Back

Australia-Oceania > Australian Cyber Security Centre

Australian Government Information Security Manual



AD ID

0003339

AD STATUS

Australian Government Information Security Manual

ORIGINATOR

Australian Cyber Security Centre

TYPE

International or National Standard

AVAILABILITY

Free

SYNONYMS

Australian Government Information Security Manual 2021

Australian Government Information Security Manual

EFFECTIVE

2021-06-01

ADDED

The document as a whole was last reviewed and released on 2021-09-01T00:00:00-0700.

AD ID

0003339

AD STATUS

Free

ORIGINATOR

Australian Cyber Security Centre

TYPE

International or National Standard

AVAILABILITY

SYNONYMS

Australian Government Information Security Manual 2021

Australian Government Information Security Manual

EFFECTIVE

2021-06-01

ADDED

The document as a whole was last reviewed and released on 2021-09-01T00:00:00-0700.


Important Notice

This Authority Document In Depth Report is copyrighted - © 2022 - Network Frontiers LLC. All rights reserved. Copyright in the Authority Document analyzed herein is held by its authors. Network Frontiers makes no claims of copyright in this Authority Document.

This Authority Document In Depth Report is provided for informational purposes only and does not constitute, and should not be construed as, legal advice. The reader is encouraged to consult with an attorney experienced in these areas for further explanation and advice.

This Authority Document In Depth Report provides analysis and guidance for use and implementation of the Authority Document but it is not a substitute for the original authority document itself. Readers should refer to the original authority document as the definitive resource on obligations and compliance requirements.

The process we used to tag and map this document

This document has been mapped into the Unified Compliance Framework using a patented methodology and patented tools (you can research our patents HERE). The mapping team has taken every effort to ensure the quality of mapping is of the highest degree. To learn more about the process we use to map Authority Documents, or to become involved in that process, click HERE.

Controls and asociated Citations breakdown

When the UCF Mapping Teams tag Citations and their associated mandates within an Authority Document, those Citations and Mandates are tied to Common Controls. In addition, and by virtue of those Citations and mandates being tied to Common Controls, there are three sets of meta data that are associated with each Citation; Controls by Impact Zone, Controls by Type, and Controls by Classification.

The online version of the mapping analysis you see here is just a fraction of the work the UCF Mapping Team has done. The downloadable version of this document, available within the Common Controls Hub (available HERE) contains the following:

Document implementation analysis – statistics about the document’s alignment with Common Controls as compared to other Authority Documents and statistics on usage of key terms and non-standard terms.

Citation and Mandate Tagging and Mapping – A complete listing of each and every Citation we found within Australian Government Information Security Manual that have been tagged with their primary and secondary nouns and primary and secondary verbs in three column format. The first column shows the Citation (the marker within the Authority Document that points to where we found the guidance). The second column shows the Citation guidance per se, along with the tagging for the mandate we found within the Citation. The third column shows the Common Control ID that the mandate is linked to, and the final column gives us the Common Control itself.

Dictionary Terms – The dictionary terms listed for Australian Government Information Security Manual are based upon terms either found within the Authority Document’s defined terms section(which most legal documents have), its glossary, and for the most part, as tagged within each mandate. The terms with links are terms that are the standardized version of the term.



Common Controls and
mandates by Impact Zone
568 Mandated Controls - bold    
230 Implied Controls - italic     7575 Implementation

An Impact Zone is a hierarchical way of organizing our suite of Common Controls — it is a taxonomy. The top levels of the UCF hierarchy are called Impact Zones. Common Controls are mapped within the UCF’s Impact Zones and are maintained in a legal hierarchy within that Impact Zone. Each Impact Zone deals with a separate area of policies, standards, and procedures: technology acquisition, physical security, continuity, records management, etc.


The UCF created its taxonomy by looking at the corpus of standards and regulations through the lens of unification and a view toward how the controls impact the organization. Thus, we created a hierarchical structure for each impact zone that takes into account regulatory and standards bodies, doctrines, and language.

