor and Evaluate Occurrences | |
Escalate incidents, as necessary. CC ID 14861 | Operational management | Monitor and Evaluate Occurrences | |
Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197 | Operational management | Process or Activity | |
Respond to all alerts from security systems in a timely manner. CC ID 06434 [Monitor information system security alerts and advisories and take appropriate actions in response. 3.14.3] | Operational management | Behavior | |
Coordinate incident response activities with interested personnel and affected parties. CC ID 13196 | Operational management | Process or Activity | |
Contain the incident to prevent further loss. CC ID 01751 | Operational management | Process or Activity | |
Wipe data and memory after an incident has been detected. CC ID 16850 | Operational management | Technical Security | |
Refrain from accessing compromised systems. CC ID 01752 | Operational management | Technical Security | |
Isolate compromised systems from the network. CC ID 01753 | Operational management | Technical Security | |
Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754 | Operational management | Log Management | |
Change authenticators after a security incident has been detected. CC ID 06789 | Operational management | Technical Security | |
Assess all incidents to determine what information was accessed. CC ID 01226 | Operational management | Testing | |
Check the precursors and indicators when assessing the security incidents. CC ID 01761 | Operational management | Monitor and Evaluate Occurrences | |
Share incident information with interested personnel and affected parties. CC ID 01212 | Operational management | Data and Information Management | |
Share data loss event information with the media. CC ID 01759 | Operational management | Behavior | |
Share data loss event information with interconnected system owners. CC ID 01209 | Operational management | Establish/Maintain Documentation | |
Report data loss event information to breach notification organizations. CC ID 01210 | Operational management | Data and Information Management | |
Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731 | Operational management | Behavior | |
Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365 | Operational management | Behavior | |
Delay sending incident response notifications under predetermined conditions. CC ID 00804 | Operational management | Behavior | |
Establish, implement, and maintain incident response notifications. CC ID 12975 | Operational management | Establish/Maintain Documentation | |
Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767 | Operational management | Communicate | |
Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766 | Operational management | Business Processes | |
Send paper incident response notifications to affected parties, as necessary. CC ID 00366 | Operational management | Behavior | |
Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803 | Operational management | Behavior | |
Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368 | Operational management | Behavior | |
Telephone incident response notifications to affected parties, as necessary. CC ID 04650 | Operational management | Behavior | |
Publish the incident response notification in a general circulation periodical. CC ID 04651 | Operational management | Behavior | |
Send electronic incident response notifications to affected parties, as necessary. CC ID 00367 | Operational management | Behavior | |
Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347 | Operational management | Communicate | |
Include incident recovery procedures in the Incident Management program. CC ID 01758 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Establish/Maintain Documentation | |
Change wireless access variables after a data loss event has been detected. CC ID 01756 | Operational management | Technical Security | |
Eradicate the cause of the incident after the incident has been contained. CC ID 01757 | Operational management | Business Processes | |
Implement security controls for personnel that have accessed information absent authorization. CC ID 10611 | Operational management | Human Resources Management | |
Re-image compromised systems with secure builds. CC ID 12086 | Operational management | Technical Security | |
Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858 | Operational management | Establish/Maintain Documentation | |
Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 | Operational management | Log Management | |
Notify interested personnel and affected parties that a security breach was detected. CC ID 11788 [Provide privacy and security notices consistent with applicable CUI rules. 3.1.9] | Operational management | Communicate | |
Respond when an integrity violation is detected, as necessary. CC ID 10678 | Operational management | Technical Security | |
Shut down systems when an integrity violation is detected, as necessary. CC ID 10679 | Operational management | Technical Security | |
Restart systems when an integrity violation is detected, as necessary. CC ID 10680 | Operational management | Technical Security | |
Approve back-out plans, as necessary. CC ID 13627 | Operational management | Establish/Maintain Documentation | |
Deploy software patches in accordance with organizational standards. CC ID 07032 | Operational management | Configuration | |
Patch software. CC ID 11825 | Operational management | Technical Security | |
Patch the operating system, as necessary. CC ID 11824 | Operational management | Technical Security | |
Deploy software patches in the disaster recovery environment to mirror those in the production environment. CC ID 13174 | Operational management | Configuration | |
Remove outdated software after software has been updated. CC ID 11792 | Operational management | Configuration | |
Update computer firmware, as necessary. CC ID 11755 | Operational management | Configuration | |
Remove outdated computer firmware after the computer firmware has been updated. CC ID 10671 | Operational management | Configuration | |
Mitigate the adverse effects of unauthorized changes. CC ID 12244 | Operational management | Business Processes | |
Establish, implement, and maintain a change acceptance testing log. CC ID 06392 | Operational management | Establish/Maintain Documentation | |
Document approved configuration deviations. CC ID 08711 | Operational management | Establish/Maintain Documentation |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
---|---|---|---|
Establish, implement, and maintain logging and monitoring operations. CC ID 00637 | Monitoring and measurement | Log Management | |
Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Monitor information system security alerts and advisories and take appropriate actions in response. 3.14.3 Monitor the information system including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. 3.14.6] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Monitor systems for blended attacks and multiple component incidents. CC ID 01225 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Monitor systems for Denial of Service attacks. CC ID 01222 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Monitor systems for access to restricted data or restricted information. CC ID 04721 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 | Monitoring and measurement | Human Resources Management | |
Detect unauthorized access to systems. CC ID 06798 [Identify unauthorized use of the information system. 3.14.7] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Incorporate potential red flags into the organization's incident management system. CC ID 04652 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638 [Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. 3.3.1] | Monitoring and measurement | Log Management | |
Establish, implement, and maintain event logging procedures. CC ID 01335 | Monitoring and measurement | Log Management | |
Review and update event logs and audit logs, as necessary. CC ID 00596 | Monitoring and measurement | Log Management | |
Correlate log entries to security controls to verify the security control's effectiveness. CC ID 13207 | Monitoring and measurement | Log Management | |
Identify cybersecurity events in event logs and audit logs. CC ID 13206 | Monitoring and measurement | Technical Security | |
Enable logging for all systems that meet a traceability criteria. CC ID 00640 | Monitoring and measurement | Log Management | |
Analyze firewall logs for the correct capturing of data. CC ID 00549 | Monitoring and measurement | Log Management | |
Perform vulnerability scans, as necessary. CC ID 11637 [Scan for vulnerabilities in the information system and applications periodically and when new vulnerabilities affecting the system are identified. 3.11.2] | Monitoring and measurement | Technical Security | |
Repeat vulnerability scanning, as necessary. CC ID 11646 [Remediate vulnerabilities in accordance with assessments of risk. 3.11.3] | Monitoring and measurement | Testing | |
Identify and document security vulnerabilities. CC ID 11857 | Monitoring and measurement | Technical Security | |
Rank discovered vulnerabilities. CC ID 11940 | Monitoring and measurement | Investigate | |
Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 | Monitoring and measurement | Technical Security | |
Correlate vulnerability scan reports from the various systems. CC ID 10636 | Monitoring and measurement | Technical Security | |
Perform internal vulnerability scans, as necessary. CC ID 00656 | Monitoring and measurement | Testing | |
Perform vulnerability scans prior to installing payment applications. CC ID 12192 | Monitoring and measurement | Technical Security | |
Implement scanning tools, as necessary. CC ID 14282 | Monitoring and measurement | Technical Security | |
Repeat vulnerability scanning after an approved change occurs. CC ID 12468 | Monitoring and measurement | Technical Security | |
Perform external vulnerability scans, as necessary. CC ID 11624 | Monitoring and measurement | Technical Security | |
Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 | Monitoring and measurement | Technical Security | |
Establish, implement, and maintain a corrective action plan. CC ID 00675 [Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems. 3.12.2] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Include monitoring in the corrective action plan. CC ID 11645 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Determine if the audit assertion's in scope controls are reasonable. CC ID 06980 | Audits and risk management | Testing | |
Document test plans for auditing in scope controls. CC ID 06985 | Audits and risk management | Testing | |
Determine the effectiveness of in scope controls. CC ID 06984 [Periodically assess the security controls in organizational information systems to determine if the controls are effective in their application. 3.12.1 Monitor information system security controls on an ongoing basis to ensure the continued effectiveness of the controls. 3.12.3] | Audits and risk management | Testing | |
Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157 | Audits and risk management | Audits and Risk Management | |
Review audit reports to determine the effectiveness of in scope controls. CC ID 12156 | Audits and risk management | Audits and Risk Management | |
Observe processes to determine the effectiveness of in scope controls. CC ID 12155 | Audits and risk management | Audits and Risk Management | |
Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154 | Audits and risk management | Audits and Risk Management | |
Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144 | Audits and risk management | Audits and Risk Management | |
Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556 | Audits and risk management | Audits and Risk Management | |
Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555 | Audits and risk management | Audits and Risk Management | |
Update the risk assessment upon discovery of a new threat. CC ID 00708 | Audits and risk management | Establish/Maintain Documentation | |
Update the risk assessment upon changes to the risk profile. CC ID 11627 | Audits and risk management | Establish/Maintain Documentation | |
Conduct external audits of risk assessments, as necessary. CC ID 13308 | Audits and risk management | Audits and Risk Management | |
Identify information system users. CC ID 12081 [Identify information system users, processes acting on behalf of users, or devices. 3.5.1] | Technical security | Technical Security | |
Review user accounts. CC ID 00525 | Technical security | Technical Security | |
Match user accounts to authorized parties. CC ID 12126 | Technical security | Configuration | |
Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 [Identify information system users, processes acting on behalf of users, or devices. 3.5.1] | Technical security | Technical Security | |
Review shared accounts. CC ID 11840 | Technical security | Technical Security | |
Disallow application IDs from running as privileged users. CC ID 10050 | Technical security | Configuration | |
Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455 | Technical security | Testing | |
Authenticate user identities before unlocking an account. CC ID 11837 [Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. 3.5.2] | Technical security | Testing | |
Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270 | Technical security | Process or Activity | |
Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174 | Technical security | Configuration | |
Configure firewalls to perform dynamic packet filtering. CC ID 01288 | Technical security | Testing | |
Configure network access and control points to organizational standards. CC ID 12442 | Technical security | Configuration | |
Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139 | Technical security | Technical Security | |
Create a full text analysis on executed privileged functions. CC ID 06778 | Technical security | Monitor and Evaluate Occurrences | |
Scan the system to verify modems are disabled or removed, except the modems that are explicitly approved. CC ID 00560 | Technical security | Testing | |
Monitor and evaluate all remote access usage. CC ID 00563 [Monitor and control remote access sessions. 3.1.12] | Technical security | Monitor and Evaluate Occurrences | |
Test cryptographic key management applications, as necessary. CC ID 04829 | Technical security | Testing | |
Implement non-repudiation for transactions. CC ID 00567 | Technical security | Testing | |
Scan for malicious code, as necessary. CC ID 11941 [Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. 3.14.5] | Technical security | Investigate | |
Test all removable storage media for viruses and malicious code. CC ID 11861 [Check media containing diagnostic and test programs for malicious code before the media are used in the information system. 3.7.4] | Technical security | Testing | |
Test all untrusted files or unverified files for viruses and malicious code. CC ID 01311 | Technical security | Testing | |
Log and react to all malicious code activity. CC ID 07072 | Technical security | Monitor and Evaluate Occurrences | |
Analyze the behavior and characteristics of the malicious code. CC ID 10672 | Technical security | Technical Security | |
Inspect telephones for eavesdropping devices. CC ID 02223 | Physical and environmental protection | Physical and Environmental Protection | |
Detect anomalies in physical barriers. CC ID 13533 | Physical and environmental protection | Investigate | |
Secure physical entry points with physical access controls or security guards. CC ID 01640 | Physical and environmental protection | Physical and Environmental Protection | |
Test locks for physical security vulnerabilities. CC ID 04880 | Physical and environmental protection | Testing | |
Lock all lockable equipment cabinets. CC ID 11673 | Physical and environmental protection | Physical and Environmental Protection | |
Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
Report anomalies in the visitor log to appropriate personnel. CC ID 14755 | Physical and environmental protection | Investigate | |
Log when the vault is accessed. CC ID 06725 | Physical and environmental protection | Log Management | |
Log when the cabinet is accessed. CC ID 11674 | Physical and environmental protection | Log Management | |
Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
Monitor physical entry point alarms. CC ID 01639 | Physical and environmental protection | Physical and Environmental Protection | |
Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
Monitor for alarmed security doors being propped open. CC ID 06684 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
Track restricted storage media while it is in transit. CC ID 00967 | Physical and environmental protection | Data and Information Management | |
Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 | Human Resources management | Testing | |
Verify completion of each activity in the employee termination checklist when an individual is terminated. CC ID 12449 | Human Resources management | Human Resources Management | |
Implement segregation of duties in roles and responsibilities. CC ID 00774 [Separate the duties of individuals to reduce the risk of malevolent activity without collusion. 3.1.4] | Human Resources management | Testing | |
Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962 | Operational management | Establish/Maintain Documentation | |
Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110 | Operational management | Technical Security | |
Control and monitor all maintenance tools. CC ID 01432 [Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance. 3.7.2] | Operational management | Physical and Environmental Protection | |
Conduct maintenance with authorized personnel. CC ID 01434 [Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance. 3.7.2] | Operational management | Testing | |
Establish, implement, and maintain an anti-money laundering program. CC ID 13675 | Operational management | Business Processes | |
Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453 | Operational management | Monitor and Evaluate Occurrences | |
Require personnel to monitor for and report suspicious account activity. CC ID 16462 | Operational management | Monitor and Evaluate Occurrences | |
Identify root causes of incidents that force system changes. CC ID 13482 | Operational management | Investigate | |
Respond to and triage when an incident is detected. CC ID 06942 | Operational management | Monitor and Evaluate Occurrences | |
Document the incident and any relevant evidence in the incident report. CC ID 08659 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Operational management | Establish/Maintain Documentation | |
Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677 | Operational management | Investigate | |
Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674 | Operational management | Establish/Maintain Documentation | |
Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678 | Operational management | Establish/Maintain Documentation | |
Analyze the incident response process following an incident response. CC ID 13179 | Operational management | Investigate | |
Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326 | Operational management | Log Management | |
Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801 | Operational management | Behavior | |
Avoid false positive incident response notifications. CC ID 04732 | Operational management | Behavior | |
Include information required by law in incident response notifications. CC ID 00802 | Operational management | Establish/Maintain Documentation | |
Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738 | Operational management | Establish/Maintain Documentation | |
Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265 | Operational management | Monitor and Evaluate Occurrences | |
Test incident monitoring procedures. CC ID 13194 | Operational management | Testing | |
Conduct incident investigations, as necessary. CC ID 13826 | Operational management | Process or Activity | |
Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042 | Operational management | Investigate | |
Identify the affected parties during incident investigations. CC ID 16781 | Operational management | Investigate | |
Interview suspects during incident investigations, as necessary. CC ID 14041 | Operational management | Investigate | |
Interview victims and witnesses during incident investigations, as necessary. CC ID 14038 | Operational management | Investigate | |
Establish, implement, and maintain incident response procedures. CC ID 01206 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Establish/Maintain Documentation | |
Test the incident response procedures. CC ID 01216 [Test the organizational incident response capability. 3.6.3] | Operational management | Testing | |
Test proposed changes prior to their approval. CC ID 00548 | Operational management | Testing | |
Examine all changes to ensure they correspond with the change request. CC ID 12345 | Operational management | Business Processes | |
Conduct network certifications prior to approving change requests for networks. CC ID 13121 | Operational management | Process or Activity | |
Analyze mitigating controls for vulnerabilities in the network when certifying the network. CC ID 13126 | Operational management | Investigate | |
Collect data about the network environment when certifying the network. CC ID 13125 | Operational management | Investigate | |
Review the patch log for missing patches. CC ID 13186 | Operational management | Technical Security | |
Perform a patch test prior to deploying a patch. CC ID 00898 | Operational management | Testing | |
Test software patches for any potential compromise of the system's security. CC ID 13175 | Operational management | Testing | |
Review changes to computer firmware. CC ID 12226 | Operational management | Testing | |
Certify changes to computer firmware are free of malicious logic. CC ID 12227 | Operational management | Testing | |
Implement cryptographic mechanisms to authenticate software and computer firmware before installation. CC ID 10682 | Operational management | Technical Security | |
Establish, implement, and maintain approved change acceptance testing procedures. CC ID 06391 | Operational management | Establish/Maintain Documentation | |
Test the system's operational functionality after implementing approved changes. CC ID 06294 | Operational management | Testing | |
Perform and pass acceptance testing before moving a system back into operation after an approved change has occurred. CC ID 04541 | Operational management | Testing | |
Establish, implement, and maintain a configuration change log. CC ID 08710 | Operational management | Configuration | |
Configure the "/etc/docker/daemon.json" files and directories auditing to organizational standards. CC ID 14467 | System hardening through configuration management | Configuration | |
Configure the "/etc/docker" files and directories auditing to organizational standards. CC ID 14459 | System hardening through configuration management | Configuration | |
Configure the "docker.socket" files and directories auditing to organizational standards. CC ID 14458 | System hardening through configuration management | Configuration | |
Configure the "docker.service" files and directories auditing to organizational standards. CC ID 14454 | System hardening through configuration management | Configuration | |
Configure the "/var/lib/docker" files and directories auditing to organizational standards. CC ID 14453 | System hardening through configuration management | Configuration | |
Configure the "/usr/sbin/runc" files and directories auditing to organizational standards. CC ID 14452 | System hardening through configuration management | Configuration | |
Configure the "/usr/bin/containerd" files and directories auditing to organizational standards. CC ID 14451 | System hardening through configuration management | Configuration | |
Configure the "/etc/default/docker" files and directories auditing to organizational standards. CC ID 14450 | System hardening through configuration management | Configuration | |
Configure the "/etc/sysconfig/docker" files and directories auditing to organizational standards. CC ID 14449 | System hardening through configuration management | Configuration | |
Configure the log to capture audit log initialization, along with auditable event selection. CC ID 00649 | System hardening through configuration management | Log Management | |
Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890 | System hardening through configuration management | Log Management | |
Configure the log to capture the information referent when personal data is being accessed. CC ID 11968 | System hardening through configuration management | Log Management | |
Configure the log to capture each auditable event's origination. CC ID 01338 | System hardening through configuration management | Log Management | |
Configure the log to capture remote access information. CC ID 05596 | System hardening through configuration management | Configuration | |
Configure the log to capture all malicious code that has been discovered, quarantined, and/or eradicated. CC ID 00577 | System hardening through configuration management | Log Management | |
Configure the "logging level" to organizational standards. CC ID 14456 | System hardening through configuration management | Configuration | |
Capture successful operating system access and successful software access. CC ID 00527 | System hardening through configuration management | Log Management | |
Configure the log to capture hardware and software access attempts. CC ID 01220 | System hardening through configuration management | Log Management | |
Configure the log to capture all URL requests. CC ID 12138 | System hardening through configuration management | Technical Security | |
Configure the log to capture logons, logouts, logon attempts, and logout attempts. CC ID 01915 | System hardening through configuration management | Log Management | |
Configure the log to capture access to restricted data or restricted information. CC ID 00644 | System hardening through configuration management | Log Management | |
Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 [Prevent non-privileged users from executing privileged functions and audit the execution of such functions. 3.1.7] | System hardening through configuration management | Log Management | |
Configure the log to capture identification and authentication mechanism use. CC ID 00648 | System hardening through configuration management | Log Management | |
Configure the log to capture all access to the audit trail. CC ID 00646 | System hardening through configuration management | Log Management | |
Configure the log to capture Object access to key directories or key files. CC ID 01697 | System hardening through configuration management | Log Management | |
Configure the log to capture both access and access attempts to security-relevant objects and security-relevant directories. CC ID 01916 | System hardening through configuration management | Log Management | |
Configure the log to capture system level object creation and deletion. CC ID 00650 | System hardening through configuration management | Log Management | |