Number of Controls
8373 Total
  • Acquisition or sale of facilities, technology, and services
    41
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Acquisition or sale of facilities, technology, and services CC ID 01123 IT Impact Zone IT Impact Zone
    Plan for selling facilities, technology, or services. CC ID 06893 Acquisition/Sale of Assets or Services Preventive
    Establish, implement, and maintain equipment shipping procedures. CC ID 11449
    [When procuring high assurance ICT equipment, the ACSC is contacted for any equipment-specific delivery procedures. Security Control: 0286; Revision: 5
    {be consistent with} Evaluated products are delivered in a manner consistent with any delivery procedures defined in associated evaluation documentation. Security Control: 0285; Revision: 1]
    Acquisition/Sale of Assets or Services Preventive
    Ship equipment to customers in tamper-evident packaging, as necessary. CC ID 12271 Physical and Environmental Protection Preventive
    Ship equipment following the equipment shipping procedures. CC ID 11658 Process or Activity Preventive
    Ship goods or provide services to consumers in the agreed upon time frame. CC ID 08618 Business Processes Preventive
    Plan for acquiring facilities, technology, or services. CC ID 06892 Acquisition/Sale of Assets or Services Preventive
    Establish, implement, and maintain system acquisition contracts. CC ID 14758 Establish/Maintain Documentation Preventive
    Include security requirements in system acquisition contracts. CC ID 01124 Establish/Maintain Documentation Preventive
    Obtain system documentation before acquiring products and services. CC ID 01445 Establish/Maintain Documentation Preventive
    Include a description of the use and maintenance of security functions in the administration documentation. CC ID 14309
    [{guidance documentation} ACSC and vendor guidance is implemented to assist in hardening the configuration of operating systems. Security Control: 1409; Revision: 1]
    Establish/Maintain Documentation Preventive
    Obtain user documentation before acquiring products and services. CC ID 14283 Acquisition/Sale of Assets or Services Preventive
    Include security functions in the user documentation. CC ID 14313
    [{be relevant} Components and services relevant to the security of systems are identified and understood. Security Control: 1631; Revision: 0]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a product and services acquisition program. CC ID 01136
    [Evaluated supplicants, authenticators and authentication servers are used in wireless networks. Security Control: 1322; Revision: 3
    The functionality and quality of online services, how to maintain such functionality, and what functionality can be lived without during a denial-of-service attack, are determined and documented. Security Control: 1458; Revision: 1]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a product and services acquisition policy. CC ID 14028
    [The functionality and quality of online services, how to maintain such functionality, and what functionality can be lived without during a denial-of-service attack, are determined and documented. Security Control: 1458; Revision: 1]
    Establish/Maintain Documentation Preventive
    Include compliance requirements in the product and services acquisition policy. CC ID 14163 Establish/Maintain Documentation Preventive
    Include coordination amongst entities in the product and services acquisition policy. CC ID 14162 Establish/Maintain Documentation Preventive
    Include management commitment in the product and services acquisition policy. CC ID 14161 Establish/Maintain Documentation Preventive
    Include roles and responsibilities in the product and services acquisition policy. CC ID 14160 Establish/Maintain Documentation Preventive
    Include the scope in the product and services acquisition policy. CC ID 14159
    [The functionality and quality of online services, how to maintain such functionality, and what functionality can be lived without during a denial-of-service attack, are determined and documented. Security Control: 1458; Revision: 1]
    Establish/Maintain Documentation Preventive
    Include the purpose in the product and services acquisition policy. CC ID 14158 Establish/Maintain Documentation Preventive
    Disseminate and communicate the product and services acquisition policy to interested personnel and affected parties. CC ID 14157 Communicate Preventive
    Establish, implement, and maintain product and services acquisition procedures. CC ID 14065 Establish/Maintain Documentation Preventive
    Disseminate and communicate the product and services acquisition procedures to interested personnel and affected parties. CC ID 14152 Communicate Preventive
    Establish, implement, and maintain acquisition approval requirements. CC ID 13704 Establish/Maintain Documentation Preventive
    Disseminate and communicate acquisition approval requirements to all affected parties. CC ID 13706 Communicate Preventive
    Include preventive maintenance contracts in system acquisition contracts. CC ID 06658 Establish/Maintain Documentation Preventive
    Prohibit the use of Personal Electronic Devices, absent approval. CC ID 04599 Behavior Detective
    Sign a forfeiture statement acknowledging unapproved Personal Electronic Devices will be confiscated. CC ID 11667 Physical and Environmental Protection Preventive
    Include chain of custody procedures in the product and services acquisition program. CC ID 10058 Acquisition/Sale of Assets or Services Preventive
    Review and update the acquisition contracts, as necessary. CC ID 14279 Acquisition/Sale of Assets or Services Corrective
    Establish and maintain a register of approved third parties, technologies and tools. CC ID 06836
    [{timely manner} Mobile carriers that are able to provide timely security updates for mobile devices are used. Security Control: 1365; Revision: 1
    {software separation mechanism} When using a software-based isolation mechanism to share a physical server's hardware, the isolation mechanism is from a vendor that uses secure coding practices and, when security vulnerabilities have been identified, develops and distributes patches in a timely manner. Security Control: 1460; Revision: 2
    {software separation mechanism} When using a software-based isolation mechanism to share a physical server's hardware, the isolation mechanism is from a vendor that uses secure coding practices and, when security vulnerabilities have been identified, develops and distributes patches in a timely manner. Security Control: 1460; Revision: 2]
    Establish/Maintain Documentation Preventive
    Install software that originates from approved third parties. CC ID 12184
    [Only trusted and supported operating systems, applications and computer code can execute on systems. P6:
    Only trusted and supported operating systems, applications and computer code can execute on systems. P6:
    {refrain from enabling} Users do not have the ability to install unapproved software. Security Control: 1592; Revision: 0
    {trusted supplier} Applications are chosen from vendors that have made a commitment to secure development and maintenance practices. Security Control: 0938; Revision: 4]
    Technical Security Preventive
    Acquire products or services. CC ID 11450 Acquisition/Sale of Assets or Services Preventive
    Acquire products through suppliers, as necessary. CC ID 13171
    [Systems and applications are delivered and supported by trusted suppliers. P2:]
    Acquisition/Sale of Assets or Services Preventive
    Pay suppliers in a timely manner. CC ID 06891 Acquisition/Sale of Assets or Services Preventive
    Register new systems with the program office or other applicable stakeholder. CC ID 13986
    [System owners register each system with its authorising officer. Security Control: 1525; Revision: 1]
    Business Processes Preventive
    Refrain from accepting assets with questionable provenance. CC ID 12194
    [{be relevant}{secure design practice} Components and services relevant to the security of systems are chosen from suppliers and service providers that have made a commitment to secure-by-design practices. Security Control: 1568; Revision: 1
    {Protection Profile}{Evaluation Assurance Level} If procuring an evaluated product, a product that has completed a PP-based evaluation is selected in preference to one that has completed an EAL-based evaluation. Security Control: 0280; Revision: 7]
    Business Processes Preventive
    Establish, implement, and maintain facilities, assets, and services acceptance procedures. CC ID 01144 Establish/Maintain Documentation Preventive
    Test new hardware or upgraded hardware and software for implementation of security controls. CC ID 06743 Testing Detective
    Test new software or upgraded software for security vulnerabilities. CC ID 01898
    [Software is tested for security vulnerabilities by software developers, as well as an independent party, before it is used in a production environment. Security Control: 0402; Revision: 3]
    Testing Detective
  • Audits and risk management
    51
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Audits and risk management CC ID 00677 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain an audit program. CC ID 00684 Establish/Maintain Documentation Preventive
    Accept the attestation engagement when all preconditions are met. CC ID 13933 Business Processes Preventive
    Audit in scope audit items and compliance documents as defined in the audit scope. CC ID 06730 Audits and Risk Management Preventive
    Determine if the audit assertion's in scope controls are reasonable. CC ID 06980 Testing Detective
    Document test plans for auditing in scope controls. CC ID 06985 Testing Detective
    Determine the effectiveness of in scope controls. CC ID 06984 Testing Detective
    Observe processes to determine the effectiveness of in scope controls. CC ID 12155
    [System owners ensure security controls for each system and its operating environment are assessed to determine if they have been implemented correctly and are operating as intended. Security Control: 1636; Revision: 0
    System owners ensure security controls for each system and its operating environment are assessed to determine if they have been implemented correctly and are operating as intended. Security Control: 1636; Revision: 0]
    Audits and Risk Management Detective
    Assess the quality of the audit program in regards to its documentation. CC ID 11622
    [{be complete} Data transfer logs are fully audited at least monthly. Security Control: 0660; Revision: 7
    {monthly basis} Data transfer logs are partially audited at least monthly. Security Control: 1294; Revision: 3]
    Audits and Risk Management Preventive
    Establish, implement, and maintain the audit plan. CC ID 01156 Testing Detective
    Include the audit criteria in the audit plan. CC ID 15262 Establish/Maintain Documentation Preventive
    Include a list of reference documents in the audit plan. CC ID 15260 Establish/Maintain Documentation Preventive
    Include the languages to be used for the audit in the audit plan. CC ID 15252 Establish/Maintain Documentation Preventive
    Include the allocation of resources in the audit plan. CC ID 15251 Establish/Maintain Documentation Preventive
    Include communication protocols in the audit plan. CC ID 15247 Establish/Maintain Documentation Preventive
    Include the level of audit sampling necessary to collect sufficient audit evidence in the audit plan. CC ID 15246 Establish/Maintain Documentation Preventive
    Include meeting schedules in the audit plan. CC ID 15245 Establish/Maintain Documentation Preventive