Configure the log to capture changes to User privileges, audit policies, and trust policies by enabling audit policy changes. CC ID 01698 | System hardening through configuration management | Log Management | |
Configure the log to capture user authenticator changes. CC ID 01917 | System hardening through configuration management | Log Management | |
Enable or disable NFS server logging, as appropriate. CC ID 05593 | System hardening through configuration management | Log Management | |
Log Pluggable Authentication Modules access at an appropriate level. CC ID 05599 | System hardening through configuration management | Log Management | |
Enable or disable the logging of "martian" packets (impossible addresses), as appropriate. CC ID 05601 | System hardening through configuration management | Log Management | |
Enable or disable dhcpd logging, as appropriate. CC ID 05602 | System hardening through configuration management | Log Management | |
Enable or disable attempted stack exploit logging, as appropriate. CC ID 05614 | System hardening through configuration management | Log Management | |
Enable or disable the debug logging option, as appropriate. CC ID 05617 | System hardening through configuration management | Log Management | |
Enable or disable the logging of vsftpd transactions, as appropriate. CC ID 06032 | System hardening through configuration management | Log Management | |
Verify auditing is logged to an appropriate directory. CC ID 05603 | System hardening through configuration management | Log Management | |
Enable or disable the /var/log/authlog log, as appropriate. CC ID 05606 | System hardening through configuration management | Log Management | |
Enable or disable the /var/log/syslog log, as appropriate. CC ID 05607 | System hardening through configuration management | Log Management | |
Enable or disable the /var/adm/messages log, as appropriate. CC ID 05608 | System hardening through configuration management | Log Management | |
Enable or disable the /var/adm/sulog log, as appropriate. CC ID 05609 | System hardening through configuration management | Log Management | |
Enable or disable the /var/adm/utmp(x) log, as appropriate. CC ID 05610 | System hardening through configuration management | Log Management | |
Enable or disable the /var/adm/wtmp(x) log, as appropriate. CC ID 05611 | System hardening through configuration management | Log Management | |
Enable or disable the /var/adm/sshlog log, as appropriate. CC ID 05612 | System hardening through configuration management | Log Management | |
Enable or disable the /var/log/pamlog log, as appropriate. CC ID 05613 | System hardening through configuration management | Log Management | |
Perform filesystem logging and filesystem journaling. CC ID 05615 | System hardening through configuration management | Log Management | |
Configure security and protection software to check for up-to-date signature files. CC ID 00576 [Update malicious code protection mechanisms when new releases are available. 3.14.4] | System hardening through configuration management | Testing | |
Define each system's preservation requirements for records and logs. CC ID 00904 | Records management | Establish/Maintain Documentation | |
Label printed output for specific record categories as directed by the organization's information classification standard. CC ID 01420 | Records management | Records Management |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
---|---|---|---|
Monitoring and measurement CC ID 00636 | Monitoring and measurement | IT Impact Zone | |
Audits and risk management CC ID 00677 | Audits and risk management | IT Impact Zone | |
Technical security CC ID 00508 | Technical security | IT Impact Zone | |
Physical and environmental protection CC ID 00709 | Physical and environmental protection | IT Impact Zone | |
Operational and Systems Continuity CC ID 00731 | Operational and Systems Continuity | IT Impact Zone | |
Human Resources management CC ID 00763 | Human Resources management | IT Impact Zone | |
Operational management CC ID 00805 | Operational management | IT Impact Zone | |
System hardening through configuration management CC ID 00860 | System hardening through configuration management | IT Impact Zone | |
Records management CC ID 00902 | Records management | IT Impact Zone | |
Systems design, build, and implementation CC ID 00989 | Systems design, build, and implementation | IT Impact Zone |
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
---|---|---|---|
Establish, implement, and maintain intrusion management operations. CC ID 00580 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Monitor systems for unauthorized data transfers. CC ID 12971 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Address operational anomalies within the incident management system. CC ID 11633 | Monitoring and measurement | Audits and Risk Management | |
Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 | Monitoring and measurement | Audits and Risk Management | |
Monitor systems for unauthorized mobile code. CC ID 10034 [Control and monitor the use of mobile code. 3.13.13] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
Establish, implement, and maintain an event logging policy. CC ID 15217 | Monitoring and measurement | Establish/Maintain Documentation | |
Include the system components that generate audit records in the event logging procedures. CC ID 16426 | Monitoring and measurement | Data and Information Management | |
Include a standard to collect and interpret event logs in the event logging procedures. CC ID 00643 | Monitoring and measurement | Log Management | |
Protect the event logs from failure. CC ID 06290 | Monitoring and measurement | Log Management | |
Overwrite the oldest records when audit logging fails. CC ID 14308 | Monitoring and measurement | Data and Information Management | |
Supply each in scope asset with audit reduction tool and report generation capabilities to support after-the-fact investigations without altering the event logs. CC ID 01427 [Provide audit reduction and report generation to support on-demand analysis and reporting. 3.3.6] | Monitoring and measurement | Testing | |
Include identity information of suspects in the suspicious activity report. CC ID 16648 | Monitoring and measurement | Establish/Maintain Documentation | |
Compile the event logs of multiple components into a system-wide time-correlated audit trail. CC ID 01424 [Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity. 3.3.5] | Monitoring and measurement | Audits and Risk Management | |
Reproduce the event log if a log failure is captured. CC ID 01426 | Monitoring and measurement | Log Management | |
Document the event information to be logged in the event information log specification. CC ID 00639 | Monitoring and measurement | Configuration | |
Enable the logging capability to capture enough information to ensure the system is functioning according to its intended purpose throughout its life cycle. CC ID 15001 | Monitoring and measurement | Configuration | |
Enable and configure logging on all network access controls. CC ID 01963 | Monitoring and measurement | Configuration | |
Synchronize system clocks to an accurate and universal time source on all devices. CC ID 01340 [Provide an information system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. 3.3.7] | Monitoring and measurement | Configuration | |
Centralize network time servers to as few as practical. CC ID 06308 | Monitoring and measurement | Configuration | |
Disseminate and communicate information to customers about clock synchronization methods used by the organization. CC ID 13044 | Monitoring and measurement | Communicate | |
Define the frequency to capture and log events. CC ID 06313 | Monitoring and measurement | Log Management | |
Include logging frequencies in the event logging procedures. CC ID 00642 | Monitoring and measurement | Log Management | |
Review and update the list of auditable events in the event logging procedures. CC ID 10097 [Review and update audited events. 3.3.3] | Monitoring and measurement | Establish/Maintain Documentation | |
Establish, implement, and maintain a testing program. CC ID 00654 | Monitoring and measurement | Behavior | |
Establish, implement, and maintain a vulnerability management program. CC ID 15721 | Monitoring and measurement | Establish/Maintain Documentation | |
Establish, implement, and maintain a vulnerability assessment program. CC ID 11636 | Monitoring and measurement | Establish/Maintain Documentation | |
Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 | Monitoring and measurement | Technical Security | |
Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 | Monitoring and measurement | Establish/Maintain Documentation | |
Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418 | Monitoring and measurement | Communicate | |
Maintain vulnerability scan reports as organizational records. CC ID 12092 | Monitoring and measurement | Records Management | |
Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 | Monitoring and measurement | Business Processes | |
Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 | Monitoring and measurement | Testing | |
Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Monitoring and measurement | Establish/Maintain Documentation | |
Establish, implement, and maintain a log management program. CC ID 00673 [Limit management of audit functionality to a subset of privileged users. 3.3.9] | Monitoring and measurement | Establish/Maintain Documentation | |
Deploy log normalization tools, as necessary. CC ID 12141 | Monitoring and measurement | Technical Security | |
Restrict access to logs to authorized individuals. CC ID 01342 | Monitoring and measurement | Log Management | |
Restrict access to audit trails to a need to know basis. CC ID 11641 | Monitoring and measurement | Technical Security | |
Refrain from recording unnecessary restricted data in logs. CC ID 06318 | Monitoring and measurement | Log Management | |
Back up audit trails according to backup procedures. CC ID 11642 | Monitoring and measurement | Systems Continuity | |
Back up logs according to backup procedures. CC ID 01344 | Monitoring and measurement | Log Management | |
Copy logs from all predefined hosts onto a log management infrastructure. CC ID 01346 | Monitoring and measurement | Log Management | |
Identify hosts with logs that are not being stored. CC ID 06314 | Monitoring and measurement | Log Management | |
Identify hosts with logs that are being stored at the system level only. CC ID 06315 | Monitoring and measurement | Log Management | |
Identify hosts with logs that should be stored at both the system level and the infrastructure level. CC ID 06316 | Monitoring and measurement | Log Management | |
Identify hosts with logs that are being stored at the infrastructure level only. CC ID 06317 | Monitoring and measurement | Log Management | |
Protect logs from unauthorized activity. CC ID 01345 [Protect audit information and audit tools from unauthorized access, modification, and deletion. 3.3.8] | Monitoring and measurement | Log Management | |
Perform testing and validating activities on all logs. CC ID 06322 | Monitoring and measurement | Log Management | |
Archive the audit trail in accordance with compliance requirements. CC ID 00674 | Monitoring and measurement | Log Management | |
Enforce dual authorization as a part of information flow control for logs. CC ID 10098 | Monitoring and measurement | Configuration | |
Preserve the identity of individuals in audit trails. CC ID 10594 | Monitoring and measurement | Log Management | |
Establish, implement, and maintain a cross-organizational audit sharing agreement. CC ID 10595 | Monitoring and measurement | Establish/Maintain Documentation | |
Provide cross-organizational audit information based on the cross-organizational audit sharing agreement. CC ID 10596 | Monitoring and measurement | Audits and Risk Management | |
Align corrective actions with the level of environmental impact. CC ID 15193 | Monitoring and measurement | Business Processes | |
Include risks and opportunities in the corrective action plan. CC ID 15178 | Monitoring and measurement | Establish/Maintain Documentation | |
Include environmental aspects in the corrective action plan. CC ID 15177 | Monitoring and measurement | Establish/Maintain Documentation | |
Include the completion date in the corrective action plan. CC ID 13272 | Monitoring and measurement | Establish/Maintain Documentation | |
Establish, implement, and maintain an audit program. CC ID 00684 | Audits and risk management | Establish/Maintain Documentation | |
Accept the attestation engagement when all preconditions are met. CC ID 13933 | Audits and risk management | Business Processes | |
Audit in scope audit items and compliance documents. CC ID 06730 | Audits and risk management | Audits and Risk Management | |
Review documentation to determine the effectiveness of in scope controls. CC ID 16522 | Audits and risk management | Process or Activity | |
Establish, implement, and maintain a risk management program. CC ID 12051 | Audits and risk management | Establish/Maintain Documentation | |
Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Audits and risk management | Establish/Maintain Documentation | |
Establish, implement, and maintain a risk assessment program. CC ID 00687 | Audits and risk management | Establish/Maintain Documentation | |
Perform risk assessments for all target environments, as necessary. CC ID 06452 [Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission of CUI. 3.11.1] | Audits and risk management | Testing | |
Include the probability and potential impact of pandemics in the scope of the risk assessment. CC ID 13241 | Audits and risk management | Establish/Maintain Documentation | |
Include physical assets in the scope of the risk assessment. CC ID 13075 | Audits and risk management | Establish/Maintain Documentation | |
Include the results of the risk assessment in the risk assessment report. CC ID 06481 | Audits and risk management | Establish/Maintain Documentation | |
Approve the results of the risk assessment as documented in the risk assessment report. CC ID 07109 | Audits and risk management | Audits and Risk Management | |
Review risks to the organization's audit function when changes in the supply chain occur. CC ID 01154 | Audits and risk management | Audits and Risk Management | |
Review the risk to the audit function when the audit personnel status changes. CC ID 01153 | Audits and risk management | Audits and Risk Management | |
Document any reasons for modifying or refraining from modifying the organization's risk assessment when the risk assessment has been reviewed. CC ID 13312 | Audits and risk management | Establish/Maintain Documentation | |
Create a risk assessment report based on the risk assessment results. CC ID 15695 | Audits and risk management | Establish/Maintain Documentation | |
Disseminate and communicate the approved risk assessment report to interested personnel and affected parties. CC ID 10633 | Audits and risk management | Communicate | |
Notify the organization upon completion of the external audits of the organization's risk assessment. CC ID 13313 | Audits and risk management | Communicate | |
Establish, implement, and maintain an access control program. CC ID 11702 | Technical security | Establish/Maintain Documentation | |
Establish, implement, and maintain an access rights management plan. CC ID 00513 | Technical security | Establish/Maintain Documentation | |
Establish and maintain contact information for user accounts, as necessary. CC ID 15418 | Technical security | Data and Information Management | |
Control access rights to organizational assets. CC ID 00004 [Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). 3.1.1] | Technical security | Technical Security | |
Configure access control lists in accordance with organizational standards. CC ID 16465 | Technical security | Configuration | |
Add all devices requiring access control to the Access Control List. CC ID 06264 | Technical security | Establish/Maintain Documentation | |
Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835 | Technical security | Technical Security | |
Define roles for information systems. CC ID 12454 | Technical security | Human Resources Management | |
Define access needs for each role assigned to an information system. CC ID 12455 | Technical security | Human Resources Management | |
Define access needs for each system component of an information system. CC ID 12456 | Technical security | Technical Security | |
Define the level of privilege required for each system component of an information system. CC ID 12457 | Technical security | Technical Security | |
Establish access rights based on least privilege. CC ID 01411 [Limit information system access to the types of transactions and functions that authorized users are permitted to execute. 3.1.2 Employ the principle of least privilege, including for specific security functions and privileged accounts. 3.1.5] | Technical security | Technical Security | |
Assign user permissions based on job responsibilities. CC ID 00538 | Technical security | Technical Security | |
Assign user privileges after they have management sign off. CC ID 00542 | Technical security | Technical Security | |
Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767 | Technical security | Configuration | |
Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 [Limit unsuccessful logon attempts. 3.1.8] | Technical security | Technical Security | |
Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822 | Technical security | Configuration | |
Disallow unlocking user accounts absent system administrator approval. CC ID 01413 | Technical security | Technical Security | |
Establish, implement, and maintain session lock capabilities. CC ID 01417 [Use session lock with pattern-hiding displays to prevent access/viewing of data after period of inactivity. 3.1.10] | Technical security | Configuration | |
Limit concurrent sessions according to account type. CC ID 01416 | Technical security | Configuration | |
Establish session authenticity through Transport Layer Security. CC ID 01627 [Protect the authenticity of communications sessions. 3.13.15] | Technical security | Technical Security | |
Configure the "tlsverify" argument to organizational standards. CC ID 14460 | Technical security | Configuration | |
Configure the "tlscacert" argument to organizational standards. CC ID 14521 | Technical security | Configuration | |
Configure the "tlscert" argument to organizational standards. CC ID 14520 | Technical security | Configuration | |
Configure the "tlskey" argument to organizational standards. CC ID 14519 | Technical security | Configuration | |
Enable access control for objects and users on each system. CC ID 04553 | Technical security | Configuration | |
Include all system components in the access control system. CC ID 11939 | Technical security | Technical Security | |
Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301 | Technical security | Process or Activity | |
Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850 | Technical security | Technical Security | |
Enable attribute-based access control for objects and users on information systems. CC ID 16351 | Technical security | Technical Security | |
Enable role-based access control for objects and users on information systems. CC ID 12458 | Technical security | Technical Security | |
Include the objects and users subject to access control in the security policy. CC ID 11836 | Technical security | Establish/Maintain Documentation | |
Assign Information System access authorizations if implementing segregation of duties. CC ID 06323 | Technical security | Establish Roles | |
Enforce access restrictions for change control. CC ID 01428 [{physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the information system. 3.4.5] | Technical security | Technical Security | |
Enforce access restrictions for restricted data. CC ID 01921 | Technical security | Data and Information Management | |
Permit a limited set of user actions absent identification and authentication. CC ID 04849 | Technical security | Technical Security | |
Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262 | Technical security | Technical Security | |
Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 | Technical security | Establish/Maintain Documentation | |
Accept and sign the system use agreement before data or system access is enabled. CC ID 06501 | Technical security | Establish/Maintain Documentation | |
Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 | Technical security | Technical Security | |
Display previous logon information in the logon banner. CC ID 01415 | Technical security | Configuration | |
Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771 | Technical security | Establish/Maintain Documentation | |
Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964 | Technical security | Technical Security | |
Establish, implement, and maintain User Access Management procedures. CC ID 00514 | Technical security | Technical Security | |
Establish, implement, and maintain access control procedures. CC ID 11663 | Technical security | Establish/Maintain Documentation | |
Grant access to authorized personnel or systems. CC ID 12186 | Technical security | Configuration | |
Document approving and granting access in the access control log. CC ID 06786 [{remote access} Authorize wireless access prior to allowing such connections. 3.1.16] | Technical security | Establish/Maintain Documentation | |
Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442 | Technical security | Communicate | |
Include digital identification procedures in the access control program. CC ID 11841 | Technical security | Technical Security | |
Identify and control all network access controls. CC ID 00529 | Technical security | Technical Security | |
Manage all external network connections. CC ID 11842 | Technical security | Technical Security | |
Prohibit systems from connecting directly to external networks. CC ID 08709 [Prevent remote devices from simultaneously establishing non-remote connections with the information system and communicating via some other connection to resources in external networks. 3.13.7] | Technical security | Configuration | |
Establish, implement, and maintain a Boundary Defense program. CC ID 00544 [Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. 3.13.1] | Technical security | Establish/Maintain Documentation | |
Refrain from disclosing private Internet Protocol addresses and routing information, unless necessary. CC ID 11891 | Technical security | Technical Security | |
Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034 | Technical security | Communicate | |
Segregate systems in accordance with organizational standards. CC ID 12546 | Technical security | Technical Security | |
Implement gateways between security domains. CC ID 16493 | Technical security | Systems Design, Build, and Implementation | |
Implement resource-isolation mechanisms in organizational networks. CC ID 16438 | Technical security | Technical Security | |
Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533 | Technical security | Technical Security | |
Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310 | Technical security | Technical Security | |
Design Demilitarized Zones with proper isolation rules. CC ID 00532 | Technical security | Technical Security | |
Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285 | Technical security | Data and Information Management | |
Restrict inbound network traffic into the Demilitarized Zone to Internet Protocol addresses within the Demilitarized Zone. CC ID 11998 | Technical security | Technical Security | |
Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993 | Technical security | Technical Security | |
Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 [Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. 3.13.5] | Technical security | Data and Information Management | |
Establish, implement, and maintain a network access control standard. CC ID 00546 | Technical security | Establish/Maintain Documentation | |
Include assigned roles and responsibilities in the network access control standard. CC ID 06410 | Technical security | Establish Roles | |
Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373 | Technical security | Technical Security | |
Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821 | Technical security | Technical Security | |
Place firewalls between all security domains and between any Demilitarized Zone and internal network zones. CC ID 01274 | Technical security | Configuration | |
Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293 | Technical security | Configuration | |
Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784 | Technical security | Configuration | |
Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588 | Technical security | Technical Security | |
Include configuration management and rulesets in the network access control standard. CC ID 11845 | Technical security | Establish/Maintain Documentation | |
Secure the network access control standard against unauthorized changes. CC ID 11920 | Technical security | Establish/Maintain Documentation | |
Employ centralized management systems to configure and control networks, as necessary. CC ID 12540 | Technical security | Technical Security | |
Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541 | Technical security | Configuration | |
Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948 | Technical security | Establish/Maintain Documentation | |
Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960 | Technical security | Establish/Maintain Documentation | |
Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961 | Technical security | Establish/Maintain Documentation | |
Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435 | Technical security | Establish/Maintain Documentation | |
Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434 | Technical security | Establish/Maintain Documentation | |
Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426 | Technical security | Establish/Maintain Documentation | |
Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847 | Technical security | Configuration | |
Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 | Technical security | Establish/Maintain Documentation | |
Configure network ports to organizational standards. CC ID 14007 | Technical security | Configuration | |
Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547 | Technical security | Establish/Maintain Documentation | |
Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539 | Technical security | Establish/Maintain Documentation | |
Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280 | Technical security | Establish/Maintain Documentation | |
Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033 | Technical security | Establish/Maintain Documentation | |
Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 | Technical security | Establish/Maintain Documentation | |
Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550 | Technical security | Configuration | |
Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420 | Technical security | Technical Security | |
Configure network access and control points to protect restricted data or restricted information. CC ID 01284 | Technical security | Configuration | |
Protect data stored at external locations. CC ID 16333 | Technical security | Data and Information Management | |
Protect the firewall's network connection interfaces. CC ID 01955 | Technical security | Technical Security | |
Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 [Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). 3.13.6] | Technical security | Configuration | |
Allow local program exceptions on the firewall, as necessary. CC ID 01956 | Technical security | Configuration | |
Allow remote administration exceptions on the firewall, as necessary. CC ID 01957 | Technical security | Configuration | |
Allow file sharing exceptions on the firewall, as necessary. CC ID 01958 | Technical security | Configuration | |
Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849 | Technical security | Configuration | |
Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959 | Technical security | Configuration | |
Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960 | Technical security | Configuration | |
Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961 | Technical security | Configuration | |
Allow notification exceptions on the firewall, as necessary. CC ID 01962 | Technical security | Configuration | |
Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964 | Technical security | Configuration | |
Allow protocol port exceptions on the firewall, as necessary. CC ID 01965 | Technical security | Configuration | |
Allow local port exceptions on the firewall, as necessary. CC ID 01966 | Technical security | Configuration | |
Establish, implement, and maintain ingress address filters on the firewall, as necessary. CC ID 01287 | Technical security | Configuration | |
Establish, implement, and maintain packet filtering requirements. CC ID 16362 | Technical security | Technical Security | |
Configure firewall filtering to only permit established connections into the network. CC ID 12482 | Technical security | Technical Security | |
Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295 | Technical security | Data and Information Management | |
Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271 | Technical security | Data and Information Management | |
Synchronize and secure all router configuration files. CC ID 01291 | Technical security | Configuration | |
Synchronize and secure all firewall configuration files. CC ID 11851 | Technical security | Configuration | |
Configure firewalls to generate an audit log. CC ID 12038 | Technical security | Audits and Risk Management | |
Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165 | Technical security | Configuration | |
Record the configuration rules for network access and control points in the configuration management system. CC ID 12105 | Technical security | Establish/Maintain Documentation | |
Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107 | Technical security | Establish/Maintain Documentation | |
Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106 | Technical security | Establish/Maintain Documentation | |
Install and configure application layer firewalls for all key web-facing applications. CC ID 01450 | Technical security | Configuration | |
Update application layer firewalls to the most current version. CC ID 12037 | Technical security | Process or Activity | |
Enforce information flow control. CC ID 11781 | Technical security | Monitor and Evaluate Occurrences | |
Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [Control the flow of CUI in accordance with approved authorizations. 3.1.3] | Technical security | Establish/Maintain Documentation | |
Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923 | Technical security | Data and Information Management | |
Establish, implement, and maintain a document printing policy. CC ID 14384 | Technical security | Establish/Maintain Documentation | |
Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396 | Technical security | Establish/Maintain Documentation | |
Establish, implement, and maintain information flow procedures. CC ID 04542 [Control information posted or processed on publicly accessible information systems. 3.1.22 Verify and control/limit connections to and use of external information systems. 3.1.20] | Technical security | Establish/Maintain Documentation | |
Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242 | Technical security | Data and Information Management | |
Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243 | Technical security | Data and Information Management | |
Establish, implement, and maintain information exchange procedures. CC ID 11782 | Technical security | Establish/Maintain Documentation | |
Perform content sanitization on data-in-transit. CC ID 16512 | Technical security | Data and Information Management | |
Perform content conversion on data-in-transit. CC ID 16510 | Technical security | Data and Information Management | |
Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499 | Technical security | Data and Information Management | |
Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554 | Technical security | Data and Information Management | |
Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859 | Technical security | Data and Information Management | |
Review and approve information exchange system connections. CC ID 07143 | Technical security | Technical Security | |
Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312 | Technical security | Log Management | |
Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104 | Technical security | Technical Security | |
Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107 | Technical security | Technical Security | |
Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097 | Technical security | Establish/Maintain Documentation | |
Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183 | Technical security | Configuration | |
Block uncategorized sites using URL filtering. CC ID 12140 | Technical security | Technical Security | |
Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234 | Technical security | Data and Information Management | |
Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 [Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny- all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. 3.4.8] | Technical security | Establish/Maintain Documentation | |
Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094 | Technical security | Behavior | |
Secure access to each system component operating system. CC ID 00551 | Technical security | Configuration | |
Enforce privileged accounts and non-privileged accounts for system access. CC ID 00558 [Use non-privileged accounts or roles when accessing nonsecurity functions. 3.1.6 Prevent non-privileged users from executing privileged functions and audit the execution of such functions. 3.1.7] | Technical security | Technical Security | |
Separate user functionality from system management functionality. CC ID 11858 [Separate user functionality from information system management functionality. 3.13.3] | Technical security | Technical Security | |
Control all methods of remote access and teleworking. CC ID 00559 [Enforce safeguarding measures for CUI at alternate work sites (e.g., telework sites). 3.10.6] | Technical security | Technical Security | |
Assign virtual escorting to authorized personnel. CC ID 16440 | Technical security | Process or Activity | |
Establish, implement, and maintain a remote access and teleworking program. CC ID 04545 | Technical security | Establish/Maintain Documentation | |
Include information security requirements in the remote access and teleworking program. CC ID 15704 | Technical security | Establish/Maintain Documentation | |
Refrain from allowing remote users to copy files to remote devices. CC ID 06792 | Technical security | Technical Security | |
Control remote administration in accordance with organizational standards. CC ID 04459 [Authorize remote execution of privileged commands and remote access to security-relevant information. 3.1.15] | Technical security | Configuration | |
Control remote access through a network access control. CC ID 01421 [Authorize remote execution of privileged commands and remote access to security-relevant information. 3.1.15 Route remote access via managed access control points. 3.1.14] | Technical security | Technical Security | |
Install and maintain remote control software and other remote control mechanisms on critical systems. CC ID 06371 | Technical security | Configuration | |
Prohibit remote access to systems processing cleartext restricted data or restricted information. CC ID 12324 | Technical security | Technical Security | |
Employ multifactor authentication for remote access to the organization's network. CC ID 12505 | Technical security | Technical Security | |
Implement multifactor authentication techniques. CC ID 00561 [Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. 3.5.3 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. 3.7.5] | Technical security | Configuration | |
Implement phishing-resistant multifactor authentication techniques. CC ID 16541 | Technical security | Technical Security | |
Document and approve requests to bypass multifactor authentication. CC ID 15464 | Technical security | Establish/Maintain Documentation | |
Limit the source addresses from which remote administration is performed. CC ID 16393 | Technical security | Technical Security | |
Protect remote access accounts with encryption. CC ID 00562 [Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. 3.1.13] | Technical security | Configuration | |
Manage the use of encryption controls and cryptographic controls. CC ID 00570 | Technical security | Technical Security | |
Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [Establish and manage cryptographic keys for cryptography employed in the information system. 3.13.10] | Technical security | Establish/Maintain Documentation | |
Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164 | Technical security | Communicate | |
Bind keys to each identity. CC ID 12337 | Technical security | Technical Security | |
Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152 | Technical security | Establish/Maintain Documentation | |
Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151 | Technical security | Establish/Maintain Documentation | |
Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301 | Technical security | Data and Information Management | |
Generate strong cryptographic keys. CC ID 01299 | Technical security | Data and Information Management | |
Generate unique cryptographic keys for each user. CC ID 12169 | Technical security | Technical Security | |
Use approved random number generators for creating cryptographic keys. CC ID 06574 | Technical security | Data and Information Management | |
Implement decryption keys so that they are not linked to user accounts. CC ID 06851 | Technical security | Technical Security | |
Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540 | Technical security | Establish/Maintain Documentation | |
Disseminate and communicate cryptographic keys securely. CC ID 01300 | Technical security | Data and Information Management | |
Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541 | Technical security | Data and Information Management | |
Store cryptographic keys securely. CC ID 01298 | Technical security | Data and Information Management | |
Restrict access to cryptographic keys. CC ID 01297 | Technical security | Data and Information Management | |
Store cryptographic keys in encrypted format. CC ID 06084 | Technical security | Data and Information Management | |
Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085 | Technical security | Technical Security | |
Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127 | Technical security | Establish/Maintain Documentation | |
Change cryptographic keys in accordance with organizational standards. CC ID 01302 | Technical security | Data and Information Management | |
Destroy cryptographic keys promptly after the retention period. CC ID 01303 | Technical security | Data and Information Management | |
Control cryptographic keys with split knowledge and dual control. CC ID 01304 | Technical security | Data and Information Management | |
Prevent the unauthorized substitution of cryptographic keys. CC ID 01305 | Technical security | Data and Information Management | |
Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852 | Technical security | Technical Security | |
Archive outdated cryptographic keys. CC ID 06884 | Technical security | Data and Information Management | |
Archive revoked cryptographic keys. CC ID 11819 | Technical security | Data and Information Management | |
Require key custodians to sign the cryptographic key management policy. CC ID 01308 | Technical security | Establish/Maintain Documentation | |
Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820 | Technical security | Human Resources Management | |
Manage the digital signature cryptographic key pair. CC ID 06576 | Technical security | Data and Information Management | |
Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587 | Technical security | Establish/Maintain Documentation | |
Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079 | Technical security | Establish/Maintain Documentation | |
Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725 | Technical security | Establish Roles | |
Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080 | Technical security | Establish/Maintain Documentation | |
Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081 | Technical security | Establish/Maintain Documentation | |
Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082 | Technical security | Establish/Maintain Documentation | |
Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089 | Technical security | Establish/Maintain Documentation | |
Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083 | Technical security | Establish/Maintain Documentation | |
Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816 | Technical security | Establish/Maintain Documentation | |
Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092 | Technical security | Technical Security | |
Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084 | Technical security | Technical Security | |
Establish, implement, and maintain Public Key certificate procedures. CC ID 07085 | Technical security | Establish/Maintain Documentation | |
Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817 | Technical security | Establish/Maintain Documentation | |
Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087 | Technical security | Establish/Maintain Documentation | |
Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086 | Technical security | Establish/Maintain Documentation | |
Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091 | Technical security | Technical Security | |
Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090 | Technical security | Records Management | |
Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. 3.13.8 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. 3.13.11] | Technical security | Technical Security | |
Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 | Technical security | Configuration | |
Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492 | Technical security | Technical Security | |
Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490 | Technical security | Technical Security | |
Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566 | Technical security | Establish/Maintain Documentation | |
Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416 | Technical security | Technical Security | |
Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568 | Technical security | Technical Security | |
Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021 | Technical security | Technical Security | |
Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020 | Technical security | Technical Security | |
Protect application services information transmitted over a public network from contract disputes. CC ID 12019 | Technical security | Technical Security | |
Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018 | Technical security | Technical Security | |
Establish, implement, and maintain a malicious code protection program. CC ID 00574 [Provide protection from malicious code at appropriate locations within organizational information systems. 3.14.2] | Technical security | Establish/Maintain Documentation | |
Disseminate and communicate the malicious code protection policy to all interested personnel and affected parties. CC ID 15485 | Technical security | Communicate | |
Disseminate and communicate the malicious code protection procedures to all interested personnel and affected parties. CC ID 15484 | Technical security | Communicate | |
Establish, implement, and maintain malicious code protection procedures. CC ID 15483 | Technical security | Establish/Maintain Documentation | |
Establish, implement, and maintain a malicious code protection policy. CC ID 15478 | Technical security | Establish/Maintain Documentation | |
Restrict downloading to reduce malicious code attacks. CC ID 04576 | Technical security | Behavior | |
Install security and protection software, as necessary. CC ID 00575 | Technical security | Configuration | |
Install and maintain container security solutions. CC ID 16178 | Technical security | Technical Security | |
Protect the system against replay attacks. CC ID 04552 [{privileged accounts} Employ replay-resistant authentication mechanisms for network access to privileged and non- privileged accounts. 3.5.4] | Technical security | Technical Security | |
Define and assign roles and responsibilities for malicious code protection. CC ID 15474 | Technical security | Establish Roles | |
Lock antivirus configurations. CC ID 10047 | Technical security | Configuration | |
Establish, implement, and maintain a virtual environment and shared resources security program. CC ID 06551 | Technical security | Establish/Maintain Documentation | |
Establish, implement, and maintain a shared resources management program. CC ID 07096 [Prevent unauthorized and unintended information transfer via shared system resources. 3.13.4] | Technical security | Establish/Maintain Documentation | |
Maintain ownership of all shared resources. CC ID 12180 | Technical security | Business Processes | |
Employ resource-isolation mechanisms in virtual environments. CC ID 12178 | Technical security | Configuration | |
Establish, implement, and maintain a physical security program. CC ID 11757 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, implement, and maintain a facility physical security program. CC ID 00711 [Protect and monitor the physical facility and support infrastructure for those information systems. 3.10.2] | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, implement, and maintain opening procedures for businesses. CC ID 16671 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, implement, and maintain closing procedures for businesses. CC ID 16670 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish and maintain a contract for accessing facilities that transmit, process, or store restricted data. CC ID 12050 | Physical and environmental protection | Establish/Maintain Documentation | |
Refrain from providing access to facilities that transmit, process, or store restricted data until the contract for accessing the facility is signed. CC ID 12311 | Physical and environmental protection | Behavior | |
Protect the facility from crime. CC ID 06347 | Physical and environmental protection | Physical and Environmental Protection | |
Define communication methods for reporting crimes. CC ID 06349 | Physical and environmental protection | Establish/Maintain Documentation | |
Include identification cards or badges in the physical security program. CC ID 14818 | Physical and environmental protection | Establish/Maintain Documentation | |
Protect facilities from eavesdropping. CC ID 02222 | Physical and environmental protection | Physical and Environmental Protection | |
Implement audio protection controls on telephone systems in controlled areas. CC ID 16455 | Physical and environmental protection | Technical Security | |
Establish, implement, and maintain security procedures for virtual meetings. CC ID 15581 | Physical and environmental protection | Establish/Maintain Documentation | |
Hold conferences requiring sensitive information discussions in spaces that have commensurate security. CC ID 11440 | Physical and environmental protection | Physical and Environmental Protection | |
Provide one-time meeting support for discussions involving Top Secret information. CC ID 11441 | Physical and environmental protection | Physical and Environmental Protection | |
Create security zones in facilities, as necessary. CC ID 16295 | Physical and environmental protection | Physical and Environmental Protection | |
Establish clear zones around any sensitive facilities. CC ID 02214 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain floor plans. CC ID 16419 | Physical and environmental protection | Establish/Maintain Documentation | |
Include network infrastructure and cabling infrastructure on the floor plan. CC ID 16420 | Physical and environmental protection | Establish/Maintain Documentation | |
Post floor plans of critical facilities in secure locations. CC ID 16138 | Physical and environmental protection | Communicate | |
Post and maintain security signage for all facilities. CC ID 02201 | Physical and environmental protection | Establish/Maintain Documentation | |
Inspect items brought into the facility. CC ID 06341 | Physical and environmental protection | Physical and Environmental Protection | |
Maintain all physical security systems. CC ID 02206 | Physical and environmental protection | Physical and Environmental Protection | |
Maintain all security alarm systems. CC ID 11669 | Physical and environmental protection | Physical and Environmental Protection | |
Identify and document physical access controls for all physical entry points. CC ID 01637 | Physical and environmental protection | Establish/Maintain Documentation | |
Control physical access to (and within) the facility. CC ID 01329 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain physical access procedures. CC ID 13629 | Physical and environmental protection | Establish/Maintain Documentation | |
Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 | Physical and environmental protection | Physical and Environmental Protection | |
Configure the access control system to grant access only during authorized working hours. CC ID 12325 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain a visitor access permission policy. CC ID 06699 | Physical and environmental protection | Establish/Maintain Documentation | |
Escort visitors within the facility, as necessary. CC ID 06417 [Escort visitors and monitor visitor activity. 3.10.3] | Physical and environmental protection | Establish/Maintain Documentation | |
Check the visitor's stated identity against a provided government issued identification. CC ID 06701 | Physical and environmental protection | Physical and Environmental Protection | |
Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 | Physical and environmental protection | Testing | |
Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 | Physical and environmental protection | Behavior | |
Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 | Physical and environmental protection | Establish/Maintain Documentation | |
Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 | Physical and environmental protection | Establish/Maintain Documentation | |
Authorize physical access to sensitive areas based on job functions. CC ID 12462 | Physical and environmental protection | Establish/Maintain Documentation | |
Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 [Supervise the maintenance activities of maintenance personnel without required access authorization. 3.7.6] | Physical and environmental protection | Monitor and Evaluate Occurrences | |
Establish, implement, and maintain physical identification procedures. CC ID 00713 | Physical and environmental protection | Establish/Maintain Documentation | |
Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 | Physical and environmental protection | Human Resources Management | |
Implement physical identification processes. CC ID 13715 | Physical and environmental protection | Process or Activity | |
Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 | Physical and environmental protection | Process or Activity | |
Issue photo identification badges to all employees. CC ID 12326 | Physical and environmental protection | Physical and Environmental Protection | |
Implement operational requirements for card readers. CC ID 02225 | Physical and environmental protection | Testing | |
Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 | Physical and environmental protection | Establish/Maintain Documentation | |
Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 | Physical and environmental protection | Physical and Environmental Protection | |
Manage constituent identification inside the facility. CC ID 02215 | Physical and environmental protection | Behavior | |
Direct each employee to be responsible for their identification card or badge. CC ID 12332 | Physical and environmental protection | Human Resources Management | |
Manage visitor identification inside the facility. CC ID 11670 | Physical and environmental protection | Physical and Environmental Protection | |
Issue visitor identification badges to all non-employees. CC ID 00543 | Physical and environmental protection | Behavior | |
Secure unissued visitor identification badges. CC ID 06712 | Physical and environmental protection | Physical and Environmental Protection | |
Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 | Physical and environmental protection | Behavior | |
Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 | Physical and environmental protection | Establish/Maintain Documentation | |
Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 | Physical and environmental protection | Process or Activity | |
Include error handling controls in identification issuance procedures. CC ID 13709 | Physical and environmental protection | Establish/Maintain Documentation | |
Include an appeal process in the identification issuance procedures. CC ID 15428 | Physical and environmental protection | Business Processes | |
Include information security in the identification issuance procedures. CC ID 15425 | Physical and environmental protection | Establish/Maintain Documentation | |
Include identity proofing processes in the identification issuance procedures. CC ID 06597 | Physical and environmental protection | Process or Activity | |
Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 | Physical and environmental protection | Establish/Maintain Documentation | |
Include an identity registration process in the identification issuance procedures. CC ID 11671 | Physical and environmental protection | Establish/Maintain Documentation | |