    Include the time frames for the audit in the audit plan. CC ID 15244 Establish/Maintain Documentation Preventive
    Include the time frames for conducting the audit in the audit plan. CC ID 15243 Establish/Maintain Documentation Preventive
    Include the locations to be audited in the audit plan. CC ID 15242 Establish/Maintain Documentation Preventive
    Include the processes to be audited in the audit plan. CC ID 15241 Establish/Maintain Documentation Preventive
    Include audit objectives in the audit plan. CC ID 15240 Establish/Maintain Documentation Preventive
    Include the risks associated with audit activities in the audit plan. CC ID 15239 Establish/Maintain Documentation Preventive
    Disseminate and communicate the audit plan to interested personnel and affected parties. CC ID 15238 Communicate Preventive
    Establish, implement, and maintain an audit schedule for the audit program. CC ID 13158 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a risk management program. CC ID 12051 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain the risk assessment framework. CC ID 00685 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a risk assessment program. CC ID 00687 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a risk assessment policy. CC ID 14026 Establish/Maintain Documentation Preventive
    Include coordination amongst entities in the risk assessment policy. CC ID 14120
    [The CISO coordinates security risk management activities between cyber security and business ="term_primary-noun">teams</span>. Security Control: 0726; Revision: 2]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain risk assessment procedures. CC ID 06446 Establish/Maintain Documentation Preventive
    Engage appropriate parties to assist with risk assessments, as necessary. CC ID 12153
    [System owners deploying systems with Radio Frequency (RF) transmitters inside or co-located with their facility contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment. Security Control: 0247; Revision: 3
    {located}{be higher} System owners deploying systems with RF transmitters that will be co-located with systems of a higher classification contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment. Security Control: 0248; Revision: 5
    {be overseas} System owners deploying systems overseas contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment. Security Control: 0249; Revision: 3
    {be overseas}{emanation risk} System owners deploying systems overseas contact the ACSC for emanation security threat advice and implement any additional installation criteria derived from the emanation security threat advice. Security Control: 0932; Revision: 5]
    Human Resources Management Preventive
    Establish, implement, and maintain a threat and risk classification scheme. CC ID 07183 Establish/Maintain Documentation Preventive
    Categorize the systems, information, and data by risk profile in the threat and risk classification scheme. CC ID 01443
    [{be the highest} Media is classified to the highest sensitivity or classification of information stored on the media. Security Control: 0323; Revision: 5]
    Audits and Risk Management Preventive
    Establish, implement, and maintain a risk assessment awareness and training program. CC ID 06453 Business Processes Preventive
    Disseminate and communicate information about risks to all interested personnel and affected parties. CC ID 06718
    [{not be secure}{sensitive information} Personnel are advised of security risks posed by non-secure telephone systems in areas where sensitive or classified conversations can occur. Security Control: 0230; Revision: 3
    Personnel are advised of security risks associated with posting personal information to online services and are encouraged to use any available privacy settings to restrict who can view such information. Security Control: 0821; Revision: 3]
    Behavior Preventive
    Perform a gap analysis to review in scope controls for identified risks and implement new controls, as necessary. CC ID 00704
    [System owners select security controls for each system and tailor them to achieve desired security objectives. Security Control: 1634; Revision: 0]
    Establish/Maintain Documentation Detective
    Prioritize and select controls based on the risk assessment findings. CC ID 00707
    [Systems have a continuous monitoring plan that includes: using a risk-based approach to prioritise the implementation of identified mitigations. Security Control: 1163; Revision: 6; Bullet 4]
    Audits and Risk Management Preventive
    Analyze the effect of threats on organizational strategies and objectives. CC ID 12850 Process or Activity Detective
    Analyze the effect of opportunities on organizational strategies and objectives. CC ID 12849 Process or Activity Detective
    Prioritize and categorize the effects of opportunities, threats and requirements on control activities. CC ID 12822 Audits and Risk Management Preventive
    Determine the effectiveness of risk control measures. CC ID 06601 Testing Detective
    Develop key indicators to inform management on the effectiveness of risk control measures. CC ID 12946 Audits and Risk Management Preventive
    Document and communicate a corrective action plan based on the risk assessment findings. CC ID 00705
    [At the conclusion of a security assessment for a system, a plan of action and milestones is produced by the system owner. Security Control: 1564; Revision: 0]
    Establish/Maintain Documentation Corrective
    Review and approve the risk assessment findings. CC ID 06485 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a cybersecurity risk management strategy. CC ID 11991
    [A cyber security strategy is developed and implemented for the organisation. Security Control: 0039; Revision: 4]
    Establish/Maintain Documentation Preventive
    Include a risk prioritization approach in the Cybersecurity Risk Management Strategy. CC ID 12276 Establish/Maintain Documentation Preventive
    Include defense in depth strategies in the cybersecurity risk management strategy. CC ID 15582 Establish/Maintain Documentation Preventive
    Evaluate the cyber insurance market. CC ID 12695 Business Processes Preventive
    Evaluate the usefulness of cyber insurance to the organization. CC ID 12694 Business Processes Preventive
    Acquire cyber insurance, as necessary. CC ID 12693 Business Processes Preventive
  • Human Resources management
    107
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Human Resources management CC ID 00763 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain high level operational roles and responsibilities. CC ID 00806 Establish Roles Preventive
    Define and assign the head of Information Security's roles and responsibilities. CC ID 06091
    [The CISO oversees their organisation's cyber security program and ensures their organisation's compliance with cyber security policy, standards, regulations and legislation. Security Control: 1478; Revision: 1
    The CISO oversees their organisation's response to cyber security incidents. Security Control: 1618; Revision: 0
    A Chief Information Security Officer provides leadership and oversight of cyber security. G1:]
    Establish Roles Preventive
    Define and assign the Chief Security Officer's roles and responsibilities. CC ID 06431
    [The CISO oversees cyber supply chain risk management activities for their organisation. Security Control: 0731; Revision: 2
    The CISO receives and manages a dedicated cyber security budget for their organisation. Security Control: 0732; Revision: 2
    The CISO oversees the management of cyber security personnel within their organisation. Security Control: 0717; Revision: 2
    The CISO oversees the development and operation of their organisation's cyber security awareness training program. Security Control: 0735; Revision: 2]
    Establish Roles Preventive
    Establish and maintain an Information Technology steering committee. CC ID 12706
    [The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key business and ICT executives, which meets formally and on a regular basis. Security Control: 0725; Revision: 2
    The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key business and ICT executives, which meets formally and on a regular basis. Security Control: 0725; Revision: 2]
    Human Resources Management Preventive
    Assign the Information Technology steering committee to report to senior management. CC ID 12731 Human Resources Management Preventive
    Convene the Information Technology steering committee, as necessary. CC ID 12730
    [The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key business and ICT executives, which meets formally and on a regular basis. Security Control: 0725; Revision: 2]
    Human Resources Management Preventive
    Assign reviewing investments to the Information Technology steering committee, as necessary. CC ID 13625 Human Resources Management Preventive
    Establish, implement, and maintain a personnel management program. CC ID 14018 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a personnel security program. CC ID 10628 Establish/Maintain Documentation Preventive
    Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 Testing Detective
    Establish, implement, and maintain personnel screening procedures. CC ID 11700
    [Personnel undergo appropriate employment screening, and where necessary hold an appropriate security clearance, before being granted access to a system and its resources. Security Control: 0434; Revision: 6]
    Establish/Maintain Documentation Preventive
    Perform a background check during personnel screening. CC ID 11758 Human Resources Management Detective
    Perform a personal identification check during personnel screening. CC ID 06721 Human Resources Management Preventive
    Perform a criminal records check during personnel screening. CC ID 06643 Establish/Maintain Documentation Preventive
    Include all residences in the criminal records check. CC ID 13306 Process or Activity Preventive
    Document any reasons a full criminal records check could not be performed. CC ID 13305 Establish/Maintain Documentation Preventive
    Perform a personal references check during personnel screening. CC ID 06645 Human Resources Management Preventive
    Perform a credit check during personnel screening. CC ID 06646 Human Resources Management Preventive
    Perform an academic records check during personnel screening. CC ID 06647 Establish/Maintain Documentation Preventive
    Perform a drug test during personnel screening. CC ID 06648 Testing Preventive
    Perform a resume check during personnel screening. CC ID 06659 Human Resources Management Preventive
    Perform a curriculum vitae check during personnel screening. CC ID 06660 Human Resources Management Preventive
    Allow personnel being screened to appeal findings and appeal decisions. CC ID 06720 Human Resources Management Preventive
    Establish, implement, and maintain security clearance procedures. CC ID 00783 Establish/Maintain Documentation Preventive
    Perform security clearance procedures, as necessary. CC ID 06644
    [Personnel undergo appropriate employment screening, and where necessary hold an appropriate security clearance, before being granted access to a system and its resources. Security Control: 0434; Revision: 6]
    Human Resources Management Preventive
    Update security clearances, as necessary. CC ID 01634 Human Resources Management Preventive
    Establish and maintain the staff structure in line with the strategic plan. CC ID 00764 Establish Roles Preventive
    Establish and maintain relationships with critical stakeholders, business functions, and leadership outside the in scope staff. CC ID 00779
    [Once connectivity is established, system owners become information stakeholders for all connected security domains. Security Control: 0607; Revision: 3]