Restrict access to the badge system to authorized personnel. CC ID 12043 | Physical and environmental protection | Physical and Environmental Protection | |
Enforce dual control for badge assignments. CC ID 12328 | Physical and environmental protection | Physical and Environmental Protection | |
Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 | Physical and environmental protection | Physical and Environmental Protection | |
Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 | Physical and environmental protection | Establish/Maintain Documentation | |
Assign employees the responsibility for controlling their identification badges. CC ID 12333 | Physical and environmental protection | Human Resources Management | |
Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 | Physical and environmental protection | Establish/Maintain Documentation | |
Prevent tailgating through physical entry points. CC ID 06685 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain a door security standard. CC ID 06686 | Physical and environmental protection | Establish/Maintain Documentation | |
Install doors so that exposed hinges are on the secured side. CC ID 06687 | Physical and environmental protection | Configuration | |
Install emergency doors to permit egress only. CC ID 06688 | Physical and environmental protection | Configuration | |
Install contact alarms on doors, as necessary. CC ID 06710 | Physical and environmental protection | Configuration | |
Use locks to protect against unauthorized physical access. CC ID 06342 | Physical and environmental protection | Physical and Environmental Protection | |
Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650 | Physical and environmental protection | Configuration | |
Secure unissued access mechanisms. CC ID 06713 | Physical and environmental protection | Technical Security | |
Establish, implement, and maintain a lock and access mechanism inventory (keys, lock combinations, or key cards) for all physical access control systems. CC ID 00748 [Control and manage physical access devices. 3.10.5] | Physical and environmental protection | Establish/Maintain Documentation | |
Change cipher lock codes, as necessary. CC ID 06651 | Physical and environmental protection | Technical Security | |
Record the assigned access mechanism serial number or cipher lock code when issuing controlled items. CC ID 06715 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, implement, and maintain a window security standard. CC ID 06689 | Physical and environmental protection | Establish/Maintain Documentation | |
Install contact alarms on openable windows, as necessary. CC ID 06690 | Physical and environmental protection | Configuration | |
Install glass break alarms on windows, as necessary. CC ID 06691 | Physical and environmental protection | Configuration | |
Post signs at all physical entry points stating the organization's right to inspect upon entry. CC ID 02204 | Physical and environmental protection | Establish/Maintain Documentation | |
Install and maintain security lighting at all physical entry points. CC ID 02205 | Physical and environmental protection | Physical and Environmental Protection | |
Use vandal resistant light fixtures for all security lighting. CC ID 16130 | Physical and environmental protection | Physical and Environmental Protection | |
Manage access to loading docks, unloading docks, and mail rooms. CC ID 02210 | Physical and environmental protection | Physical and Environmental Protection | |
Secure the loading dock with physical access controls or security guards. CC ID 06703 | Physical and environmental protection | Physical and Environmental Protection | |
Isolate loading areas from information processing facilities, if possible. CC ID 12028 | Physical and environmental protection | Physical and Environmental Protection | |
Screen incoming mail and deliveries. CC ID 06719 | Physical and environmental protection | Physical and Environmental Protection | |
Protect access to the facility's mechanical systems area. CC ID 02212 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain elevator security guidelines. CC ID 02232 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain stairwell security guidelines. CC ID 02233 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain glass opening security guidelines. CC ID 02234 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain after hours facility access procedures. CC ID 06340 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish a security room, if necessary. CC ID 00738 | Physical and environmental protection | Physical and Environmental Protection | |
Implement physical security standards for mainframe rooms or data centers. CC ID 00749 | Physical and environmental protection | Physical and Environmental Protection | |
Establish and maintain equipment security cages in a shared space environment. CC ID 06711 | Physical and environmental protection | Physical and Environmental Protection | |
Secure systems in lockable equipment cabinets, as necessary. CC ID 06716 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain vault physical security standards. CC ID 02203 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain a guideline for working in a secure area. CC ID 04538 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, implement, and maintain emergency re-entry procedures. CC ID 11672 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, implement, and maintain emergency exit procedures. CC ID 01252 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish, Implement, and maintain a camera operating policy. CC ID 15456 | Physical and environmental protection | Establish/Maintain Documentation | |
Disseminate and communicate the camera installation policy to interested personnel and affected parties. CC ID 15461 | Physical and environmental protection | Communicate | |
Establish and maintain a visitor log. CC ID 00715 | Physical and environmental protection | Log Management | |
Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700 | Physical and environmental protection | Establish/Maintain Documentation | |
Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649 | Physical and environmental protection | Behavior | |
Record the visitor's name in the visitor log. CC ID 00557 | Physical and environmental protection | Log Management | |
Record the visitor's organization in the visitor log. CC ID 12121 | Physical and environmental protection | Log Management | |
Record the visitor's acceptable access areas in the visitor log. CC ID 12237 | Physical and environmental protection | Log Management | |
Record the date and time of entry in the visitor log. CC ID 13255 | Physical and environmental protection | Establish/Maintain Documentation | |
Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466 | Physical and environmental protection | Establish/Maintain Documentation | |
Retain all records in the visitor log as prescribed by law. CC ID 00572 | Physical and environmental protection | Log Management | |
Establish, implement, and maintain a physical access log. CC ID 12080 [Maintain audit logs of physical access. 3.10.4] | Physical and environmental protection | Establish/Maintain Documentation | |
Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641 | Physical and environmental protection | Log Management | |
Store facility access logs in off-site storage. CC ID 06958 | Physical and environmental protection | Log Management | |
Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
Configure video cameras to cover all physical entry points. CC ID 06302 | Physical and environmental protection | Configuration | |
Configure video cameras to prevent physical tampering or disablement. CC ID 06303 | Physical and environmental protection | Configuration | |
Retain video events according to Records Management procedures. CC ID 06304 | Physical and environmental protection | Records Management | |
Establish, implement, and maintain physical security threat reports. CC ID 02207 | Physical and environmental protection | Establish/Maintain Documentation | |
Build and maintain fencing, as necessary. CC ID 02235 | Physical and environmental protection | Physical and Environmental Protection | |
Implement security measures for all interior spaces that allow for any payment transactions. CC ID 06352 | Physical and environmental protection | Physical and Environmental Protection | |
Physically segregate business areas in accordance with organizational standards. CC ID 16718 | Physical and environmental protection | Physical and Environmental Protection | |
Employ security guards to provide physical security, as necessary. CC ID 06653 | Physical and environmental protection | Establish Roles | |
Establish, implement, and maintain a facility wall standard. CC ID 06692 | Physical and environmental protection | Establish/Maintain Documentation | |
Design interior walls with sound absorbing materials as well as thermal resistant materials. CC ID 06372 | Physical and environmental protection | Physical and Environmental Protection | |
Design interior walls that provide security to extend from true floor to true ceiling. CC ID 06693 | Physical and environmental protection | Configuration | |
Refrain from search and seizure inside organizational facilities absent a warrant. CC ID 09980 | Physical and environmental protection | Behavior | |
Disallow either search or seizure of any person inside organizational facilities absent a warrant. CC ID 09981 | Physical and environmental protection | Behavior | |
Disallow copying or excerpting from documents, books, or records that are on or in the premises of an organizational facility absent a warrant. CC ID 09982 | Physical and environmental protection | Business Processes | |
Disallow inspecting computers or searching computer records inside organizational facilities absent a warrant. CC ID 09983 | Physical and environmental protection | Behavior | |
Do nothing to help during a search and seizure inside organizational facilities absent a warrant and being legally compelled to assist. CC ID 09984 | Physical and environmental protection | Behavior | |
Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718 | Physical and environmental protection | Physical and Environmental Protection | |
Control the transiting and internal distribution or external distribution of assets. CC ID 00963 | Physical and environmental protection | Records Management | |
Transport restricted media using a delivery method that can be tracked. CC ID 11777 [Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. 3.8.5] | Physical and environmental protection | Business Processes | |
Restrict physical access to distributed assets. CC ID 11865 [Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. 3.10.1] | Physical and environmental protection | Physical and Environmental Protection | |
House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 | Physical and environmental protection | Physical and Environmental Protection | |
Protect electronic storage media with physical access controls. CC ID 00720 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain removable storage media controls. CC ID 06680 [Limit use of organizational portable storage devices on external information systems. 3.1.21 Control the use of removable media on information system components. 3.8.7] | Physical and environmental protection | Data and Information Management | |
Control access to restricted storage media. CC ID 04889 [Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. 3.8.5] | Physical and environmental protection | Data and Information Management | |
Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 | Physical and environmental protection | Physical and Environmental Protection | |
Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961 | Physical and environmental protection | Records Management | |
Treat archive media as evidence. CC ID 00960 | Physical and environmental protection | Records Management | |
Log the transfer of removable storage media. CC ID 12322 | Physical and environmental protection | Log Management | |
Establish, implement, and maintain storage media access control procedures. CC ID 00959 [Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital. 3.8.1 Limit access to CUI on information system media to authorized users. 3.8.2] | Physical and environmental protection | Establish/Maintain Documentation | |
Require removable storage media be in the custody of an authorized individual. CC ID 12319 | Physical and environmental protection | Behavior | |
Control the storage of restricted storage media. CC ID 00965 | Physical and environmental protection | Records Management | |
Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717 | Physical and environmental protection | Physical and Environmental Protection | |
Protect the combinations for all combination locks. CC ID 02199 | Physical and environmental protection | Physical and Environmental Protection | |
Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200 | Physical and environmental protection | Establish/Maintain Documentation | |
Establish and maintain eavesdropping protection for vaults. CC ID 02231 | Physical and environmental protection | Physical and Environmental Protection | |
Serialize all removable storage media. CC ID 00949 | Physical and environmental protection | Configuration | |
Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [Control connection of mobile devices. 3.1.18] | Physical and environmental protection | Establish/Maintain Documentation | |
Require users to refrain from leaving mobile devices unattended. CC ID 16446 | Physical and environmental protection | Business Processes | |
Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242 | Physical and environmental protection | Data and Information Management | |
Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292 | Physical and environmental protection | Establish/Maintain Documentation | |
Include legal requirements in the mobile device security guidelines. CC ID 12291 | Physical and environmental protection | Establish/Maintain Documentation | |
Include the use of privacy filters in the mobile device security guidelines. CC ID 16452 | Physical and environmental protection | Physical and Environmental Protection | |
Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290 | Physical and environmental protection | Establish/Maintain Documentation | |
Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289 | Physical and environmental protection | Establish/Maintain Documentation | |
Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288 | Physical and environmental protection | Establish/Maintain Documentation | |
Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430 | Physical and environmental protection | Physical and Environmental Protection | |
Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429 | Physical and environmental protection | Physical and Environmental Protection | |
Encrypt information stored on mobile devices. CC ID 01422 [Encrypt CUI on mobile devices. 3.1.19] | Physical and environmental protection | Data and Information Management | |
Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 [Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device. 3.13.12] | Physical and environmental protection | Technical Security | |
Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 [Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device. 3.13.12] | Physical and environmental protection | Technical Security | |
Prepare the alternate facility for an emergency offsite relocation. CC ID 00744 | Operational and Systems Continuity | Systems Continuity | |
Protect backup systems and restoration systems at the alternate facility. CC ID 04883 [Protect the confidentiality of backup CUI at storage locations. 3.8.9] | Operational and Systems Continuity | Systems Continuity | |
Establish, implement, and maintain a personnel management program. CC ID 14018 | Human Resources management | Establish/Maintain Documentation | |
Establish, implement, and maintain a personnel security program. CC ID 10628 | Human Resources management | Establish/Maintain Documentation | |
Establish, implement, and maintain security clearance procedures. CC ID 00783 | Human Resources management | Establish/Maintain Documentation | |
Perform security clearance procedures, as necessary. CC ID 06644 [Screen individuals prior to authorizing access to information systems containing CUI. 3.9.1] | Human Resources management | Human Resources Management | |
Establish and maintain security clearances. CC ID 01634 | Human Resources management | Human Resources Management | |
Establish, implement, and maintain personnel status change and termination procedures. CC ID 06549 [Ensure that CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers. 3.9.2] | Human Resources management | Establish/Maintain Documentation | |
Assign an owner of the personnel status change and termination procedures. CC ID 11805 | Human Resources management | Human Resources Management | |
Notify the security manager, in writing, prior to an employee's job change. CC ID 12283 | Human Resources management | Human Resources Management | |
Notify all interested personnel and affected parties when personnel status changes or an individual is terminated. CC ID 06677 | Human Resources management | Behavior | |
Notify terminated individuals of applicable, legally binding post-employment requirements. CC ID 10630 | Human Resources management | Communicate | |
Enforce the information security responsibilities and duties that remain valid after termination or change of employment. CC ID 11992 | Human Resources management | Human Resources Management | |
Disseminate and communicate the personnel status change and termination procedures to all interested personnel and affected parties. CC ID 06676 | Human Resources management | Behavior | |
Conduct exit interviews upon termination of employment. CC ID 14290 | Human Resources management | Human Resources Management | |
Require terminated individuals to sign an acknowledgment of post-employment requirements. CC ID 10631 | Human Resources management | Establish/Maintain Documentation | |
Establish and maintain the staff structure in line with the strategic plan. CC ID 00764 | Human Resources management | Establish Roles | |
Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960 | Human Resources management | Technical Security | |
Train all personnel and third parties, as necessary. CC ID 00785 | Human Resources management | Behavior | |
Establish, implement, and maintain an education methodology. CC ID 06671 | Human Resources management | Business Processes | |
Tailor training to be taught at each person's level of responsibility. CC ID 06674 [Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities. 3.2.2] | Human Resources management | Behavior | |
Establish, implement, and maintain training plans. CC ID 00828 | Human Resources management | Establish/Maintain Documentation | |
Establish, implement, and maintain a security awareness program. CC ID 11746 | Human Resources management | Establish/Maintain Documentation | |
Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823 [Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. 3.2.1] | Human Resources management | Behavior | |
Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211 [Provide security awareness training on recognizing and reporting potential indicators of insider threat. 3.2.3] | Human Resources management | Behavior | |
Train all personnel and third parties on how to recognize and report system failures. CC ID 13475 | Human Resources management | Training | |
Require personnel to acknowledge, through writing their signature, that they have read and understand the organization's security policies. CC ID 01363 | Human Resources management | Establish/Maintain Documentation | |
Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain an information security program. CC ID 00812 | Operational management | Establish/Maintain Documentation | |
Disseminate and communicate the information security policy to interested personnel and affected parties. CC ID 11739 [Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. 3.2.1] | Operational management | Communicate | |
Establish, implement, and maintain operational control procedures. CC ID 00831 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain Voice over Internet Protocol operating procedures. CC ID 04583 [Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. 3.13.14] | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 | Operational management | Establish/Maintain Documentation | |
Include a software installation policy in the Acceptable Use Policy. CC ID 06749 [Control and monitor user-installed software. 3.4.9] | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain an Asset Management program. CC ID 06630 | Operational management | Business Processes | |
Establish, implement, and maintain an asset inventory. CC ID 06631 [Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. 3.4.1] | Operational management | Business Processes | |
Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689 | Operational management | Establish/Maintain Documentation | |
Include all account types in the Information Technology inventory. CC ID 13311 | Operational management | Establish/Maintain Documentation | |
Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695 | Operational management | Systems Design, Build, and Implementation | |
Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289 | Operational management | Data and Information Management | |
Include each Information System's major applications in the Information Technology inventory. CC ID 01407 | Operational management | Establish/Maintain Documentation | |
Categorize all major applications according to the business information they process. CC ID 07182 | Operational management | Establish/Maintain Documentation | |
Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164 | Operational management | Establish/Maintain Documentation | |
Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408 | Operational management | Establish/Maintain Documentation | |
Include each Information System's minor applications in the Information Technology inventory. CC ID 01409 | Operational management | Establish/Maintain Documentation | |
Conduct environmental surveys. CC ID 00690 | Operational management | Physical and Environmental Protection | |
Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a hardware asset inventory. CC ID 00691 | Operational management | Establish/Maintain Documentation | |
Include network equipment in the Information Technology inventory. CC ID 00693 | Operational management | Establish/Maintain Documentation | |
Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719 | Operational management | Establish/Maintain Documentation | |
Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885 | Operational management | Process or Activity | |
Include software in the Information Technology inventory. CC ID 00692 | Operational management | Establish/Maintain Documentation | |
Establish and maintain a list of authorized software and versions required for each system. CC ID 12093 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a storage media inventory. CC ID 00694 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a records inventory and database inventory. CC ID 01260 | Operational management | Establish/Maintain Documentation | |
Add inventoried assets to the asset register database, as necessary. CC ID 07051 | Operational management | Establish/Maintain Documentation | |
Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181 | Operational management | Establish/Maintain Documentation | |
Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054 | Operational management | Technical Security | |
Link the authentication system to the asset inventory. CC ID 13718 | Operational management | Technical Security | |
Record a unique name for each asset in the asset inventory. CC ID 16305 | Operational management | Data and Information Management | |
Record the decommission date for applicable assets in the asset inventory. CC ID 14920 | Operational management | Establish/Maintain Documentation | |
Record the status of information systems in the asset inventory. CC ID 16304 | Operational management | Data and Information Management | |
Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301 | Operational management | Data and Information Management | |
Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918 | Operational management | Establish/Maintain Documentation | |
Include source code in the asset inventory. CC ID 14858 | Operational management | Records Management | |
Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344 | Operational management | Human Resources Management | |
Record the review date for applicable assets in the asset inventory. CC ID 14919 | Operational management | Establish/Maintain Documentation | |
Record software license information for each asset in the asset inventory. CC ID 11736 | Operational management | Data and Information Management | |
Record services for applicable assets in the asset inventory. CC ID 13733 | Operational management | Establish/Maintain Documentation | |
Record protocols for applicable assets in the asset inventory. CC ID 13734 | Operational management | Establish/Maintain Documentation | |
Record the software version in the asset inventory. CC ID 12196 | Operational management | Establish/Maintain Documentation | |
Record the publisher for applicable assets in the asset inventory. CC ID 13725 | Operational management | Establish/Maintain Documentation | |
Record the authentication system in the asset inventory. CC ID 13724 | Operational management | Establish/Maintain Documentation | |
Tag unsupported assets in the asset inventory. CC ID 13723 | Operational management | Establish/Maintain Documentation | |
Record the install date for applicable assets in the asset inventory. CC ID 13720 | Operational management | Establish/Maintain Documentation | |
Record the make, model of device for applicable assets in the asset inventory. CC ID 12465 | Operational management | Establish/Maintain Documentation | |
Record the asset tag for physical assets in the asset inventory. CC ID 06632 | Operational management | Establish/Maintain Documentation | |
Record the host name of applicable assets in the asset inventory. CC ID 13722 | Operational management | Establish/Maintain Documentation | |
Record network ports for applicable assets in the asset inventory. CC ID 13730 | Operational management | Establish/Maintain Documentation | |
Record the MAC address for applicable assets in the asset inventory. CC ID 13721 | Operational management | Establish/Maintain Documentation | |
Record the operating system version for applicable assets in the asset inventory. CC ID 11748 | Operational management | Data and Information Management | |
Record the operating system type for applicable assets in the asset inventory. CC ID 06633 | Operational management | Establish/Maintain Documentation | |
Record rooms at external locations in the asset inventory. CC ID 16302 | Operational management | Data and Information Management | |
Record the department associated with the asset in the asset inventory. CC ID 12084 | Operational management | Establish/Maintain Documentation | |