    Behavior Preventive
    Train all personnel and third parties, as necessary. CC ID 00785
    [{ongoing basis} Personnel are provided with ongoing cyber security awareness training. P13:
    System administrators are formally trained to manage gateways. Security Control: 0612; Revision: 4
    Users are trained on the secure use of a CDS before access to the CDS is granted. Security Control: 0610; Revision: 6]
    Behavior Preventive
    Establish, implement, and maintain an education methodology. CC ID 06671 Business Processes Preventive
    Support certification programs as viable training programs. CC ID 13268 Human Resources Management Preventive
    Retrain all personnel, as necessary. CC ID 01362 Behavior Preventive
    Tailor training to meet published guidance on the subject being taught. CC ID 02217 Behavior Preventive
    Tailor training to be taught at each person's level of responsibility. CC ID 06674 Behavior Preventive
    Conduct cross-training or staff backup training to minimize dependency on critical individuals. CC ID 00786 Behavior Preventive
    Document all training in a training record. CC ID 01423 Establish/Maintain Documentation Detective
    Use automated mechanisms in the training environment, where appropriate. CC ID 06752 Behavior Preventive
    Conduct tests and evaluate training. CC ID 06672 Testing Detective
    Hire third parties to conduct training, as necessary. CC ID 13167 Human Resources Management Preventive
    Review the current published guidance and awareness and training programs. CC ID 01245 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain training plans. CC ID 00828 Establish/Maintain Documentation Preventive
    Train personnel to recognize conditions of diseases or sicknesses, as necessary. CC ID 14383 Training Detective
    Include prevention techniques in training regarding diseases or sicknesses. CC ID 14387 Training Preventive
    Include the concept of disease clusters when training to recognize conditions of diseases or sicknesses. CC ID 14386 Training Preventive
    Train personnel to identify and communicate symptoms of exposure to disease or sickness. CC ID 14385 Training Detective
    Develop or acquire content to update the training plans. CC ID 12867 Training Preventive
    Include portions of the visitor control program in the training plan. CC ID 13287 Establish/Maintain Documentation Preventive
    Include ethical culture in the training plan, as necessary. CC ID 12801 Human Resources Management Preventive
    Include in scope external requirements in the training plan, as necessary. CC ID 13041 Training Preventive
    Include duties and responsibilities in the training plan, as necessary. CC ID 12800 Human Resources Management Preventive
    Conduct bespoke roles and responsibilities training, as necessary. CC ID 13192 Training Preventive
    Include risk management in the training plan, as necessary. CC ID 13040 Training Preventive
    Conduct Archives and Records Management training. CC ID 00975 Behavior Preventive
    Conduct personal data processing training. CC ID 13757 Training Preventive
    Include in personal data processing training how to provide the contact information for the categories of personal data the organization may disclose. CC ID 13758 Training Preventive
    Include the cloud service usage standard in the training plan. CC ID 13039 Training Preventive
    Establish, implement, and maintain a security awareness program. CC ID 11746 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a security awareness and training policy. CC ID 14022 Establish/Maintain Documentation Preventive
    Include compliance requirements in the security awareness and training policy. CC ID 14092 Establish/Maintain Documentation Preventive
    Include coordination amongst entities in the security awareness and training policy. CC ID 14091
    [{security personnel} Cyber security awareness training is undertaken annually by all personnel and covers: security appointments and contacts within the organisation Security Control: 0252; Revision: 6; Bullet 2]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain security awareness and training procedures. CC ID 14054 Establish/Maintain Documentation Preventive
    Disseminate and communicate the security awareness and training procedures to interested personnel and affected parties. CC ID 14138 Communicate Preventive
    Include management commitment in the security awareness and training policy. CC ID 14049 Establish/Maintain Documentation Preventive
    Include roles and responsibilities in the security awareness and training policy. CC ID 14048 Establish/Maintain Documentation Preventive
    Include the scope in the security awareness and training policy. CC ID 14047
    [Cyber security awareness training is undertaken annually by all personnel and covers: authorised use of systems and their resources Security Control: 0252; Revision: 6; Bullet 3]
    Establish/Maintain Documentation Preventive
    Include the purpose in the security awareness and training policy. CC ID 14045
    [Cyber security awareness training is undertaken annually by all personnel and covers: the purpose of the cyber security awareness training Security Control: 0252; Revision: 6; Bullet 1]
    Establish/Maintain Documentation Preventive
    Include configuration management procedures in the security awareness program. CC ID 13967 Establish/Maintain Documentation Preventive
    Document security awareness requirements. CC ID 12146 Establish/Maintain Documentation Preventive
    Include safeguards for information systems in the security awareness program. CC ID 13046
    [Cyber security awareness training is undertaken annually by all personnel and covers: protection of systems and their resources Security Control: 0252; Revision: 6; Bullet 4]
    Establish/Maintain Documentation Preventive
    Include security policies and security standards in the security awareness program. CC ID 13045 Establish/Maintain Documentation Preventive
    Include mobile device security guidelines in the security awareness program. CC ID 11803
    [{privacy risk}{be overseas} Personnel are advised of privacy and security risks when travelling overseas with mobile devices. Security Control: 1298; Revision: 2]
    Establish/Maintain Documentation Preventive
    Include updates on emerging issues in the security awareness program. CC ID 13184 Training Preventive
    Include cybersecurity in the security awareness program. CC ID 13183
    [{annual basis} Cyber security awareness training is undertaken annually by all personnel and covers: Security Control: 0252; Revision: 6]
    Training Preventive
    include the acceptable use policy in the security awareness program. CC ID 15487 Training Preventive
    Include training based on the participants' level of responsibility and access level in the security awareness program. CC ID 11802
    [{annual basis} Tailored privileged user training is undertaken annually by all privileged users. Security Control: 1565; Revision: 0]
    Establish/Maintain Documentation Preventive
    Include a requirement to train all new hires and interested personnel in the security awareness program. CC ID 11800 Establish/Maintain Documentation Preventive
    Include remote access in the security awareness program. CC ID 13892 Establish/Maintain Documentation Preventive
    Document the goals of the security awareness program. CC ID 12145 Establish/Maintain Documentation Preventive
    Compare current security awareness assessment reports to the security awareness baseline. CC ID 12150 Establish/Maintain Documentation Preventive
    Establish and maintain management's commitment to supporting the security awareness program. CC ID 12151 Human Resources Management Preventive
    Establish and maintain a steering committee to guide the security awareness program. CC ID 12149 Human Resources Management Preventive
    Document the scope of the security awareness program. CC ID 12148 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a security awareness baseline. CC ID 12147 Establish/Maintain Documentation Preventive
    Encourage interested personnel to obtain security certification. CC ID 11804 Human Resources Management Preventive
    Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823 Behavior Preventive
    Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211
    [Cyber security awareness training is undertaken annually by all personnel and covers: reporting of cyber security incidents and suspected compromises of systems and their resources. Security Control: 0252; Revision: 6; Bullet 5
    Cyber security awareness training is undertaken annually by all personnel and covers: reporting of cyber security incidents and suspected compromises of systems and their resources. Security Control: 0252; Revision: 6; Bullet 5
    {way} Personnel are advised of what suspicious contact via online services is and how to report it. Security Control: 0817; Revision: 4
    {way} Personnel are advised of what suspicious contact via online services is and how to report it. Security Control: 0817; Revision: 4]
    Behavior Preventive
    Train all personnel and third parties on how to recognize and report system failures. CC ID 13475 Training Preventive
    Require personnel to acknowledge, through writing their signature, that they have read and understand the organization's security policies. CC ID 01363 Establish/Maintain Documentation Preventive
    Monitor and measure the effectiveness of security awareness. CC ID 06262 Monitor and Evaluate Occurrences Detective
    Establish, implement, and maintain an environmental management system awareness program. CC ID 15200 Establish/Maintain Documentation Preventive
    Conduct secure coding and development training for developers. CC ID 06822 Behavior Corrective
    Conduct tampering prevention training. CC ID 11875 Training Preventive
    Include the mandate to refrain from installing, refrain from replacing, and refrain from returning any asset absent verification in the tampering prevention training. CC ID 11877 Training Preventive
    Include how to identify and authenticate third parties claiming to be maintenance personnel in the tampering prevention training. CC ID 11876 Training Preventive
    Include how to report tampering and unauthorized substitution in the tampering prevention training. CC ID 11879
    [{be overseas}Upon returning from travelling overseas with mobile devices, personnel take the following actions: report if significant doubt exists as to the integrity of any devices following their travel. Security Control: 1300; Revision: 4; Bullet 3]
    Training Preventive
    Include how to prevent physical tampering in the tampering prevention training. CC ID 11878
    [{be overseas}{high risk area}If travelling overseas with mobile devices to high/extreme risk countries, personnel are: advised on how to apply and inspect tamper seals to key areas of devices Security Control: 1554; Revision: 0; Bullet 2]
    Training Preventive
    Include procedures on how to inspect devices in the tampering prevention training. CC ID 11990
    [{be overseas}{high risk area}If travelling overseas with mobile devices to high/extreme risk countries, personnel are: advised on how to apply and inspect tamper seals to key areas of devices Security Control: 1554; Revision: 0; Bullet 2]
    Training Preventive
    Train interested personnel and affected parties to collect digital forensic evidence. CC ID 08658 Training Preventive
    Conduct crime prevention training. CC ID 06350 Behavior Preventive
    Analyze and evaluate training records to improve the training program. CC ID 06380 Monitor and Evaluate Occurrences Detective