Record the physical location for applicable assets in the asset inventory. CC ID 06634 | Operational management | Establish/Maintain Documentation | |
Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635 | Operational management | Establish/Maintain Documentation | |
Record the firmware version for applicable assets in the asset inventory. CC ID 12195 | Operational management | Establish/Maintain Documentation | |
Record the related business function for applicable assets in the asset inventory. CC ID 06636 | Operational management | Establish/Maintain Documentation | |
Record the deployment environment for applicable assets in the asset inventory. CC ID 06637 | Operational management | Establish/Maintain Documentation | |
Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638 | Operational management | Establish/Maintain Documentation | |
Record trusted keys and certificates in the asset inventory. CC ID 15486 | Operational management | Data and Information Management | |
Record cipher suites and protocols in the asset inventory. CC ID 15489 | Operational management | Data and Information Management | |
Link the software asset inventory to the hardware asset inventory. CC ID 12085 | Operational management | Establish/Maintain Documentation | |
Record the owner for applicable assets in the asset inventory. CC ID 06640 | Operational management | Establish/Maintain Documentation | |
Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696 | Operational management | Establish/Maintain Documentation | |
Record all changes to assets in the asset inventory. CC ID 12190 | Operational management | Establish/Maintain Documentation | |
Record cloud service derived data in the asset inventory. CC ID 13007 | Operational management | Establish/Maintain Documentation | |
Include cloud service customer data in the asset inventory. CC ID 13006 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a system preventive maintenance program. CC ID 00885 | Operational management | Establish/Maintain Documentation | |
Obtain approval before removing maintenance tools from the facility. CC ID 14298 | Operational management | Business Processes | |
Control remote maintenance according to the system's asset classification. CC ID 01433 | Operational management | Technical Security | |
Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 [Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. 3.7.5] | Operational management | Technical Security | |
Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295 | Operational management | Maintenance | |
Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291 | Operational management | Maintenance | |
Perform periodic maintenance according to organizational standards. CC ID 01435 [Perform maintenance on organizational information systems. 3.7.1] | Operational management | Behavior | |
Restart systems on a periodic basis. CC ID 16498 | Operational management | Maintenance | |
Remove components being serviced from the information system prior to performing maintenance. CC ID 14251 | Operational management | Maintenance | |
Employ dedicated systems during system maintenance. CC ID 12108 | Operational management | Technical Security | |
Isolate dedicated systems used for system maintenance from Internet access. CC ID 12114 | Operational management | Technical Security | |
Control granting access to appropriate parties performing maintenance on organizational assets. CC ID 11873 | Operational management | Human Resources Management | |
Identify and authenticate appropriate parties prior to granting access to maintain assets. CC ID 11874 | Operational management | Physical and Environmental Protection | |
Establish, implement, and maintain a customer service program. CC ID 00846 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain an Incident Management program. CC ID 00853 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Business Processes | |
Establish, implement, and maintain an incident management policy. CC ID 16414 | Operational management | Establish/Maintain Documentation | |
Define and assign the roles and responsibilities for Incident Management program. CC ID 13055 | Operational management | Human Resources Management | |
Define the uses and capabilities of the Incident Management program. CC ID 00854 | Operational management | Establish/Maintain Documentation | |
Include incident escalation procedures in the Incident Management program. CC ID 00856 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Establish/Maintain Documentation | |
Define the characteristics of the Incident Management program. CC ID 00855 | Operational management | Establish/Maintain Documentation | |
Include the criteria for a data loss event in the Incident Management program. CC ID 12179 | Operational management | Establish/Maintain Documentation | |
Include the criteria for an incident in the Incident Management program. CC ID 12173 | Operational management | Establish/Maintain Documentation | |
Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504 | Operational management | Establish/Maintain Documentation | |
Include detection procedures in the Incident Management program. CC ID 00588 | Operational management | Establish/Maintain Documentation | |
Categorize the incident following an incident response. CC ID 13208 | Operational management | Technical Security | |
Define and document impact thresholds to be used in categorizing incidents. CC ID 10033 | Operational management | Establish/Maintain Documentation | |
Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095 | Operational management | Establish/Maintain Documentation | |
Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036 | Operational management | Data and Information Management | |
Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539 | Operational management | Communicate | |
Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538 | Operational management | Communicate | |
Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547 | Operational management | Establish/Maintain Documentation | |
Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797 | Operational management | Communicate | |
Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782 | Operational management | Communicate | |
Remediate security violations according to organizational standards. CC ID 12338 | Operational management | Business Processes | |
Include data loss event notifications in the Incident Response program. CC ID 00364 | Operational management | Establish/Maintain Documentation | |
Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954 | Operational management | Establish/Maintain Documentation | |
Include required information in the written request to delay the notification to affected parties. CC ID 16785 | Operational management | Establish/Maintain Documentation | |
Submit written requests to delay the notification of affected parties. CC ID 16783 | Operational management | Communicate | |
Revoke the written request to delay the notification. CC ID 16843 | Operational management | Process or Activity | |
Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985 | Operational management | Establish/Maintain Documentation | |
Refrain from charging for providing incident response notifications. CC ID 13876 | Operational management | Business Processes | |
Title breach notifications "Notice of Data Breach". CC ID 12977 | Operational management | Establish/Maintain Documentation | |
Display titles of incident response notifications clearly and conspicuously. CC ID 12986 | Operational management | Establish/Maintain Documentation | |
Display headings in incident response notifications clearly and conspicuously. CC ID 12987 | Operational management | Establish/Maintain Documentation | |
Design the incident response notification to call attention to its nature and significance. CC ID 12984 | Operational management | Establish/Maintain Documentation | |
Use plain language to write incident response notifications. CC ID 12976 | Operational management | Establish/Maintain Documentation | |
Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983 | Operational management | Establish/Maintain Documentation | |
Refrain from including restricted information in the incident response notification. CC ID 16806 | Operational management | Actionable Reports or Measurements | |
Include the affected parties rights in the incident response notification. CC ID 16811 | Operational management | Establish/Maintain Documentation | |
Include details of the investigation in incident response notifications. CC ID 12296 | Operational management | Establish/Maintain Documentation | |
Include the issuer's name in incident response notifications. CC ID 12062 | Operational management | Establish/Maintain Documentation | |
Include a "What Happened" heading in breach notifications. CC ID 12978 | Operational management | Establish/Maintain Documentation | |
Include a general description of the data loss event in incident response notifications. CC ID 04734 | Operational management | Establish/Maintain Documentation | |
Include time information in incident response notifications. CC ID 04745 | Operational management | Establish/Maintain Documentation | |
Include the identification of the data source in incident response notifications. CC ID 12305 | Operational management | Establish/Maintain Documentation | |
Include a "What Information Was Involved" heading in the breach notification. CC ID 12979 | Operational management | Establish/Maintain Documentation | |
Include the type of information that was lost in incident response notifications. CC ID 04735 | Operational management | Establish/Maintain Documentation | |
Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776 | Operational management | Establish/Maintain Documentation | |
Include a "What We Are Doing" heading in the breach notification. CC ID 12982 | Operational management | Establish/Maintain Documentation | |
Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736 | Operational management | Establish/Maintain Documentation | |
Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737 | Operational management | Establish/Maintain Documentation | |
Include a "For More Information" heading in breach notifications. CC ID 12981 | Operational management | Establish/Maintain Documentation | |
Include details of the companies and persons involved in incident response notifications. CC ID 12295 | Operational management | Establish/Maintain Documentation | |
Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744 | Operational management | Establish/Maintain Documentation | |
Include the reporting individual's contact information in incident response notifications. CC ID 12297 | Operational management | Establish/Maintain Documentation | |
Include any consequences in the incident response notifications. CC ID 12604 | Operational management | Establish/Maintain Documentation | |
Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746 | Operational management | Establish/Maintain Documentation | |
Include a "What You Can Do" heading in the breach notification. CC ID 12980 | Operational management | Establish/Maintain Documentation | |
Include contact information in incident response notifications. CC ID 04739 | Operational management | Establish/Maintain Documentation | |
Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085 | Operational management | Communicate | |
Post the incident response notification on the organization's website. CC ID 16809 | Operational management | Process or Activity | |
Document the determination for providing a substitute incident response notification. CC ID 16841 | Operational management | Process or Activity | |
Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747 | Operational management | Behavior | |
Include contact information in the substitute incident response notification. CC ID 16776 | Operational management | Establish/Maintain Documentation | |
Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748 | Operational management | Establish/Maintain Documentation | |
Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750 | Operational management | Behavior | |
Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769 | Operational management | Behavior | |
Establish, implement, and maintain a containment strategy. CC ID 13480 | Operational management | Establish/Maintain Documentation | |
Include the containment approach in the containment strategy. CC ID 13486 | Operational management | Establish/Maintain Documentation | |
Include response times in the containment strategy. CC ID 13485 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a restoration log. CC ID 12745 | Operational management | Establish/Maintain Documentation | |
Include a description of the restored data that was restored manually in the restoration log. CC ID 15463 | Operational management | Data and Information Management | |
Include a description of the restored data in the restoration log. CC ID 15462 | Operational management | Data and Information Management | |
Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592 | Operational management | Establish/Maintain Documentation | |
Analyze security violations in Suspicious Activity Reports. CC ID 00591 | Operational management | Establish/Maintain Documentation | |
Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234 | Operational management | Monitor and Evaluate Occurrences | |
Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298 | Operational management | Investigate | |
Update the incident response procedures using the lessons learned. CC ID 01233 | Operational management | Establish/Maintain Documentation | |
Include incident monitoring procedures in the Incident Management program. CC ID 01207 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Establish/Maintain Documentation | |
Include incident response procedures in the Incident Management program. CC ID 01218 | Operational management | Establish/Maintain Documentation | |
Integrate configuration management procedures into the incident management program. CC ID 13647 | Operational management | Technical Security | |
Include incident management procedures in the Incident Management program. CC ID 12689 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334 | Operational management | Establish/Maintain Documentation | |
Include after-action analysis procedures in the Incident Management program. CC ID 01219 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain security and breach investigation procedures. CC ID 16844 | Operational management | Establish/Maintain Documentation | |
Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain incident management audit logs. CC ID 13514 | Operational management | Records Management | |
Log incidents in the Incident Management audit log. CC ID 00857 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Operational management | Establish/Maintain Documentation | |
Include who the incident was reported to in the incident management audit log. CC ID 16487 | Operational management | Log Management | |
Include corrective actions in the incident management audit log. CC ID 16466 | Operational management | Establish/Maintain Documentation | |
Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 | Operational management | Log Management | |
Include emergency processing priorities in the Incident Management program. CC ID 00859 | Operational management | Establish/Maintain Documentation | |
Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387 | Operational management | Establish/Maintain Documentation | |
Include incident record closure procedures in the Incident Management program. CC ID 01620 | Operational management | Establish/Maintain Documentation | |
Include incident reporting procedures in the Incident Management program. CC ID 11772 [Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization. 3.6.2] | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain incident reporting time frame standards. CC ID 12142 | Operational management | Communicate | |
Establish, implement, and maintain an Incident Response program. CC ID 00579 | Operational management | Establish/Maintain Documentation | |
Include incident response team structures in the Incident Response program. CC ID 01237 | Operational management | Establish/Maintain Documentation | |
Include the incident response team member's roles and responsibilities in the Incident Response program. CC ID 01652 | Operational management | Establish Roles | |
Include the incident response point of contact's roles and responsibilities in the Incident Response program. CC ID 01877 | Operational management | Establish Roles | |
Include references to industry best practices in the incident response procedures. CC ID 11956 | Operational management | Establish/Maintain Documentation | |
Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949 | Operational management | Establish/Maintain Documentation | |
Include business recovery procedures in the Incident Response program. CC ID 11774 [Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. 3.6.1] | Operational management | Establish/Maintain Documentation | |
Document the results of incident response tests and provide them to senior management. CC ID 14857 | Operational management | Actionable Reports or Measurements | |
Establish, implement, and maintain a change control program. CC ID 00886 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Establish/Maintain Documentation | |
Include potential consequences of unintended changes in the change control program. CC ID 12243 | Operational management | Establish/Maintain Documentation | |
Include version control in the change control program. CC ID 13119 | Operational management | Establish/Maintain Documentation | |
Include service design and transition in the change control program. CC ID 13920 | Operational management | Establish/Maintain Documentation | |
Separate the production environment from development environment or test environment for the change control process. CC ID 11864 | Operational management | Maintenance | |
Integrate configuration management procedures into the change control program. CC ID 13646 | Operational management | Technical Security | |
Establish, implement, and maintain a back-out plan. CC ID 13623 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain back-out procedures for each proposed change in a change request. CC ID 00373 | Operational management | Establish/Maintain Documentation | |
Manage change requests. CC ID 00887 | Operational management | Business Processes | |
Include documentation of the impact level of proposed changes in the change request. CC ID 11942 | Operational management | Establish/Maintain Documentation | |
Establish and maintain a change request approver list. CC ID 06795 | Operational management | Establish/Maintain Documentation | |
Document all change requests in change request forms. CC ID 06794 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Establish/Maintain Documentation | |
Approve tested change requests. CC ID 11783 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Data and Information Management | |
Validate the system before implementing approved changes. CC ID 01510 [Track, review, approve/disapprove, and audit changes to information systems. 3.4.3] | Operational management | Systems Design, Build, and Implementation | |
Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807 | Operational management | Behavior | |
Establish, implement, and maintain emergency change procedures. CC ID 00890 | Operational management | Establish/Maintain Documentation | |
Perform emergency changes, as necessary. CC ID 12707 | Operational management | Process or Activity | |
Back up emergency changes after the change has been performed. CC ID 12734 | Operational management | Process or Activity | |
Log emergency changes after they have been performed. CC ID 12733 | Operational management | Establish/Maintain Documentation | |
Perform risk assessments prior to approving change requests. CC ID 00888 [Analyze the security impact of changes prior to implementation. 3.4.4] | Operational management | Testing | |
Implement changes according to the change control program. CC ID 11776 | Operational management | Business Processes | |
Provide audit trails for all approved changes. CC ID 13120 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a patch management program. CC ID 00896 [Identify, report, and correct information and information system flaws in a timely manner. 3.14.1] | Operational management | Process or Activity | |
Document the sources of all software updates. CC ID 13316 | Operational management | Establish/Maintain Documentation | |
Implement patch management software, as necessary. CC ID 12094 | Operational management | Technical Security | |
Include updates and exceptions to hardened images as a part of the patch management program. CC ID 12087 | Operational management | Technical Security | |
Establish, implement, and maintain a patch management policy. CC ID 16432 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain patch management procedures. CC ID 15224 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a patch log. CC ID 01642 | Operational management | Establish/Maintain Documentation | |
Prioritize deploying patches according to vulnerability risk metrics. CC ID 06796 | Operational management | Business Processes | |
Establish, implement, and maintain a software release policy. CC ID 00893 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain traceability documentation. CC ID 16388 | Operational management | Systems Design, Build, and Implementation | |
Disseminate and communicate software update information to users and regulators. CC ID 06602 | Operational management | Behavior | |
Allow interested personnel and affected parties to opt out of specific version releases and software updates. CC ID 06809 | Operational management | Data and Information Management | |
Update associated documentation after the system configuration has been changed. CC ID 00891 | Operational management | Establish/Maintain Documentation | |
Establish, implement, and maintain a Configuration Management program. CC ID 00867 | System hardening through configuration management | Establish/Maintain Documentation | |
Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [Establish and enforce security configuration settings for information technology products employed in organizational information systems. 3.4.2 Employ the principle of least functionality by configuring the information system to provide only essential capabilities. 3.4.6 Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. 3.4.1] | System hardening through configuration management | Establish/Maintain Documentation | |
Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285 | System hardening through configuration management | Establish/Maintain Documentation | |
Include the differences between test environments and production environments in the baseline configuration. CC ID 13284 | System hardening through configuration management | Establish/Maintain Documentation | |
Include the applied security patches in the baseline configuration. CC ID 13271 | System hardening through configuration management | Establish/Maintain Documentation | |
Include the installed application software and version numbers in the baseline configuration. CC ID 13270 | System hardening through configuration management | Establish/Maintain Documentation | |
Include installed custom software in the baseline configuration. CC ID 13274 | System hardening through configuration management | Establish/Maintain Documentation | |
Include network ports in the baseline configuration. CC ID 13273 | System hardening through configuration management | Establish/Maintain Documentation | |
Include the operating systems and version numbers in the baseline configuration. CC ID 13269 | System hardening through configuration management | Establish/Maintain Documentation | |
Establish, implement, and maintain system hardening procedures. CC ID 12001 | System hardening through configuration management | Establish/Maintain Documentation | |
Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 [Terminate (automatically) a user session after a defined condition. 3.1.11 Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. 3.13.9] | System hardening through configuration management | Configuration | |
Refrain from using assertion lifetimes to limit each session. CC ID 13871 | System hardening through configuration management | Technical Security | |
Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 | System hardening through configuration management | Configuration | |
Invalidate unexpected session identifiers. CC ID 15307 | System hardening through configuration management | Configuration | |
Configure the "MaxStartups" settings to organizational standards. CC ID 15329 | System hardening through configuration management | Configuration | |
Reject session identifiers that are not valid. CC ID 15306 | System hardening through configuration management | Configuration | |
Configure the "MaxSessions" settings to organizational standards. CC ID 15330 | System hardening through configuration management | Configuration | |
Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 | System hardening through configuration management | Configuration | |
Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 | System hardening through configuration management | Configuration | |
Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738 | System hardening through configuration management | Configuration | |
Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 | System hardening through configuration management | Configuration | |
Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 | System hardening through configuration management | Configuration | |
Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 | System hardening through configuration management | Configuration | |
Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 | System hardening through configuration management | Configuration | |
Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 | System hardening through configuration management | Configuration | |
Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 | System hardening through configuration management | Configuration | |
Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 | System hardening through configuration management | Configuration | |
Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 | System hardening through configuration management | Configuration | |
Remove all unnecessary functionality. CC ID 00882 | System hardening through configuration management | Configuration | |
Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827 | System hardening through configuration management | Configuration | |
Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 [Prohibit the use of portable storage devices when such devices have no identifiable owner. 3.8.8] | System hardening through configuration management | Data and Information Management | |
Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477 | System hardening through configuration management | Configuration | |
Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880 [Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols, and services. 3.4.7] | System hardening through configuration management | Configuration | |
Disable rquotad unless rquotad is absolutely necessary. CC ID 01473 | System hardening through configuration management | Configuration | |
Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983 | System hardening through configuration management | Configuration | |
Disable telnet unless telnet use is absolutely necessary. CC ID 01478 | System hardening through configuration management | Configuration | |
Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479 | System hardening through configuration management | Configuration | |
Configure anonymous FTP to restrict the use of restricted data. CC ID 16314 | System hardening through configuration management | Configuration | |
Disable anonymous access to File Transfer Protocol. CC ID 06739 | System hardening through configuration management | Configuration | |
Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485 | System hardening through configuration management | Configuration | |
Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486 | System hardening through configuration management | Configuration | |
Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500 | System hardening through configuration management | Configuration | |
Disable alerter unless alerter use is absolutely necessary. CC ID 01810 | System hardening through configuration management | Configuration | |
Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812 | System hardening through configuration management | Configuration | |
Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813 | System hardening through configuration management | Configuration | |
Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815 | System hardening through configuration management | Configuration | |
Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817 | System hardening through configuration management | Configuration | |
Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818 | System hardening through configuration management | Configuration | |
Disable net logon unless net logon use is absolutely necessary. CC ID 01820 | System hardening through configuration management | Configuration | |
Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822 | System hardening through configuration management | Configuration | |
Disable the "Offer Remote Assistance" setting. CC ID 04325 | System hardening through configuration management | Configuration | |
Disable the "Solicited Remote Assistance" setting. CC ID 04326 | System hardening through configuration management | Configuration | |
Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823 | System hardening through configuration management | Configuration | |
Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824 | System hardening through configuration management | Configuration | |
Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829 | System hardening through configuration management | Configuration | |
Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831 | System hardening through configuration management | Configuration | |
Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832 | System hardening through configuration management | Configuration | |
Disable File Service Protocol. CC ID 02167 | System hardening through configuration management | Configuration | |
Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282 | System hardening through configuration management | Configuration | |
Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285 | System hardening through configuration management | Configuration | |
Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286 | System hardening through configuration management | Configuration | |
Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287 | System hardening through configuration management | Configuration | |
Disable remote installation unless remote installation is absolutely necessary. CC ID 04288 | System hardening through configuration management | Configuration | |
Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289 | System hardening through configuration management | Configuration | |
Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290 | System hardening through configuration management | Configuration | |
Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291 | System hardening through configuration management | Configuration | |
Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292 | System hardening through configuration management | Configuration | |
Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293 | System hardening through configuration management | Configuration | |
Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294 | System hardening through configuration management | Configuration | |
Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315 | System hardening through configuration management | Configuration | |
Configure the "ntpd service" setting to organizational standards. CC ID 04911 | System hardening through configuration management | Configuration | |
Configure the "echo service" setting to organizational standards. CC ID 04912 | System hardening through configuration management | Configuration | |
Configure the "echo-dgram service" setting to organizational standards. CC ID 09927 | System hardening through configuration management | Configuration | |
Configure the "echo-stream service" setting to organizational standards. CC ID 09928 | System hardening through configuration management | Configuration | |
Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327 | System hardening through configuration management | Configuration | |
Configure the "tcpmux-server" setting to organizational standards. CC ID 09929 | System hardening through configuration management | Configuration | |
Configure the "netstat service" setting to organizational standards. CC ID 04913 | System hardening through configuration management | Configuration | |
Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914 | System hardening through configuration management | Configuration | |
Configure the "tftpd service" setting to organizational standards. CC ID 04915 | System hardening through configuration management | Configuration | |
Configure the "walld service" setting to organizational standards. CC ID 04916 | System hardening through configuration management | Configuration | |
Configure the "rstatd service" setting to organizational standards. CC ID 04917 | System hardening through configuration management | Configuration | |
Configure the "sprayd service" setting to organizational standards. CC ID 04918 | System hardening through configuration management | Configuration | |
Configure the "rusersd service" setting to organizational standards. CC ID 04919 | System hardening through configuration management | Configuration | |
Configure the "inn service" setting to organizational standards. CC ID 04920 | System hardening through configuration management | Configuration | |
Configure the "font service" setting to organizational standards. CC ID 04921 | System hardening through configuration management | Configuration | |
Configure the "ident service" setting to organizational standards. CC ID 04922 | System hardening through configuration management | Configuration | |
Configure the "rexd service" setting to organizational standards. CC ID 04923 | System hardening through configuration management | Configuration | |
Configure the "daytime service" setting to organizational standards. CC ID 04924 | System hardening through configuration management | Configuration | |
Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925 | System hardening through configuration management | Configuration | |
Configure the "cmsd service" setting to organizational standards. CC ID 04926 | System hardening through configuration management | Configuration | |
Configure the "ToolTalk service" setting to organizational standards. CC ID 04927 | System hardening through configuration management | Configuration | |
Configure the "discard service" setting to organizational standards. CC ID 04928 | System hardening through configuration management | Configuration | |
Configure the "vino-server service" setting to organizational standards. CC ID 04929 | System hardening through configuration management | Configuration | |
Configure the "bind service" setting to organizational standards. CC ID 04930 | System hardening through configuration management | Configuration | |
Configure the "nfsd service" setting to organizational standards. CC ID 04931 | System hardening through configuration management | Configuration | |
Configure the "mountd service" setting to organizational standards. CC ID 04932 | System hardening through configuration management | Configuration | |
Configure the "statd service" setting to organizational standards. CC ID 04933 | System hardening through configuration management | Configuration | |
Configure the "lockd service" setting to organizational standards. CC ID 04934 | System hardening through configuration management | Configuration | |
Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980 | System hardening through configuration management | Configuration | |
Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935 | System hardening through configuration management | Configuration | |
Configure the sendmail vrfy command, as appropriate. CC ID 04936 | System hardening through configuration management | Configuration | |
Configure the sendmail expn command, as appropriate. CC ID 04937 | System hardening through configuration management | Configuration | |
Configure .netrc with an appropriate set of services. CC ID 04938 | System hardening through configuration management | Configuration | |
Enable NFS insecure locks as necessary. CC ID 04939 | System hardening through configuration management | Configuration | |
Configure the "X server ac" setting to organizational standards. CC ID 04940 | System hardening through configuration management | Configuration | |
Configure the "X server core" setting to organizational standards. CC ID 04941 | System hardening through configuration management | Configuration | |
Enable or disable the setroubleshoot service, as appropriate. CC ID 05540 | System hardening through configuration management | Configuration | |
Configure the "X server nolock" setting to organizational standards. CC ID 04942 | System hardening through configuration management | Configuration | |
Enable or disable the mcstrans service, as appropriate. CC ID 05541 | System hardening through configuration management | Configuration | |
Configure the "PAM console" setting to organizational standards. CC ID 04943 | System hardening through configuration management | Configuration | |
Enable or disable the restorecond service, as appropriate. CC ID 05542 | System hardening through configuration management | Configuration | |
Enable the rhnsd service as necessary. CC ID 04944 | System hardening through configuration management | Configuration | |
Enable the yum-updatesd service as necessary. CC ID 04945 | System hardening through configuration management | Configuration | |
Enable the autofs service as necessary. CC ID 04946 | System hardening through configuration management | Configuration | |
Enable the ip6tables service as necessary. CC ID 04947 | System hardening through configuration management | Configuration | |
Configure syslog to organizational standards. CC ID 04949 | System hardening through configuration management | Configuration | |
Enable the auditd service as necessary. CC ID 04950 | System hardening through configuration management | Configuration | |
Enable the logwatch service as necessary. CC ID 04951 | System hardening through configuration management | Configuration | |
Enable the logrotate (syslog rotator) service as necessary. CC ID 04952 | System hardening through configuration management | Configuration | |
Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953 | System hardening through configuration management | Configuration | |
Enable the ypbind service as necessary. CC ID 04954 | System hardening through configuration management | Configuration | |
Enable the ypserv service as necessary. CC ID 04955 | System hardening through configuration management | Configuration | |
Enable the firstboot service as necessary. CC ID 04956 | System hardening through configuration management | Configuration | |
Enable the gpm service as necessary. CC ID 04957 | System hardening through configuration management | Configuration | |
Enable the irqbalance service as necessary. CC ID 04958 | System hardening through configuration management | Configuration | |
Enable the isdn service as necessary. CC ID 04959 | System hardening through configuration management | Configuration | |
Enable the kdump service as necessary. CC ID 04960 | System hardening through configuration management | Configuration | |
Enable the mdmonitor service as necessary. CC ID 04961 | System hardening through configuration management | Configuration | |
Enable the microcode_ctl service as necessary. CC ID 04962 | System hardening through configuration management | Configuration | |
Enable the pcscd service as necessary. CC ID 04963 | System hardening through configuration management | Configuration | |
Enable the smartd service as necessary. CC ID 04964 | System hardening through configuration management | Configuration | |
Enable the readahead_early service as necessary. CC ID 04965 | System hardening through configuration management | Configuration | |
Enable the readahead_later service as necessary. CC ID 04966 | System hardening through configuration management | Configuration | |
Enable the messagebus service as necessary. CC ID 04967 | System hardening through configuration management | Configuration | |
Enable the haldaemon service as necessary. CC ID 04968 | System hardening through configuration management | Configuration | |
Enable the apmd service as necessary. CC ID 04969 | System hardening through configuration management | Configuration | |
Enable the acpid service as necessary. CC ID 04970 | System hardening through configuration management | Configuration | |
Enable the cpuspeed service as necessary. CC ID 04971 | System hardening through configuration management | Configuration | |
Enable the network service as necessary. CC ID 04972 | System hardening through configuration management | Configuration | |
Enable the hidd service as necessary. CC ID 04973 | System hardening through configuration management | Configuration | |
Enable the crond service as necessary. CC ID 04974 | System hardening through configuration management | Configuration | |
Install and enable the anacron service as necessary. CC ID 04975 | System hardening through configuration management | Configuration | |
Enable the xfs service as necessary. CC ID 04976 | System hardening through configuration management | Configuration | |
Install and enable the Avahi daemon service, as necessary. CC ID 04977 | System hardening through configuration management | Configuration | |
Enable the CUPS service, as necessary. CC ID 04978 | System hardening through configuration management | Configuration | |
Enable the hplip service as necessary. CC ID 04979 | System hardening through configuration management | Configuration | |
Enable the dhcpd service as necessary. CC ID 04980 | System hardening through configuration management | Configuration | |
Enable the nfslock service as necessary. CC ID 04981 | System hardening through configuration management | Configuration | |
Enable the rpcgssd service as necessary. CC ID 04982 | System hardening through configuration management | Configuration | |
Enable the rpcidmapd service as necessary. CC ID 04983 | System hardening through configuration management | Configuration | |
Enable the rpcsvcgssd service as necessary. CC ID 04985 | System hardening through configuration management | Configuration | |
Configure root squashing for all NFS shares, as appropriate. CC ID 04986 | System hardening through configuration management | Configuration | |
Configure write access to NFS shares, as appropriate. CC ID 04987 | System hardening through configuration management | Configuration | |
Configure the named service, as appropriate. CC ID 04988 | System hardening through configuration management | Configuration | |
Configure the vsftpd service, as appropriate. CC ID 04989 | System hardening through configuration management | Configuration | |
Configure the “dovecot” service to organizational standards. CC ID 04990 | System hardening through configuration management | Configuration | |
Configure Server Message Block (SMB) to organizational standards. CC ID 04991 | System hardening through configuration management | Configuration | |
Enable the snmpd service as necessary. CC ID 04992 | System hardening through configuration management | Configuration | |
Enable the calendar manager as necessary. CC ID 04993 | System hardening through configuration management | Configuration | |
Enable the GNOME logon service as necessary. CC ID 04994 | System hardening through configuration management | Configuration | |
Enable the WBEM services as necessary. CC ID 04995 | System hardening through configuration management | Configuration | |
Enable the keyserv service as necessary. CC ID 04996 | System hardening through configuration management | Configuration | |
Enable the Generic Security Service daemon as necessary. CC ID 04997 | System hardening through configuration management | Configuration | |
Enable the volfs service as necessary. CC ID 04998 | System hardening through configuration management | Configuration | |
Enable the smserver service as necessary. CC ID 04999 | System hardening through configuration management | Configuration | |
Enable the mpxio-upgrade service as necessary. CC ID 05000 | System hardening through configuration management | Configuration | |
Enable the metainit service as necessary. CC ID 05001 | System hardening through configuration management | Configuration | |
Enable the meta service as necessary. CC ID 05003 | System hardening through configuration management | Configuration | |
Enable the metaed service as necessary. CC ID 05004 | System hardening through configuration management | Configuration | |
Enable the metamh service as necessary. CC ID 05005 | System hardening through configuration management | Configuration | |
Enable the Local RPC Port Mapping Service as necessary. CC ID 05006 | System hardening through configuration management | Configuration | |
Enable the Kerberos kadmind service as necessary. CC ID 05007 | System hardening through configuration management | Configuration | |
Enable the Kerberos krb5kdc service as necessary. CC ID 05008 | System hardening through configuration management | Configuration | |
Enable the Kerberos kpropd service as necessary. CC ID 05009 | System hardening through configuration management | Configuration | |
Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010 | System hardening through configuration management | Configuration | |
Enable the sadmin service as necessary. CC ID 05011 | System hardening through configuration management | Configuration | |
Enable the IPP listener as necessary. CC ID 05012 | System hardening through configuration management | Configuration | |
Enable the serial port listener as necessary. CC ID 05013 | System hardening through configuration management | Configuration | |
Enable the Smart Card Helper service as necessary. CC ID 05014 | System hardening through configuration management | Configuration | |
Enable the Application Management service as necessary. CC ID 05015 | System hardening through configuration management | Configuration | |
Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016 | System hardening through configuration management | Configuration | |
Enable the Network News Transport Protocol service as necessary. CC ID 05017 | System hardening through configuration management | Configuration | |
Enable the network Dynamic Data Exchange service as necessary. CC ID 05018 | System hardening through configuration management | Configuration | |
Enable the Distributed Link Tracking Server service as necessary. CC ID 05019 | System hardening through configuration management | Configuration | |
Enable the RARP service as necessary. CC ID 05020 | System hardening through configuration management | Configuration | |
Configure the ".NET Framework service" setting to organizational standards. CC ID 05021 | System hardening through configuration management | Configuration | |
Enable the Network DDE Share Database Manager service as necessary. CC ID 05022 | System hardening through configuration management | Configuration | |
Enable the Certificate Services service as necessary. CC ID 05023 | System hardening through configuration management | Configuration | |
Configure the ATI hotkey poller service properly. CC ID 05024 | System hardening through configuration management | Configuration | |
Configure the Interix Subsystem Startup service properly. CC ID 05025 | System hardening through configuration management | Configuration | |
Configure the Cluster Service service properly. CC ID 05026 | System hardening through configuration management | Configuration | |
Configure the IAS Jet Database Access service properly. CC ID 05027 | System hardening through configuration management | Configuration | |
Configure the IAS service properly. CC ID 05028 | System hardening through configuration management | Configuration | |
Configure the IP Version 6 Helper service properly. CC ID 05029 | System hardening through configuration management | Configuration | |
Configure "Message Queuing service" to organizational standards. CC ID 05030 | System hardening through configuration management | Configuration | |
Configure the Message Queuing Down Level Clients service properly. CC ID 05031 | System hardening through configuration management | Configuration | |
Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033 | System hardening through configuration management | Configuration | |
Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034 | System hardening through configuration management | Configuration | |
Configure the Utility Manager service properly. CC ID 05035 | System hardening through configuration management | Configuration | |
Configure the secondary logon service properly. CC ID 05036 | System hardening through configuration management | Configuration | |
Configure the Windows Management Instrumentation service properly. CC ID 05037 | System hardening through configuration management | Configuration | |
Configure the Workstation service properly. CC ID 05038 | System hardening through configuration management | Configuration | |
Configure the Windows Installer service properly. CC ID 05039 | System hardening through configuration management | Configuration | |
Configure the Windows System Resource Manager service properly. CC ID 05040 | System hardening through configuration management | Configuration | |
Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041 | System hardening through configuration management | Configuration | |
Configure the Services for Unix Client for NFS service properly. CC ID 05042 | System hardening through configuration management | Configuration | |
Configure the Services for Unix Server for PCNFS service properly. CC ID 05043 | System hardening through configuration management | Configuration | |
Configure the Services for Unix Perl Socket service properly. CC ID 05044 | System hardening through configuration management | Configuration | |
Configure the Services for Unix User Name Mapping service properly. CC ID 05045 | System hardening through configuration management | Configuration | |
Configure the Services for Unix Windows Cron service properly. CC ID 05046 | System hardening through configuration management | Configuration | |
Configure the Windows Media Services service properly. CC ID 05047 | System hardening through configuration management | Configuration | |
Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048 | System hardening through configuration management | Configuration | |
Configure the Web Element Manager service properly. CC ID 05049 | System hardening through configuration management | Configuration | |
Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050 | System hardening through configuration management | Configuration | |
Configure the Terminal Services Licensing service properly. CC ID 05051 | System hardening through configuration management | Configuration | |
Configure the COM+ Event System service properly. CC ID 05052 | System hardening through configuration management | Configuration | |
Configure the Event Log service properly. CC ID 05053 | System hardening through configuration management | Configuration | |
Configure the Infrared Monitor service properly. CC ID 05054 | System hardening through configuration management | Configuration | |
Configure the Services for Unix Server for NFS service properly. CC ID 05055 | System hardening through configuration management | Configuration | |
Configure the System Event Notification Service properly. CC ID 05056 | System hardening through configuration management | Configuration | |
Configure the NTLM Security Support Provider service properly. CC ID 05057 | System hardening through configuration management | Configuration | |
Configure the Performance Logs and Alerts service properly. CC ID 05058 | System hardening through configuration management | Configuration | |
Configure the Protected Storage service properly. CC ID 05059 | System hardening through configuration management | Configuration | |
Configure the QoS Admission Control (RSVP) service properly. CC ID 05060 | System hardening through configuration management | Configuration | |
Configure the Remote Procedure Call service properly. CC ID 05061 | System hardening through configuration management | Configuration | |
Configure the Removable Storage service properly. CC ID 05062 | System hardening through configuration management | Configuration | |
Configure the Server service properly. CC ID 05063 | System hardening through configuration management | Configuration | |
Configure the Security Accounts Manager service properly. CC ID 05064 | System hardening through configuration management | Configuration | |
Configure the “Network Connections” service to organizational standards. CC ID 05065 | System hardening through configuration management | Configuration | |
Configure the Logical Disk Manager service properly. CC ID 05066 | System hardening through configuration management | Configuration | |
Configure the Logical Disk Manager Administrative Service properly. CC ID 05067 | System hardening through configuration management | Configuration | |
Configure the File Replication service properly. CC ID 05068 | System hardening through configuration management | Configuration | |
Configure the Kerberos Key Distribution Center service properly. CC ID 05069 | System hardening through configuration management | Configuration | |
Configure the Intersite Messaging service properly. CC ID 05070 | System hardening through configuration management | Configuration | |
Configure the Remote Procedure Call locator service properly. CC ID 05071 | System hardening through configuration management | Configuration | |