    Establish, implement, and maintain a personnel health and safety policy. CC ID 00716 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a travel program for all personnel. CC ID 10597 Human Resources Management Preventive
    Refrain from loaning mobile devices to unauthorized personnel. CC ID 15218
    [{be overseas}{refrain from loaning}{not be trusted} Personnel take the following precautions when travelling overseas with mobile devices: never lending devices to untrusted people, even if briefly Security Control: 1299; Revision: 2; Bullet 3]
    Business Processes Preventive
    Issue devices with secure configurations to individuals traveling to locations deemed to be of risk. CC ID 10598
    [{be overseas}{high risk area}{business use} If travelling overseas with mobile devices to high/extreme risk countries, personnel are: issued with newly provisioned accounts and devices from a pool of dedicated travel devices which are used solely for work-related activities Security Control: 1554; Revision: 0; Bullet 1]
    Configuration Preventive
    Establish, implement, and maintain a legal support program. CC ID 13710
    [Legal advice is sought regarding the development and implementation of a trusted insider program. Security Control: 1626; Revision: 0]
    Establish/Maintain Documentation Preventive
    Provide security inspectors access to personnel files during site reviews. CC ID 12300 Audits and Risk Management Detective
  • Leadership and high level objectives
    9
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Leadership and high level objectives CC ID 00597 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a reporting methodology program. CC ID 02072 Business Processes Preventive
    Establish, implement, and maintain communication protocols. CC ID 12245 Establish/Maintain Documentation Preventive
    Align the information being disseminated and communicated with the communication requirements according to the organization's communication protocol. CC ID 12419
    [{timely manner} The sender of a fax message makes arrangements for the receiver to collect the fax message as soon as possible after it is received and notify the sender if the fax message does not arrive in an agreed amount of time. Security Control: 1075; Revision: 1
    {timely manner} The sender of a fax message makes arrangements for the receiver to collect the fax message as soon as possible after it is received and notify the sender if the fax message does not arrive in an agreed amount of time. Security Control: 1075; Revision: 1]
    Establish/Maintain Documentation Preventive
    Assess the effectiveness of the communication methods used in the communication protocol. CC ID 12691 Process or Activity Detective
    Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a policy and procedure management program. CC ID 06285 Establish/Maintain Documentation Preventive
    Establish and maintain an Authority Document list. CC ID 07113 Establish/Maintain Documentation Preventive
    Document organizational procedures that harmonize external requirements, including all legal requirements. CC ID 00623
    [Legal advice is sought before allowing targeted cyber intrusion activity to continue on a system for the purpose of collecting further information or evidence. Security Control: 0137; Revision: 2
    Legal advice is sought regarding the inspection of TLS traffic by internet gateways. Security Control: 0996; Revision: 5]
    Establish/Maintain Documentation Preventive
  • Monitoring and measurement
    218
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Monitoring and measurement CC ID 00636 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain Security Control System monitoring and reporting procedures. CC ID 12506
    [System owners monitor each system, and associated cyber threats, security risks and security controls, on an ongoing basis. Security Control: 1526; Revision: 1]
    Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of a change detection mechanism in the Security Control System monitoring and reporting procedures. CC ID 12525 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of audit logging in the Security Control System monitoring and reporting procedures. CC ID 12513 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of an anti-malware solution in the Security Control System monitoring and reporting procedures CC ID 12512 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of a segmentation control in the Security Control System monitoring and reporting procedures. CC ID 12511 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of a physical access control in the Security Control System monitoring and reporting procedures. CC ID 12510 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of a logical access control in the Security Control System monitoring and reporting procedures. CC ID 12509 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of an Intrusion Detection and Prevention System in the Security Control System monitoring and reporting procedures. CC ID 12508 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of a security testing tool in the Security Control System monitoring and reporting procedures. CC ID 15488 Establish/Maintain Documentation Preventive
    Include detecting and reporting the failure of a firewall in the Security Control System monitoring and reporting procedures. CC ID 12507 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain logging and monitoring operations. CC ID 00637 Log Management Detective
    Enable monitoring and logging operations on all assets that meet the organizational criteria to maintain event logs. CC ID 06312
    [All gateways connecting networks in different security domains are operated such that they: log network traffic permitted through the gateway Security Control: 0634; Revision: 7; Bullet 1
    All gateways connecting networks in different security domains are operated such that they: log network traffic attempting to leave the gateway Security Control: 0634; Revision: 7; Bullet 2
    All gateways connecting networks in different security domains are operated such that they: are configured to save event logs to a secure logging facility Security Control: 0634; Revision: 7; Bullet 3
    {unusual activity}All gateways connecting networks in different security domains are operated such that they: provide real-time alerts for any cyber security incidents, attempted intrusions and unusual usage patterns. Security Control: 0634; Revision: 7; Bullet 4
    When deploying NIDS or NIPS in non-internet gateways, they are configured to monitor unusual patterns of behaviour or traffic flows rather than internet-based communication protocol signatures. Security Control: 1185; Revision: 3
    {logging capability}{transcription capability} PowerShell is configured to use module logging, script block logging and transcription functionality. Security Control: 1623; Revision: 0
    A web proxy authenticates users and provides logging that includes the following details about websites accessed: Security Control: 0261; Revision: 4
    {be external}{be internal}A web proxy authenticates users and provides logging that includes the following details about websites accessed: internal and external IP addresses. Security Control: 0261; Revision: 4; Bullet 5]
    Log Management Preventive
    Review and approve the use of continuous security management systems. CC ID 13181 Process or Activity Preventive
    Protect continuous security management systems from unauthorized use. CC ID 13097 Configuration Preventive
    Establish, implement, and maintain intrusion management operations. CC ID 00580
    [System owners are consulted before allowing targeted cyber intrusion activity to continue on a system for the purpose of collecting further information or evidence. Security Control: 1609; Revision: 0]
    Monitor and Evaluate Occurrences Preventive
    Establish, implement, and maintain an intrusion detection and prevention policy. CC ID 15169
    [An intrusion detection and prevention policy is developed and implemented. Security Control: 0576; Revision: 7]
    Establish/Maintain Documentation Preventive
    Install and maintain an Intrusion Detection System and/or Intrusion Prevention System. CC ID 00581
    [{host-based intrusion prevention system} A HIPS is implemented on workstations. Security Control: 1341; Revision: 2
    {host-based intrusion prevention system}{DNS server} A HIPS is implemented on high value servers such as authentication servers, Domain Name System (DNS) servers, web servers, file servers and email servers. Security Control: 1034; Revision: 6
    If supported, Microsoft's exploit protection functionality is implemented on workstations and servers. Security Control: 1492; Revision: 0]
    Configuration Preventive
    Protect each person's right to privacy and civil liberties during intrusion management operations. CC ID 10035 Behavior Preventive
    Do not intercept communications of any kind when providing a service to clients. CC ID 09985 Behavior Preventive
    Determine if honeypots should be installed, and if so, where the honeypots should be placed. CC ID 00582 Technical Security Detective
    Monitor systems for inappropriate usage and other security violations. CC ID 00585
    [Cyber security personnel have access to sufficient data sources and tools to ensure that systems can be monitored for key indicators of compromise. Security Control: 0120; Revision: 5
    System owners monitor each system, and associated cyber threats, security risks and security controls, on an ongoing basis. Security Control: 1526; Revision: 1
    Unauthorised access to the authoritative source for software is prevented. Security Control: 1422; Revision: 3
    Cyber security events and anomalous activities are detected, collected, correlated and analysed in a timely manner. D1:]
    Monitor and Evaluate Occurrences Detective
    Monitor systems for blended attacks and multiple component incidents. CC ID 01225 Monitor and Evaluate Occurrences Detective
    Monitor systems for Denial of Service attacks. CC ID 01222
    [{way} A denial of service response plan is developed and implemented that includes: how to identify signs of a denial of service Security Control: 1019; Revision: 7; Bullet 1
    {way} A denial of service response plan is developed and implemented that includes: how to identify the source of a denial of service Security Control: 1019; Revision: 7; Bullet 2
    {real time} Availability monitoring with real-time alerting is implemented to detect denial-of-service attacks and measure their impact. Security Control: 1435; Revision: 1
    {real time} Availability monitoring with real-time alerting is implemented to detect denial-of-service attacks and measure their impact. Security Control: 1435; Revision: 1
    {continuous monitoring} Organisations perform continuous real-time monitoring of the availability of online services. Security Control: 1581; Revision: 0]
    Monitor and Evaluate Occurrences Detective
    Monitor systems for unauthorized data transfers. CC ID 12971 Monitor and Evaluate Occurrences Preventive
    Address operational anomalies within the incident management system. CC ID 11633 Audits and Risk Management Preventive
    Monitor systems for access to restricted data or restricted information. CC ID 04721 Monitor and Evaluate Occurrences Detective
    Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 Human Resources Management Detective
    Detect unauthorized access to systems. CC ID 06798 Monitor and Evaluate Occurrences Detective
    Incorporate potential red flags into the organization's incident management system. CC ID 04652 Monitor and Evaluate Occurrences Detective
    Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 Audits and Risk Management Preventive
    Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430
    [If an organisation's systems or information are accessed or administered by a service provider in an unauthorised manner, organisations are immediately notified. Security Control: 1576; Revision: 0
    NIDS or NIPS in gateways are located immediately inside the outermost firewall and configured to generate a log entry, and an alert, for any information flows that contravene any rule in firewall rule sets. Security Control: 1030; Revision: 6
    Denial-of-service attack prevention and mitigation strategies are discussed with cloud service providers, specifically: thresholds for notification of denial-of-service attacks Security Control: 1431; Revision: 2; Bullet 3]
    Monitor and Evaluate Occurrences Detective
    Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 Monitor and Evaluate Occurrences Detective
    Monitor systems for unauthorized mobile code. CC ID 10034 Monitor and Evaluate Occurrences Preventive
    Update the intrusion detection capabilities and the incident response capabilities regularly. CC ID 04653 Technical Security Preventive
    Implement honeyclients to proactively seek for malicious websites and malicious code. CC ID 10658 Technical Security Preventive
    Implement detonation chambers, where appropriate. CC ID 10670 Technical Security Preventive
    Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638
    [An event log auditing process, and supporting event log auditing procedures, is developed and implemented covering the scope and schedule of audits, what constitutes a violation of security policy, and actions to be taken when violations are detected, including reporting requirements. Security Control: 0109; Revision: 6
    A web proxy authenticates users and provides logging that includes the following details about websites accessed: amount of data uploaded and downloaded Security Control: 0261; Revision: 4; Bullet 4]
    Log Management Detective
    Establish, implement, and maintain an event logging policy. CC ID 15217
    [An event logging policy is developed and implemented. Security Control: 0580; Revision: 6]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain event logging procedures. CC ID 01335
    [An event log auditing process, and supporting event log auditing procedures, is developed and implemented covering the scope and schedule of audits, what constitutes a violation of security policy, and actions to be taken when violations are detected, including reporting requirements. Security Control: 0109; Revision: 6]
    Log Management Detective
    Include a standard to collect and interpret event logs in the event logging procedures. CC ID 00643
    [{regular basis} All security-relevant events generated by a CDS are logged and regularly analysed. Security Control: 0670; Revision: 4
    An event log auditing process, and supporting event log auditing procedures, is developed and implemented covering the scope and schedule of audits, what constitutes a violation of security policy, and actions to be taken when violations are detected, including reporting requirements. Security Control: 0109; Revision: 6
    An event log auditing process, and supporting event log auditing procedures, is developed and implemented covering the scope and schedule of audits, what constitutes a violation of security policy, and actions to be taken when violations are detected, including reporting requirements. Security Control: 0109; Revision: 6
    An event log auditing process, and supporting event log auditing procedures, is developed and implemented covering the scope and schedule of audits, what constitutes a violation of security policy, and actions to be taken when violations are detected, including reporting requirements. Security Control: 0109; Revision: 6
    An event log auditing process, and supporting event log auditing procedures, is developed and implemented covering the scope and schedule of audits, what constitutes a violation of security policy, and actions to be taken when violations are detected, including reporting requirements. Security Control: 0109; Revision: 6
    Cyber security events and anomalous activities are detected, collected, correlated and analysed in a timely manner. D1:]
    Log Management Preventive
    Protect the event logs from failure. CC ID 06290 Log Management Preventive
    Overwrite the oldest records when audit logging fails. CC ID 14308 Data and Information Management Preventive
    Supply each in scope asset with audit reduction tool and report generation capabilities to support after-the-fact investigations without altering the event logs. CC ID 01427 Testing Preventive
    Provide predefined suspicious activity reports for suspicious activity discovered in the event log. CC ID 06774 Establish/Maintain Documentation Corrective
    Compile the event logs of multiple components into a system-wide time-correlated audit trail. CC ID 01424
    [A representative sample of security events generated by a CDS, relating to the enforcement of data transfer policies, is taken at least every 3 months and assessed against the security policies that the CDS is responsible for enforcing between security domains. Security Control: 1523; Revision: 0
    Events are correlated across event logs to prioritise audits and focus investigations. Security Control: 1228; Revision: 2
    A centralised logging facility is implemented and systems are configured to save event logs to the centralised logging facility as soon as possible after each event occurs. Security Control: 1405; Revision: 1]
    Audits and Risk Management Preventive
    Review and update event logs and audit logs, as necessary. CC ID 00596
    [A representative sample of security events generated by a CDS, relating to the enforcement of data transfer policies, is taken at least every 3 months and assessed against the security policies that the CDS is responsible for enforcing between security domains. Security Control: 1523; Revision: 0]
    Log Management Detective
    Eliminate false positives in event logs and audit logs. CC ID 07047 Log Management Corrective
    Correlate log entries to security controls to verify the security control's effectiveness. CC ID 13207 Log Management Detective
    Identify cybersecurity events in event logs and audit logs. CC ID 13206 Technical Security Detective
    Follow up exceptions and anomalies identified when reviewing logs. CC ID 11925 Investigate Corrective
    Reproduce the event log if a log failure is captured. CC ID 01426 Log Management Preventive
    Document the event information to be logged in the event information log specification. CC ID 00639 Configuration Preventive
    Enable logging for all systems that meet a traceability criteria. CC ID 00640 Log Management Detective
    Enable the logging capability to capture enough information to ensure the system is functioning according to its intended purpose throughout its life cycle. CC ID 15001 Configuration Preventive
    Enable and configure logging on all network access controls. CC ID 01963 Configuration Preventive
    Analyze firewall logs for the correct capturing of data. CC ID 00549 Log Management Detective
    Synchronize system clocks to an accurate and universal time source on all devices. CC ID 01340
    [An accurate time source is established and used consistently across systems and network devices to assist with the correlation of events. Security Control: 0988; Revision: 5]
    Configuration Preventive
    Centralize network time servers to as few as practical. CC ID 06308 Configuration Preventive
    Disseminate and communicate information to customers about clock synchronization methods used by the organization. CC ID 13044 Communicate Preventive
    Define the frequency to capture and log events. CC ID 06313 Log Management Preventive
    Include logging frequencies in the event logging procedures. CC ID 00642
    [An event log auditing process, and supporting event log auditing procedures, is developed and implemented covering the scope and schedule of audits, what constitutes a violation of security policy, and actions to be taken when violations are detected, including reporting requirements. Security Control: 0109; Revision: 6]
    Log Management Preventive
    Review and update the list of auditable events in the event logging procedures. CC ID 10097 Establish/Maintain Documentation Preventive
    Monitor and evaluate system performance. CC ID 00651
    [System owners monitor each system, and associated cyber threats, security risks and security controls, on an ongoing basis. Security Control: 1526; Revision: 1]
    Monitor and Evaluate Occurrences Detective
    Disseminate and communicate monitoring capabilities with interested personnel and affected parties. CC ID 13156 Communicate Preventive
    Disseminate and communicate statistics on resource usage with interested personnel and affected parties. CC ID 13155 Communicate Preventive
    Monitor for and react to when suspicious activities are detected. CC ID 00586
    [Cyber security events and anomalous activities are detected, collected, correlated and analysed in a timely manner. D1:]
    Monitor and Evaluate Occurrences Detective
    Erase payment applications when suspicious activity is confirmed. CC ID 12193 Technical Security Corrective
    Report a data loss event when non-truncated payment card numbers are outputted. CC ID 04741 Establish/Maintain Documentation Corrective
    Report a data loss event after a security incident is detected and there are indications that the unauthorized person has control of electronic information. CC ID 04727 Monitor and Evaluate Occurrences Corrective
    Report a data loss event after a security incident is detected and there are indications that the unauthorized person has control of printed records. CC ID 04728 Monitor and Evaluate Occurrences Corrective
    Report a data loss event after a security incident is detected and there are indications that the unauthorized person has accessed information in either paper or electronic form. CC ID 04740 Monitor and Evaluate Occurrences Corrective
    Report a data loss event after a security incident is detected and there are indications that the information has been or will likely be used in an unauthorized manner. CC ID 04729 Monitor and Evaluate Occurrences Corrective
    Report a data loss event after a security incident is detected and there are indications that the information has been or will likely be used in an unauthorized manner that could cause substantial economic impact. CC ID 04742 Monitor and Evaluate Occurrences Corrective
    Establish, implement, and maintain a continuous monitoring program for configuration management. CC ID 06757 Establish/Maintain Documentation Detective
    Monitor for and report when a software configuration is updated. CC ID 06746 Monitor and Evaluate Occurrences Detective
    Implement file integrity monitoring. CC ID 01205
    [{software separation mechanism} When using a software-based isolation mechanism to share a physical server's hardware, integrity and log monitoring are performed for the isolation mechanism and underlying operating system in a timely manner. Security Control: 1607; Revision: 0
    The integrity of content is verified where applicable and blocked if verification fails. Security Control: 1292; Revision: 1
    An approach for patching or updating operating systems and firmware that ensures the integrity and authenticity of patches or updates, as well as the processes used to apply them, is used. Security Control: 1499; Revision: 0]
    Monitor and Evaluate Occurrences Detective
    Identify unauthorized modifications during file integrity monitoring. CC ID 12096 Technical Security Detective
    Monitor for software configurations updates absent authorization. CC ID 10676 Monitor and Evaluate Occurrences Preventive