Configure the Distributed File System service properly. CC ID 05072 | System hardening through configuration management | Configuration | |
Configure the Windows Internet Name Service service properly. CC ID 05073 | System hardening through configuration management | Configuration | |
Configure the FTP Publishing Service properly. CC ID 05074 | System hardening through configuration management | Configuration | |
Configure the Windows Search service properly. CC ID 05075 | System hardening through configuration management | Configuration | |
Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076 | System hardening through configuration management | Configuration | |
Configure the Remote Shell service properly. CC ID 05077 | System hardening through configuration management | Configuration | |
Configure Simple TCP/IP services to organizational standards. CC ID 05078 | System hardening through configuration management | Configuration | |
Configure the Print Services for Unix service properly. CC ID 05079 | System hardening through configuration management | Configuration | |
Configure the File Shares service to organizational standards. CC ID 05080 | System hardening through configuration management | Configuration | |
Configure the NetMeeting service properly. CC ID 05081 | System hardening through configuration management | Configuration | |
Configure the Application Layer Gateway service properly. CC ID 05082 | System hardening through configuration management | Configuration | |
Configure the Cryptographic Services service properly. CC ID 05083 | System hardening through configuration management | Configuration | |
Configure the Help and Support Service properly. CC ID 05084 | System hardening through configuration management | Configuration | |
Configure the Human Interface Device Access service properly. CC ID 05085 | System hardening through configuration management | Configuration | |
Configure the IMAPI CD-Burning COM service properly. CC ID 05086 | System hardening through configuration management | Configuration | |
Configure the MS Software Shadow Copy Provider service properly. CC ID 05087 | System hardening through configuration management | Configuration | |
Configure the Network Location Awareness service properly. CC ID 05088 | System hardening through configuration management | Configuration | |
Configure the Portable Media Serial Number Service service properly. CC ID 05089 | System hardening through configuration management | Configuration | |
Configure the System Restore Service service properly. CC ID 05090 | System hardening through configuration management | Configuration | |
Configure the Themes service properly. CC ID 05091 | System hardening through configuration management | Configuration | |
Configure the Uninterruptible Power Supply service properly. CC ID 05092 | System hardening through configuration management | Configuration | |
Configure the Upload Manager service properly. CC ID 05093 | System hardening through configuration management | Configuration | |
Configure the Volume Shadow Copy Service properly. CC ID 05094 | System hardening through configuration management | Configuration | |
Configure the WebClient service properly. CC ID 05095 | System hardening through configuration management | Configuration | |
Configure the Windows Audio service properly. CC ID 05096 | System hardening through configuration management | Configuration | |
Configure the Windows Image Acquisition service properly. CC ID 05097 | System hardening through configuration management | Configuration | |
Configure the WMI Performance Adapter service properly. CC ID 05098 | System hardening through configuration management | Configuration | |
Enable file uploads via vsftpd service, as appropriate. CC ID 05100 | System hardening through configuration management | Configuration | |
Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885 | System hardening through configuration management | Configuration | |
Configure the "SNMP version 1" setting to organizational standards. CC ID 08976 | System hardening through configuration management | Configuration | |
Configure the "xdmcp service" setting to organizational standards. CC ID 08985 | System hardening through configuration management | Configuration | |
Establish, implement, and maintain authenticators. CC ID 15305 | System hardening through configuration management | Technical Security | |
Establish, implement, and maintain an authenticator standard. CC ID 01702 | System hardening through configuration management | Establish/Maintain Documentation | |
Establish, implement, and maintain an authenticator management system. CC ID 12031 | System hardening through configuration management | Establish/Maintain Documentation | |
Establish, implement, and maintain authenticator procedures. CC ID 12002 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure authenticators to comply with organizational standards. CC ID 06412 | System hardening through configuration management | Configuration | |
Configure the system to require new users to change their authenticator on first use. CC ID 05268 [Allow temporary password use for system logons with an immediate change to a permanent password. 3.5.9] | System hardening through configuration management | Configuration | |
Configure the system to encrypt authenticators. CC ID 06735 [Store and transmit only encrypted representation of passwords. 3.5.10] | System hardening through configuration management | Configuration | |
Configure the system to mask authenticators. CC ID 02037 [Obscure feedback of authentication information. 3.5.11] | System hardening through configuration management | Configuration | |
Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881 | System hardening through configuration management | Configuration | |
Configure the default locking Screen saver timeout to a predetermined time period. CC ID 01570 [Use session lock with pattern-hiding displays to prevent access/viewing of data after period of inactivity. 3.1.10] | System hardening through configuration management | Configuration | |
Configure Wireless Access Points in accordance with organizational standards. CC ID 12477 | System hardening through configuration management | Configuration | |
Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 [Protect wireless access using authentication and encryption. 3.1.17] | System hardening through configuration management | Configuration | |
Configure mobile device settings in accordance with organizational standards. CC ID 04600 | System hardening through configuration management | Configuration | |
Enable data-at-rest encryption on mobile devices. CC ID 04842 [Protect the confidentiality of CUI at rest. 3.13.16] | System hardening through configuration management | Configuration | |
Configure Logging settings in accordance with organizational standards. CC ID 07611 [Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. 3.3.1] | System hardening through configuration management | Configuration | |
Configure "CloudTrail" to organizational standards. CC ID 15443 | System hardening through configuration management | Configuration | |
Configure "CloudTrail log file validation" to organizational standards. CC ID 15437 | System hardening through configuration management | Configuration | |
Configure "VPC flow logging" to organizational standards. CC ID 15436 | System hardening through configuration management | Configuration | |
Configure "object-level logging" to organizational standards. CC ID 15433 | System hardening through configuration management | Configuration | |
Configure "Turn on PowerShell Transcription" to organizational standards. CC ID 15415 | System hardening through configuration management | Configuration | |
Configure "Turn on PowerShell Script Block Logging" to organizational standards. CC ID 15413 | System hardening through configuration management | Configuration | |
Configure "Audit PNP Activity" to organizational standards. CC ID 15393 | System hardening through configuration management | Configuration | |
Configure "Include command line in process creation events" to organizational standards. CC ID 15358 | System hardening through configuration management | Configuration | |
Configure "Audit Group Membership" to organizational standards. CC ID 15341 | System hardening through configuration management | Configuration | |
Configure the "audit_backlog_limit" setting to organizational standards. CC ID 15324 | System hardening through configuration management | Configuration | |
Configure the "systemd-journald" to organizational standards. CC ID 15326 | System hardening through configuration management | Configuration | |
Provide the reference database used to verify input data in the logging capability. CC ID 15018 | System hardening through configuration management | Log Management | |
Configure the storage parameters for all logs. CC ID 06330 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: SAM" to organizational standards. CC ID 07612 | System hardening through configuration management | Configuration | |
Configure sufficient log storage capacity and prevent the capacity from being exceeded. CC ID 01425 | System hardening through configuration management | Configuration | |
Configure the log retention method. CC ID 01715 | System hardening through configuration management | Configuration | |
Configure the log retention size. CC ID 01716 | System hardening through configuration management | Configuration | |
Configure syslogd to send logs to a Remote LogHost. CC ID 01526 | System hardening through configuration management | Configuration | |
Configure the security parameters for all logs. CC ID 01712 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Management: User Account Management" to organizational standards. CC ID 07613 | System hardening through configuration management | Configuration | |
Configure the log so that it cannot be disabled. CC ID 00595 | System hardening through configuration management | Configuration | |
Configure the event log size capacity limits for the application log, the security log, and the system log. CC ID 01713 | System hardening through configuration management | Configuration | |
Configure the application log, the security log, and the system log to restrict guest access. CC ID 01714 | System hardening through configuration management | Configuration | |
Configure the "mss: (warninglevel) percentage threshold for the security event log at which the system will generate a warning" setting. CC ID 04275 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: System: System Integrity" to organizational standards. CC ID 07652 | System hardening through configuration management | Configuration | |
Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 [Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions. 3.3.2] | System hardening through configuration management | Configuration | |
Configure the log to capture the user's identification. CC ID 01334 | System hardening through configuration management | Configuration | |
Configure the log to capture a date and time stamp. CC ID 01336 [Provide an information system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. 3.3.7] | System hardening through configuration management | Configuration | |
Configure the log to uniquely identify each asset. CC ID 01339 | System hardening through configuration management | Configuration | |
Configure the log to capture the type of each event. CC ID 06423 | System hardening through configuration management | Configuration | |
Configure the log to capture each event's success or failure indication. CC ID 06424 | System hardening through configuration management | Configuration | |
Configure all logs to capture auditable events or actionable events. CC ID 06332 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: File Share" to organizational standards. CC ID 07655 | System hardening through configuration management | Configuration | |
Configure the log to capture the amount of data uploaded and downloaded. CC ID 16494 | System hardening through configuration management | Log Management | |
Configure the log to capture startups and shutdowns. CC ID 16491 | System hardening through configuration management | Log Management | |
Configure the log to capture user queries and searches. CC ID 16479 | System hardening through configuration management | Log Management | |
Configure the log to capture Internet Protocol addresses. CC ID 16495 | System hardening through configuration management | Log Management | |
Configure the log to capture error messages. CC ID 16477 | System hardening through configuration management | Log Management | |
Configure the log to capture system failures. CC ID 16475 | System hardening through configuration management | Log Management | |
Configure the log to capture account lockouts. CC ID 16470 | System hardening through configuration management | Configuration | |
Configure the log to capture execution events. CC ID 16469 | System hardening through configuration management | Configuration | |
Configure the log to capture AWS Organizations changes. CC ID 15445 | System hardening through configuration management | Configuration | |
Configure the log to capture Identity and Access Management policy changes. CC ID 15442 | System hardening through configuration management | Configuration | |
Configure the log to capture management console sign-in without multi-factor authentication. CC ID 15441 | System hardening through configuration management | Configuration | |
Configure the log to capture route table changes. CC ID 15439 | System hardening through configuration management | Configuration | |
Configure the log to capture virtual private cloud changes. CC ID 15435 | System hardening through configuration management | Configuration | |
Configure the log to capture changes to encryption keys. CC ID 15432 | System hardening through configuration management | Configuration | |
Configure the log to capture unauthorized API calls. CC ID 15429 | System hardening through configuration management | Configuration | |
Configure the log to capture changes to network gateways. CC ID 15421 | System hardening through configuration management | Configuration | |
Configure the log to capture all spoofed addresses. CC ID 01313 | System hardening through configuration management | Configuration | |
Configure inetd tracing. CC ID 01523 | System hardening through configuration management | Configuration | |
Configure the system to capture messages sent to the syslog AUTH facility. CC ID 01525 | System hardening through configuration management | Configuration | |
Configure Cron logging. CC ID 01528 | System hardening through configuration management | Configuration | |
Configure the kernel level auditing setting. CC ID 01530 | System hardening through configuration management | Configuration | |
Configure the "audit successful file system mounts" setting to organizational standards. CC ID 09923 | System hardening through configuration management | Configuration | |
Configure system accounting/system events. CC ID 01529 | System hardening through configuration management | Configuration | |
Configure the privilege use auditing setting. CC ID 01699 | System hardening through configuration management | Configuration | |
Configure the log to record the Denial of Access that results from an excessive number of unsuccessful logon attempts. CC ID 01919 | System hardening through configuration management | Configuration | |
Configure the Audit Process Tracking setting. CC ID 01700 | System hardening through configuration management | Configuration | |
Configure the EEPROM security-mode accesses and EEPROM log-failed accesses. CC ID 01575 | System hardening through configuration management | Configuration | |
Configure the log to capture user identifier, address, port blocking or blacklisting. CC ID 01918 | System hardening through configuration management | Configuration | |
Enable directory service access events, as appropriate. CC ID 05616 | System hardening through configuration management | Configuration | |
Configure the log to capture failed transactions. CC ID 06334 | System hardening through configuration management | Configuration | |
Configure the log to capture successful transactions. CC ID 06335 | System hardening through configuration management | Configuration | |
Audit non attributable events (na class). CC ID 05604 | System hardening through configuration management | Configuration | |
Configure the log to capture configuration changes. CC ID 06881 | System hardening through configuration management | Configuration | |
Log, monitor, and review all changes to time settings on critical systems. CC ID 11608 | System hardening through configuration management | Configuration | |
Configure the log to capture user account additions, modifications, and deletions. CC ID 16482 | System hardening through configuration management | Log Management | |
Configure the log to capture all changes to certificates. CC ID 05595 | System hardening through configuration management | Configuration | |
Configure the "inetd logging" setting to organizational standards. CC ID 08970 | System hardening through configuration management | Configuration | |
Configure the "audit sudoers" setting to organizational standards. CC ID 09950 | System hardening through configuration management | Configuration | |
Configure the event log settings for specific Operating System functions. CC ID 06337 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Registry" to organizational standards. CC ID 07658 | System hardening through configuration management | Configuration | |
Configure the "Audit: Audit the use of Backup and Restore privilege" setting. CC ID 01724 | System hardening through configuration management | Configuration | |
Configure the "Audit: Shut down the system immediately if unable to log security audits" setting. CC ID 01725 | System hardening through configuration management | Configuration | |
Configure "Audit account management" to organizational standards. CC ID 02039 | System hardening through configuration management | Configuration | |
Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later)" setting. CC ID 04387 | System hardening through configuration management | Configuration | |
Configure console logging. CC ID 04454 | System hardening through configuration management | Configuration | |
Configure boot error logging. CC ID 04455 | System hardening through configuration management | Configuration | |
Disable the "Audit password" setting in NetWare. CC ID 04456 | System hardening through configuration management | Configuration | |
Configure the "Disable Logging" setting. CC ID 05590 | System hardening through configuration management | Configuration | |
Enable BIN mode auditing. CC ID 05591 | System hardening through configuration management | Configuration | |
Enable or disable the BSM auditing setting, as appropriate. CC ID 05592 | System hardening through configuration management | Configuration | |
Set the X server audit level appropriately. CC ID 05600 | System hardening through configuration management | Configuration | |
Configure the "Turn on session logging" properly. CC ID 05618 | System hardening through configuration management | Configuration | |
Configure Sendmail with the appropriate logging levels. CC ID 06028 | System hardening through configuration management | Configuration | |
Enable or disable auditing in the runcontrol scripts, as appropriate. CC ID 06029 | System hardening through configuration management | Configuration | |
Enable or disable auditing for user accounts, as appropriate. CC ID 06030 | System hardening through configuration management | Configuration | |
Enable or disable auditing at boot time, as appropriate. CC ID 06031 | System hardening through configuration management | Configuration | |
Enable or disable the auditing of chgrp usage, as appropriate. CC ID 06033 | System hardening through configuration management | Configuration | |
Enable or disable the auditing of mkgroup usage, as appropriate. CC ID 06034 | System hardening through configuration management | Configuration | |
Enable or disable the auditing of rmgroup usage, as appropriate. CC ID 06035 | System hardening through configuration management | Configuration | |
Enable or disable the auditing of the exit function, as appropriate. CC ID 06036 | System hardening through configuration management | Configuration | |
Generate an alert when an audit log failure occurs. CC ID 06737 [{generate} Alert in the event of an audit process failure. 3.3.4] | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: Logoff" to organizational standards. CC ID 07662 | System hardening through configuration management | Configuration | |
Configure additional log settings. CC ID 06333 | System hardening through configuration management | Configuration | |
Configure additional logging for the FTP daemon. CC ID 01524 | System hardening through configuration management | Configuration | |
Configure the log to send alerts for each auditable events success or failure. CC ID 01337 | System hardening through configuration management | Log Management | |
Configure additional log file parameters appropriately. CC ID 06338 | System hardening through configuration management | Configuration | |
Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" to organizational standards. CC ID 07664 | System hardening through configuration management | Configuration | |
Create the /var/adm/loginlog file. CC ID 01527 | System hardening through configuration management | Configuration | |
Verify the audit config file contains only accounts that should be present. CC ID 05594 | System hardening through configuration management | Configuration | |
Specify the PRI audit file properly. CC ID 05597 | System hardening through configuration management | Configuration | |
Specify the SEC audit file properly. CC ID 05598 | System hardening through configuration management | Configuration | |
Verify the user audit file contains the appropriate never-audit flags. CC ID 05605 | System hardening through configuration management | Configuration | |
Configure the "Background upload of a roaming user profile's registry file while user is logged on" setting to organizational standards. CC ID 10761 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: File System" to organizational standards. CC ID 07666 | System hardening through configuration management | Configuration | |
Configure the "Backup log automatically when full" setting for the "setup log" to organizational standards. CC ID 10762 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: Logon" to organizational standards. CC ID 07669 | System hardening through configuration management | Configuration | |
Configure the "Applications preference logging and tracing" setting to organizational standards. CC ID 10774 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Logon: Kerberos Authentication Service" to organizational standards. CC ID 07679 | System hardening through configuration management | Configuration | |
Configure the "Data Sources preference logging and tracing" setting to organizational standards. CC ID 10779 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: IPsec Extended Mode" to organizational standards. CC ID 07683 | System hardening through configuration management | Configuration | |
Configure the "Devices preference logging and tracing" setting to organizational standards. CC ID 10782 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Handle Manipulation" to organizational standards. CC ID 07684 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Detailed File Share" to organizational standards. CC ID 07687 | System hardening through configuration management | Configuration | |
Configure the "Drive Maps preference logging and tracing" setting to organizational standards. CC ID 10783 | System hardening through configuration management | Configuration | |
Configure the "Environment preference logging and tracing" setting to organizational standards. CC ID 10784 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: Network Policy Server" to organizational standards. CC ID 07701 | System hardening through configuration management | Configuration | |
Configure the "Files preference logging and tracing" setting to organizational standards. CC ID 10785 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Detailed Tracking: Process Creation" to organizational standards. CC ID 07707 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: System: IPsec Driver" to organizational standards. CC ID 07708 | System hardening through configuration management | Configuration | |
Configure the "Folder Options preference logging and tracing" setting to organizational standards. CC ID 10786 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: Account Lockout" to organizational standards. CC ID 07713 | System hardening through configuration management | Configuration | |
Configure the "Folders preference logging and tracing" setting to organizational standards. CC ID 10787 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Kernel Object" to organizational standards. CC ID 07720 | System hardening through configuration management | Configuration | |
Configure the "Ini Files preference logging and tracing" setting to organizational standards. CC ID 10788 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Other Object Access Events" to organizational standards. CC ID 07724 | System hardening through configuration management | Configuration | |
Configure the "Internet Settings preference logging and tracing" setting to organizational standards. CC ID 10789 | System hardening through configuration management | Configuration | |
Configure the "Local Users and Groups preference logging and tracing" setting to organizational standards. CC ID 10793 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: DS Access: Directory Service Replication" to organizational standards. CC ID 07734 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Policy Change: Audit Policy Change" to organizational standards. CC ID 07735 | System hardening through configuration management | Configuration | |
Configure the "Regional Options preference logging and tracing" setting to organizational standards. CC ID 10802 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: DS Access: Directory Service Changes" to organizational standards. CC ID 07736 | System hardening through configuration management | Configuration | |
Configure the "Registry preference logging and tracing" setting to organizational standards. CC ID 10803 | System hardening through configuration management | Configuration | |
Configure the "Scheduled Tasks preference logging and tracing" setting to organizational standards. CC ID 10815 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Certification Services" to organizational standards. CC ID 07742 | System hardening through configuration management | Configuration | |
Configure the "Maximum Log Size (KB)" to organizational standards. CC ID 07744 | System hardening through configuration management | Configuration | |
Configure the "Services preference logging and tracing" setting to organizational standards. CC ID 10818 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Detailed Tracking: DPAPI Activity" to organizational standards. CC ID 07746 | System hardening through configuration management | Configuration | |