    Allow expected changes during file integrity monitoring. CC ID 12090 Technical Security Preventive
    Monitor for when documents are being updated absent authorization. CC ID 10677 Monitor and Evaluate Occurrences Preventive
    Include a change history and identify who made the changes in the file integrity monitoring report. CC ID 12091 Establish/Maintain Documentation Preventive
    Alert interested personnel and affected parties when an unauthorized modification to critical files is detected. CC ID 12045 Process or Activity Preventive
    Monitor and evaluate user account activity. CC ID 07066
    [The use of privileged accounts, and any activities undertaken with them, are monitored and audited. Security Control: 1509; Revision: 0
    The use of privileged accounts, and any activities undertaken with them, are monitored and audited. Security Control: 1509; Revision: 0
    {non-privileged account} The use of standard accounts, and any activities undertaken with them, are monitored and audited. Security Control: 1566; Revision: 0
    {non-privileged account} The use of standard accounts, and any activities undertaken with them, are monitored and audited. Security Control: 1566; Revision: 0
    {be overseas}{high risk area}If returning from travelling overseas with mobile devices to high/extreme risk countries, personnel take the following additional actions: monitor accounts for any indicators of compromise, such as failed login attempts. Security Control: 1556; Revision: 0; Bullet 2
    {unauthorized modification} Break glass accounts are monitored and audited for unauthorised use or modification. Security Control: 1613; Revision: 0]
    Monitor and Evaluate Occurrences Detective
    Develop and maintain a usage profile for each user account. CC ID 07067 Technical Security Preventive
    Log account usage to determine dormant accounts. CC ID 12118 Log Management Detective
    Log account usage times. CC ID 07099 Log Management Detective
    Generate daily reports of user logons during hours outside of their usage profile. CC ID 07068 Monitor and Evaluate Occurrences Detective
    Generate daily reports of users who have grossly exceeded their usage profile logon duration. CC ID 07069 Monitor and Evaluate Occurrences Detective
    Log account usage durations. CC ID 12117 Monitor and Evaluate Occurrences Detective
    Notify the appropriate personnel after identifying dormant accounts. CC ID 12125 Communicate Detective
    Log Internet Protocol addresses used during logon. CC ID 07100 Log Management Detective
    Report red flags when logon credentials are used on a computer different from the one in the usage profile. CC ID 07070 Monitor and Evaluate Occurrences Detective
    Report inappropriate usage of user accounts to the appropriate personnel. CC ID 14243 Communicate Detective
    Establish, implement, and maintain a risk monitoring program. CC ID 00658 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a system security plan. CC ID 01922
    [Systems have a system security plan that includes a description of the system and an annex that covers both security controls from this document (based on the system's classification, functionality and technologies) and any additional security controls that have been identified for the system. Security Control: 0041; Revision: 3]
    Testing Preventive
    Include a description of the operational context in the system security plan. CC ID 14301 Establish/Maintain Documentation Preventive
    Include the results of the security categorization in the system security plan. CC ID 14281 Establish/Maintain Documentation Preventive
    Include the information types in the system security plan. CC ID 14696 Establish/Maintain Documentation Preventive
    Include the security requirements in the system security plan. CC ID 14274
    [Each system's system security plan specifies any requirements for access to the system and its resources. Security Control: 0432; Revision: 6]
    Establish/Maintain Documentation Preventive
    Include threats in the system security plan. CC ID 14693 Establish/Maintain Documentation Preventive
    Include network diagrams in the system security plan. CC ID 14273 Establish/Maintain Documentation Preventive
    Include roles and responsibilities in the system security plan. CC ID 14682 Establish/Maintain Documentation Preventive
    Include the results of the privacy risk assessment in the system security plan. CC ID 14676 Establish/Maintain Documentation Preventive
    Disseminate and communicate the system security plan to interested personnel and affected parties. CC ID 14275 Communicate Preventive
    Include a description of the operational environment in the system security plan. CC ID 14272
    [Systems have a system security plan that includes a description of the system and an annex that covers both security controls from this document (based on the system's classification, functionality and technologies) and any additional security controls that have been identified for the system. Security Control: 0041; Revision: 3]
    Establish/Maintain Documentation Preventive
    Include the security categorizations and rationale in the system security plan. CC ID 14270 Establish/Maintain Documentation Preventive
    Include the authorization boundary in the system security plan. CC ID 14257 Establish/Maintain Documentation Preventive
    Align the enterprise architecture with the system security plan. CC ID 14255 Process or Activity Preventive
    Include security controls in the system security plan. CC ID 14239
    [Systems have a system security plan that includes a description of the system and an annex that covers both security controls from this document (based on the system's classification, functionality and technologies) and any additional security controls that have been identified for the system. Security Control: 0041; Revision: 3]
    Establish/Maintain Documentation Preventive
    Create specific test plans to test each system component. CC ID 00661 Establish/Maintain Documentation Preventive
    Include the roles and responsibilities in the test plan. CC ID 14299 Establish/Maintain Documentation Preventive
    Include the assessment team in the test plan. CC ID 14297 Establish/Maintain Documentation Preventive
    Include the scope in the test plans. CC ID 14293 Establish/Maintain Documentation Preventive
    Include the assessment environment in the test plan. CC ID 14271 Establish/Maintain Documentation Preventive
    Approve the system security plan. CC ID 14241
    [Organisational-level security documentation is approved by the Chief Information Security Officer while system-specific security documentation is approved by the system's authorising officer. Security Control: 0047; Revision: 4]
    Business Processes Preventive
    Adhere to the system security plan. CC ID 11640 Testing Detective
    Review the test plans for each system component. CC ID 00662 Establish/Maintain Documentation Preventive
    Validate all testing assumptions in the test plans. CC ID 00663 Testing Detective
    Document validated testing processes in the testing procedures. CC ID 06200 Establish/Maintain Documentation Preventive
    Require testing procedures to be complete. CC ID 00664 Testing Detective
    Include error details, identifying the root causes, and mitigation actions in the testing procedures. CC ID 11827 Establish/Maintain Documentation Preventive
    Determine the appropriate assessment method for each testing process in the test plan. CC ID 00665 Testing Preventive
    Implement automated audit tools. CC ID 04882 Acquisition/Sale of Assets or Services Preventive
    Assign senior management to approve test plans. CC ID 13071 Human Resources Management Preventive
    Establish, implement, and maintain a testing program. CC ID 00654 Behavior Preventive
    Scan organizational networks for rogue devices. CC ID 00536 Testing Detective
    Deny network access to rogue devices until network access approval has been received. CC ID 11852
    [{automatic registration}IP telephony is configured such that: auto-registration is disabled and only authorised devices are allowed to access the network Security Control: 0551; Revision: 7; Bullet 2
    IP telephony is configured such that: unauthorised devices are blocked by default Security Control: 0551; Revision: 7; Bullet 3]
    Configuration Preventive
    Isolate rogue devices after a rogue device has been detected. CC ID 07061 Configuration Corrective
    Establish, implement, and maintain a penetration test program. CC ID 01105 Behavior Preventive
    Perform penetration tests, as necessary. CC ID 00655
    [{annual basis} Systems have a continuous monitoring plan that includes: conducting vulnerability assessments or penetration tests for systems at least annually Security Control: 1163; Revision: 6; Bullet 2]
    Testing Detective
    Perform internal penetration tests, as necessary. CC ID 12471 Technical Security Detective
    Perform external penetration tests, as necessary. CC ID 12470 Technical Security Detective
    Include coverage of all in scope systems during penetration testing. CC ID 11957 Testing Detective
    Test the system for broken access controls. CC ID 01319 Testing Detective
    Test the system for broken authentication and session management. CC ID 01320 Testing Detective
    Test the system for insecure communications. CC ID 00535 Testing Detective
    Test the system for cross-site scripting attacks. CC ID 01321 Testing Detective
    Test the system for buffer overflows. CC ID 01322 Testing Detective
    Test the system for injection flaws. CC ID 01323 Testing Detective
    Test the system for Denial of Service. CC ID 01326 Testing Detective
    Test the system for insecure configuration management. CC ID 01327
    [{Standard Operating Environment} SOEs provided by third parties are scanned for malicious content and configurations before being used. Security Control: 1608; Revision: 0
    {Standard Operating Environment}{annual basis} SOEs are reviewed and updated at least annually. Security Control: 1588; Revision: 0]
    Testing Detective
    Perform network-layer penetration testing on all systems, as necessary. CC ID 01277 Testing Detective
    Test the system for cross-site request forgery. CC ID 06296 Testing Detective
    Perform application-layer penetration testing on all systems, as necessary. CC ID 11630 Technical Security Detective
    Perform penetration testing on segmentation controls, as necessary. CC ID 12498 Technical Security Detective
    Verify segmentation controls are operational and effective. CC ID 12545 Audits and Risk Management Detective
    Repeat penetration testing, as necessary. CC ID 06860 Testing Detective
    Test the system for covert channels. CC ID 10652 Testing Detective
    Estimate the maximum bandwidth of any covert channels. CC ID 10653 Technical Security Detective
    Reduce the maximum bandwidth of covert channels. CC ID 10655 Technical Security Corrective
    Test systems to determine which covert channels might be exploited. CC ID 10654 Testing Detective
    Establish, implement, and maintain a vulnerability management program. CC ID 15721 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a vulnerability assessment program. CC ID 11636
    [{annual basis} Systems have a continuous monitoring plan that includes: conducting vulnerability assessments or penetration tests for systems at least annually Security Control: 1163; Revision: 6; Bullet 2]
    Establish/Maintain Documentation Preventive
    Perform vulnerability scans, as necessary. CC ID 11637
    [{monthly basis} Systems have a continuous monitoring plan that includes: conducting vulnerability scans for systems at least monthly Security Control: 1163; Revision: 6; Bullet 1]