Configure the "Shortcuts preference logging and tracing" setting to organizational standards. CC ID 10819 | System hardening through configuration management | Configuration | |
Configure the "Start Menu preference logging and tracing" setting to organizational standards. CC ID 10821 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Management: Other Account Management Events" to organizational standards. CC ID 07751 | System hardening through configuration management | Configuration | |
Configure the "Delete data from devices running Microsoft firmware when a user logs off from the computer." setting to organizational standards. CC ID 10846 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Management: Computer Account Management" to organizational standards. CC ID 07752 | System hardening through configuration management | Configuration | |
Configure the "Disable logging via package settings" setting to organizational standards. CC ID 10864 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Privilege Use: Non Sensitive Privilege Use" to organizational standards. CC ID 07756 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Application Generated" to organizational standards. CC ID 07757 | System hardening through configuration management | Configuration | |
Configure the "Do not forcefully unload the users registry at user logoff" setting to organizational standards. CC ID 10930 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: DS Access: Detailed Directory Service Replication" to organizational standards. CC ID 07764 | System hardening through configuration management | Configuration | |
Configure the "Do not log users on with temporary profiles" setting to organizational standards. CC ID 10931 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Privilege Use: Other Privilege Use Events" to organizational standards. CC ID 07776 | System hardening through configuration management | Configuration | |
Configure the "Log Access" setting for the "application log" to organizational standards. CC ID 11026 | System hardening through configuration management | Configuration | |
Configure the "Log Access" setting for the "setup log" to organizational standards. CC ID 11027 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Logon: Kerberos Service Ticket Operations" to organizational standards. CC ID 07786 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: DS Access: Directory Service Access" to organizational standards. CC ID 07790 | System hardening through configuration management | Configuration | |
Configure the "Log Access" setting for the "system log" to organizational standards. CC ID 11028 | System hardening through configuration management | Configuration | |
Configure the "Log directory pruning retry events" setting to organizational standards. CC ID 11029 | System hardening through configuration management | Configuration | |
Configure the "Retain old events" to organizational standards. CC ID 07791 | System hardening through configuration management | Configuration | |
Configure the "Audit: Audit the use of Backup and Restore privilege" to organizational standards. CC ID 07792 | System hardening through configuration management | Configuration | |
Configure the "Log event when quota limit exceeded" setting to organizational standards. CC ID 11030 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change" to organizational standards. CC ID 07793 | System hardening through configuration management | Configuration | |
Configure the "Log File Path" setting for the "application log" to organizational standards. CC ID 11033 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Policy Change: Other Policy Change Events" to organizational standards. CC ID 07810 | System hardening through configuration management | Configuration | |
Configure the "Log File Path" setting for the "setup log" to organizational standards. CC ID 11034 | System hardening through configuration management | Configuration | |
Configure the "Log File Path" setting for the "system log" to organizational standards. CC ID 11035 | System hardening through configuration management | Configuration | |
Configure the "Audit: Shut down system immediately if unable to log security audits" to organizational standards. CC ID 07812 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: System: Other System Events" to organizational standards. CC ID 07817 | System hardening through configuration management | Configuration | |
Configure the "Logging" setting to organizational standards. CC ID 11036 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Management: Application Group Management" to organizational standards. CC ID 07819 | System hardening through configuration management | Configuration | |
Configure the "Remove "Disconnect" option from Shut Down dialog" setting to organizational standards. CC ID 11126 | System hardening through configuration management | Configuration | |
Configure the "Remove browse dialog box for new source" setting to organizational standards. CC ID 11127 | System hardening through configuration management | Configuration | |
Configure the "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to organizational standards. CC ID 07820 | System hardening through configuration management | Configuration | |
Configure the "Restricts the UI language Windows uses for all logged users" setting to organizational standards. CC ID 11147 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Logon: Other Account Logon Events" to organizational standards. CC ID 07825 | System hardening through configuration management | Configuration | |
Configure the "Set roaming profile path for all users logging onto this computer" setting to organizational standards. CC ID 11182 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Management: Distribution Group Management" to organizational standards. CC ID 07828 | System hardening through configuration management | Configuration | |
Configure the "Audit: Audit the access of global system objects" to organizational standards. CC ID 07831 | System hardening through configuration management | Configuration | |
Configure the "Set the Time interval in minutes for logging accounting data" setting to organizational standards. CC ID 11193 | System hardening through configuration management | Configuration | |
Configure the "Turn off Resultant Set of Policy logging" setting to organizational standards. CC ID 11307 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: Special Logon" to organizational standards. CC ID 07835 | System hardening through configuration management | Configuration | |
Configure the "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" setting to organizational standards. CC ID 11343 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Detailed Tracking: RPC Events" to organizational standards. CC ID 07840 | System hardening through configuration management | Configuration | |
Configure the "Turn on extensive logging for Password Synchronization" setting to organizational standards. CC ID 11344 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Policy Change: Authentication Policy Change" to organizational standards. CC ID 07846 | System hardening through configuration management | Configuration | |
Configure the "Turn on logging" setting to organizational standards. CC ID 11345 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Detailed Tracking: Process Termination" to organizational standards. CC ID 07849 | System hardening through configuration management | Configuration | |
Configure the "Turn on session logging" setting to organizational standards. CC ID 11350 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: IPsec Quick Mode" to organizational standards. CC ID 07852 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Filtering Platform Packet Drop" to organizational standards. CC ID 07856 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Filtering Platform Connection" to organizational standards. CC ID 07864 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Policy Change: Authorization Policy Change" to organizational standards. CC ID 07875 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Management: Security Group Management" to organizational standards. CC ID 07880 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Privilege Use: Sensitive Privilege Use" to organizational standards. CC ID 07887 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: IPsec Main Mode" to organizational standards. CC ID 07888 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Account Logon: Credential Validation" to organizational standards. CC ID 07892 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Policy Change: Filtering Platform Policy Change" to organizational standards. CC ID 07895 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Logon-Logoff: Other Logon/Logoff Events" to organizational standards. CC ID 07899 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: System: Security State Change" to organizational standards. CC ID 07903 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: System: Security System Extension" to organizational standards. CC ID 07904 | System hardening through configuration management | Configuration | |
Configure the "Audit account logon events" to organizational standards. CC ID 08188 | System hardening through configuration management | Configuration | |
Configure the "Retention method for security log" to organizational standards. CC ID 08197 | System hardening through configuration management | Configuration | |
Configure the "Retention method for system log" to organizational standards. CC ID 08211 | System hardening through configuration management | Configuration | |
Configure the "Audit logon events" to organizational standards. CC ID 08221 | System hardening through configuration management | Configuration | |
Configure the "Retention method for application log" to organizational standards. CC ID 08226 | System hardening through configuration management | Configuration | |
Configure the "Retain security log" to organizational standards. CC ID 08241 | System hardening through configuration management | Configuration | |
Configure the "Audit system events" to organizational standards. CC ID 08244 | System hardening through configuration management | Configuration | |
Configure the "Retain application log" to organizational standards. CC ID 08246 | System hardening through configuration management | Configuration | |
Configure the "Prevent local guests group from accessing application log" to organizational standards. CC ID 08248 | System hardening through configuration management | Configuration | |
Configure the "Maximum security log size" to organizational standards. CC ID 08251 | System hardening through configuration management | Configuration | |
Configure the "Retain system log" to organizational standards. CC ID 08258 | System hardening through configuration management | Configuration | |
Configure the "Audit privilege use" to organizational standards. CC ID 08266 | System hardening through configuration management | Configuration | |
Configure the "Audit policy change" to organizational standards. CC ID 08272 | System hardening through configuration management | Configuration | |
Configure the "Audit object access" to organizational standards. CC ID 08278 | System hardening through configuration management | Configuration | |
Configure the "Audit process tracking" to organizational standards. CC ID 08283 | System hardening through configuration management | Configuration | |
Configure the "Maximum system log size" to organizational standards. CC ID 08286 | System hardening through configuration management | Configuration | |
Configure the "Maximum application log size" to organizational standards. CC ID 08296 | System hardening through configuration management | Configuration | |
Configure the "Prevent local guests group from accessing security log" to organizational standards. CC ID 08297 | System hardening through configuration management | Configuration | |
Configure the "Audit directory service access" to organizational standards. CC ID 08304 | System hardening through configuration management | Configuration | |
Configure the "Audit account management" to organizational standards. CC ID 08316 | System hardening through configuration management | Configuration | |
Configure the "Prevent local guests group from accessing system log" to organizational standards. CC ID 08336 | System hardening through configuration management | Configuration | |
Configure the "Specify the maximum log file size (KB)" to organizational standards. CC ID 08352 | System hardening through configuration management | Configuration | |
Configure the "Message tracking logging - Mailbox" to organizational standards. CC ID 08360 | System hardening through configuration management | Configuration | |
Configure the "Turn on Connectivity logging" to organizational standards. CC ID 08398 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Domain: Logging: Size limit (KB)" to organizational standards. CC ID 08405 | System hardening through configuration management | Configuration | |
Configure the "Control Event Log behavior when the log file reaches its maximum size" to organizational standards. CC ID 08444 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Private: Logging: Log dropped packets" to organizational standards. CC ID 08445 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Public: Logging: Log dropped packets" to organizational standards. CC ID 08454 | System hardening through configuration management | Configuration | |
Configure the "Configure Protocol logging" to organizational standards. CC ID 08463 | System hardening through configuration management | Configuration | |
Configure the "Message tracking logging - Transport" to organizational standards. CC ID 08477 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Domain: Logging: Log dropped packets" to organizational standards. CC ID 08501 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Removable Storage" to organizational standards. CC ID 08504 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Domain: Logging: Name" to organizational standards. CC ID 08543 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Public: Logging: Log successful connections" to organizational standards. CC ID 08545 | System hardening through configuration management | Configuration | |
Configure the "Audit Policy: Object Access: Central Access Policy Staging" to organizational standards. CC ID 08558 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Public: Logging: Name" to organizational standards. CC ID 08565 | System hardening through configuration management | Configuration | |
Configure the "Windows Firewall: Private: Logging: Size limit (KB)" to organizational standards. CC ID 08606 | System hardening through configuration management | Configuration | |
Configure the "kernel arguments" setting for "auditing early in the boot process" to organizational standards. CC ID 08749 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record date and time modification events" setting for "auditing" to organizational standards. CC ID 08750 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record user/group information modification events" setting for "auditing" to organizational standards. CC ID 08751 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record changes to the system network environment" setting for "auditing" to organizational standards. CC ID 08752 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record changes to the system's mandatory access controls" setting for "auditing" to organizational standards. CC ID 08753 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record logon and logout events" setting for "auditing" to organizational standards. CC ID 08754 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record process and session initiation events" setting for "auditing" to organizational standards. CC ID 08755 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record changes to discretionary access control permissions" setting for "auditing" to organizational standards. CC ID 08756 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record unauthorized attempts to access files" setting for "auditing" to organizational standards. CC ID 08757 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record use of privileged commands" setting for "auditing" to organizational standards. CC ID 08758 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record data export to media events" setting for "auditing" to organizational standards. CC ID 08759 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record file and program deletion events" setting for "auditing" to organizational standards. CC ID 08760 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record administrator and security personnel action events" setting for "auditing" to organizational standards. CC ID 08761 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "record kernel module loading and unloading events" setting for "auditing" to organizational standards. CC ID 08762 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "Ensure auditd configuration is immutable" setting for "auditing" to organizational standards. CC ID 08763 | System hardening through configuration management | Establish/Maintain Documentation | |
Configure the "audit file ownership changes" setting to organizational standards. CC ID 08966 | System hardening through configuration management | Audits and Risk Management | |
Configure the "audit change user functions" setting to organizational standards. CC ID 08982 | System hardening through configuration management | Configuration | |
Configure the "audit the use of chmod command" setting to organizational standards. CC ID 08983 | System hardening through configuration management | Configuration | |
Configure the "audit the chown command" setting to organizational standards. CC ID 08984 | System hardening through configuration management | Configuration | |
Configure the "Collect Session Initiation Information" setting to organizational standards. CC ID 09948 | System hardening through configuration management | Configuration | |
Configure the "Collect Discretionary Access Control Permission Modification Events" setting to organizational standards. CC ID 09949 | System hardening through configuration management | Configuration | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Fault Tolerant Heap" to organizational standards. CC ID 10808 | System hardening through configuration management | Configuration | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Boot Performance Diagnostics" to organizational standards. CC ID 10809 | System hardening through configuration management | Configuration | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Memory Leak Diagnosis" to organizational standards. CC ID 10810 | System hardening through configuration management | Configuration | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Resource Exhaustion Detection and Resolution" to organizational standards. CC ID 10811 | System hardening through configuration management | Configuration | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Shutdown Performance Diagnostics" to organizational standards. CC ID 10812 | System hardening through configuration management | Configuration | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Standby/Resume Performance Diagnostics" to organizational standards. CC ID 10813 | System hardening through configuration management | Configuration | |
Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows System Responsiveness Diagnostics" to organizational standards. CC ID 10814 | System hardening through configuration management | Configuration | |
Configure the "Default quota limit and warning level" setting to organizational standards. CC ID 10840 | System hardening through configuration management | Configuration | |
Configure the "Detect application failures caused by deprecated COM objects" setting to organizational standards. CC ID 10851 | System hardening through configuration management | Configuration | |
Configure the "Detect application failures caused by deprecated Windows DLLs" setting to organizational standards. CC ID 10852 | System hardening through configuration management | Configuration | |
Configure the "Detect application install failures" setting to organizational standards. CC ID 10853 | System hardening through configuration management | Configuration | |
Configure the "Detect application installers that need to be run as administrator" setting to organizational standards. CC ID 10854 | System hardening through configuration management | Configuration | |
Configure the "Detect applications unable to launch installers under UAC" setting to organizational standards. CC ID 10855 | System hardening through configuration management | Configuration | |
Configure the "Diagnostics: Configure scenario execution level" setting to organizational standards. CC ID 10856 | System hardening through configuration management | Configuration | |
Configure the "Disk Diagnostic: Configure execution level" setting to organizational standards. CC ID 10883 | System hardening through configuration management | Configuration | |
Configure the "Log event when quota warning level exceeded" setting to organizational standards. CC ID 11031 | System hardening through configuration management | Configuration | |
Configure the "Log File Debug Output Level" setting to organizational standards. CC ID 11032 | System hardening through configuration management | Configuration | |
Configure the "Microsoft Support Diagnostic Tool: Configure execution level" setting to organizational standards. CC ID 11043 | System hardening through configuration management | Configuration | |
Configure the "Primary DNS Suffix Devolution Level" setting to organizational standards. CC ID 11096 | System hardening through configuration management | Configuration | |
Configure the "Require user authentication for remote connections by using Network Level Authentication" setting to organizational standards. CC ID 11138 | System hardening through configuration management | Configuration | |
Configure the "Specify channel binding token hardening level" setting to organizational standards. CC ID 11209 | System hardening through configuration management | Configuration | |
Configure the "Update Security Level" setting to organizational standards. CC ID 11357 | System hardening through configuration management | Configuration | |
Configure the "Update Top Level Domain Zones" setting to organizational standards. CC ID 11358 | System hardening through configuration management | Configuration | |
Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621 | System hardening through configuration management | Configuration | |
Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 [Enforce a minimum password complexity and change of characters when new passwords are created. 3.5.7] | System hardening through configuration management | Configuration | |
Configure the "Enforce password history" to organizational standards. CC ID 07877 [Prevent reuse of identifiers for a defined period. 3.5.5 Prohibit password reuse for a specified number of generations. 3.5.8] | System hardening through configuration management | Configuration | |
Configure security and protection software according to Organizational Standards. CC ID 11917 | System hardening through configuration management | Configuration | |
Establish, implement, and maintain records management policies. CC ID 00903 | Records management | Establish/Maintain Documentation | |
Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657 | Records management | Establish/Maintain Documentation | |
Sanitize electronic storage media in accordance with organizational standards. CC ID 16464 [Ensure equipment removed for off-site maintenance is sanitized of any CUI. 3.7.3] | Records management | Data and Information Management | |
Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [Sanitize or destroy information system media containing CUI before disposal or release for reuse. 3.8.3] | Records management | Data and Information Management | |
Establish, implement, and maintain records management procedures. CC ID 11619 | Records management | Establish/Maintain Documentation | |
Establish, implement, and maintain document security requirements for the output of records. CC ID 11656 | Records management | Establish/Maintain Documentation | |
Establish, implement, and maintain document handling procedures for paper documents. CC ID 00926 [Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital. 3.8.1] | Records management | Establish/Maintain Documentation | |
Establish, implement, and maintain electronic storage media management procedures. CC ID 00931 | Records management | Establish/Maintain Documentation | |
Establish, implement, and maintain security label procedures. CC ID 06747 [Mark media with necessary CUI markings and distribution limitations. 3.8.4] | Records management | Establish/Maintain Documentation | |
Label restricted storage media appropriately. CC ID 00966 | Records management | Data and Information Management | |
Establish, implement, and maintain restricted material identification procedures. CC ID 01889 | Records management | Establish/Maintain Documentation | |
Conspicuously locate the restricted record's overall classification. CC ID 01890 | Records management | Establish/Maintain Documentation | |
Mark a restricted record's displayed pages or printed pages with the appropriate classification. CC ID 01891 | Records management | Establish/Maintain Documentation | |
Mark a restricted record's components (appendices, annexes) with the appropriate classification. CC ID 01892 | Records management | Establish/Maintain Documentation | |
Mark a restricted record's portions (paragraphs, sections) with the appropriate classification. CC ID 01893 | Records management | Establish/Maintain Documentation | |
Mark a restricted record's subject line or title with the appropriate classification. CC ID 01894 | Records management | Establish/Maintain Documentation | |
Mark all forms of electronic messages that contain restricted data or restricted information with the appropriate classification. CC ID 01896 | Records management | Data and Information Management | |
Establish, implement, and maintain online storage controls. CC ID 00942 | Records management | Technical Security | |
Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943 | Records management | Records Management | |
Provide encryption for different types of electronic storage media. CC ID 00945 [Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. 3.8.6] | Records management | Technical Security | |
Establish, implement, and maintain a System Development Life Cycle program. CC ID 11823 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
Include information security throughout the system development life cycle. CC ID 12042 [Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational information systems. 3.13.2] | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
Protect confidential information during the system development life cycle program. CC ID 13479 | Systems design, build, and implementation | Data and Information Management |