    Technical Security Detective
    Repeat vulnerability scanning, as necessary. CC ID 11646 Testing Detective
    Identify and document security vulnerabilities. CC ID 11857
    [Security vulnerabilities in systems and applications are identified and mitigated in a timely manner. P5:]
    Technical Security Detective
    Rank discovered vulnerabilities. CC ID 11940
    [Systems have a continuous monitoring plan that includes: analysing identified security vulnerabilities to determine their potential impact and appropriate mitigations based on effectiveness, cost and existing security controls Security Control: 1163; Revision: 6; Bullet 3]
    Investigate Detective
    Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 Technical Security Preventive
    Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 Technical Security Detective
    Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 Establish/Maintain Documentation Preventive
    Maintain vulnerability scan reports as organizational records. CC ID 12092 Records Management Preventive
    Correlate vulnerability scan reports from the various systems. CC ID 10636 Technical Security Detective
    Perform internal vulnerability scans, as necessary. CC ID 00656 Testing Detective
    Perform vulnerability scans prior to installing payment applications. CC ID 12192 Technical Security Detective
    Implement scanning tools, as necessary. CC ID 14282 Technical Security Detective
    Update the vulnerability scanners' vulnerability list. CC ID 10634 Configuration Corrective
    Repeat vulnerability scanning after an approved change occurs. CC ID 12468 Technical Security Detective
    Perform external vulnerability scans, as necessary. CC ID 11624 Technical Security Detective
    Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 Business Processes Preventive
    Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 Testing Preventive
    Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 Technical Security Detective
    Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 Behavior Corrective
    Perform vulnerability assessments, as necessary. CC ID 11828 Technical Security Corrective
    Review applications for security vulnerabilities after the application is updated. CC ID 11938 Technical Security Detective
    Test the system for unvalidated input. CC ID 01318 Testing Detective
    Test the system for proper error handling. CC ID 01324 Testing Detective
    Test the system for insecure data storage. CC ID 01325 Testing Detective
    Test the system for access control enforcement in all Uniform Resource Locators. CC ID 06297 Testing Detective
    Recommend mitigation techniques based on vulnerability scan reports. CC ID 11639
    [Systems have a continuous monitoring plan that includes: analysing identified security vulnerabilities to determine their potential impact and appropriate mitigations based on effectiveness, cost and existing security controls Security Control: 1163; Revision: 6; Bullet 3]
    Technical Security Corrective
    Disallow the use of payment applications when a vulnerability scan report indicates vulnerabilities are present. CC ID 12188 Configuration Corrective
    Recommend mitigation techniques based on penetration test results. CC ID 04881
    [At the conclusion of a security assessment for a system, a security assessment report is produced by the assessor and covers: any recommended remediation actions. Security Control: 1563; Revision: 0; Bullet 5]
    Establish/Maintain Documentation Corrective
    Correct or mitigate vulnerabilities. CC ID 12497
    [Security vulnerabilities in systems and applications are identified and mitigated in a timely manner. P5:]
    Technical Security Corrective
    Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859 Technical Security Corrective
    Monitor the usage and capacity of critical assets. CC ID 14825 Monitor and Evaluate Occurrences Detective
    Monitor the usage and capacity of critical Information Technology assets. CC ID 00668
    [{be dynamic} Cloud service providers' ability to dynamically scale resources due to a genuine spike in demand or a denial-of-service attack is tested as part of capacity planning processes. Security Control: 1579; Revision: 0]
    Monitor and Evaluate Occurrences Detective
    Monitor all outbound traffic from all systems. CC ID 12970 Monitor and Evaluate Occurrences Preventive
    Notify the interested personnel and affected parties before the storage unit will reach maximum capacity. CC ID 06773 Behavior Detective
    Monitor systems for errors and faults. CC ID 04544
    [System owners monitor each system, and associated cyber threats, security risks and security controls, on an ongoing basis. Security Control: 1526; Revision: 1]
    Monitor and Evaluate Occurrences Detective
    Report errors and faults to the appropriate personnel, as necessary. CC ID 14296 Communicate Corrective
    Compare system performance metrics to organizational standards and industry benchmarks. CC ID 00667 Monitor and Evaluate Occurrences Detective
    Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an approach for compliance monitoring. CC ID 01653 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an Information Security metrics program. CC ID 01665
    [The CISO implements cyber security measurement metrics and key performance indicators for their organisation. Security Control: 0724; Revision: 2]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a technical measurement metrics policy. CC ID 01655 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a user and administrator privilege management metrics program. CC ID 02076 Actionable Reports or Measurements Preventive
    Report on the percentage of active computer accounts that have had the current user privileges reviewed. CC ID 02094
    [{system record} A secure record is maintained for the life of each system covering: when access, and the level of access, was last reviewed Security Control: 0407; Revision: 4; Bullet 5
    {system record} A secure record is maintained for the life of each system covering: when access, and the level of access, was last reviewed Security Control: 0407; Revision: 4; Bullet 5]
    Actionable Reports or Measurements Detective
    Establish, implement, and maintain a log management program. CC ID 00673
    [Gateways: are configured to save logs to a secure logging facility Security Control: 0631; Revision: 6; Bullet 5
    {temporary file}{database management system software} All temporary installation files and logs are removed after DBMS software has been installed. Security Control: 1245; Revision: 2]
    Establish/Maintain Documentation Preventive
    Deploy log normalization tools, as necessary. CC ID 12141 Technical Security Preventive
    Restrict access to logs to a need to know basis. CC ID 01342 Log Management Preventive
    Restrict access to audit trails to a need to know basis. CC ID 11641 Technical Security Preventive
    Refrain from recording unnecessary restricted data in logs. CC ID 06318 Log Management Preventive
    Back up audit trails according to backup procedures. CC ID 11642 Systems Continuity Preventive
    Back up logs according to backup procedures. CC ID 01344 Log Management Preventive
    Copy logs from all predefined hosts onto a log management infrastructure. CC ID 01346
    [A centralised logging facility is implemented and systems are configured to save event logs to the centralised logging facility as soon as possible after each event occurs. Security Control: 1405; Revision: 1]
    Log Management Preventive
    Identify hosts with logs that are not being stored. CC ID 06314 Log Management Preventive
    Identify hosts with logs that are being stored at the system level only. CC ID 06315 Log Management Preventive
    Identify hosts with logs that should be stored at both the system level and the infrastructure level. CC ID 06316 Log Management Preventive
    Identify hosts with logs that are being stored at the infrastructure level only. CC ID 06317 Log Management Preventive
    Protect logs from unauthorized activity. CC ID 01345
    [{unauthorized modification}{unauthorized deletion} Event logs are protected from unauthorised access, modification and deletion. Security Control: 0586; Revision: 4
    PowerShell script block logs are protected by Protected Event Logging functionality Security Control: 1624; Revision: 0]
    Log Management Preventive
    Perform testing and validating activities on all logs. CC ID 06322
    [{software separation mechanism} When using a software-based isolation mechanism to share a physical server's hardware, integrity and log monitoring are performed for the isolation mechanism and underlying operating system in a timely manner. Security Control: 1607; Revision: 0]
    Log Management Preventive
    Archive the audit trail in accordance with compliance requirements. CC ID 00674 Log Management Preventive
    Enforce dual authorization as a part of information flow control for logs. CC ID 10098 Configuration Preventive
    Preserve the identity of individuals in audit trails. CC ID 10594 Log Management Preventive
    Establish, implement, and maintain a cross-organizational audit sharing agreement. CC ID 10595 Establish/Maintain Documentation Preventive
    Provide cross-organizational audit information based on the cross-organizational audit sharing agreement. CC ID 10596 Audits and Risk Management Preventive
    Report compliance monitoring statistics to the Board of Directors and other critical stakeholders, as necessary. CC ID 00676
    [{annual basis} System owners report the security status of each system to its authorising officer at least annually. Security Control: 1587; Revision: 0]
    Actionable Reports or Measurements Corrective
    Report known security issues to the Board of Directors or Senior Executive Committee on a regular basis. CC ID 12329
    [{cybersecurity issue} The CISO reports directly to their organisation's senior executive and/or Board on cyber security matters. Security Control: 0718; Revision: 2
    {suspicious behavior} Personnel report the potential compromise of mobile devices, media or credentials to their organisation as soon as possible, especially if they: observe unusual behaviour of devices. Security Control: 1088; Revision: 4; Bullet 4
    {lose}Personnel report the potential compromise of mobile devices, media or credentials to their organisation as soon as possible, especially if they: loose devices or media that are later found Security Control: 1088; Revision: 4; Bullet 3
    Personnel report the potential compromise of mobile devices, media or credentials to their organisation as soon as possible, especially if they: have devices or media stolen that are later returned Security Control: 1088; Revision: 4; Bullet 2
    {timely manner} Personnel report the potential compromise of mobile devices, media or credentials to their organisation as soon as possible, especially if they: Security Control: 1088; Revision: 4
    {timely manner}{foreign official}Personnel report the potential compromise of mobile devices, media or credentials to their organisation as soon as possible, especially if they: provide credentials, decrypt devices or have devices taken out of sight by foreign government officials Security Control: 1088; Revision: 4; Bullet 1]
    Monitor and Evaluate Occurrences Preventive
  • Operational and Systems Continuity
    45
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Operational and Systems Continuity CC ID 00731 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a business continuity program. CC ID 13210 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a continuity plan. CC ID 00752 Establish/Maintain Documentation Preventive
    Activate the continuity plan if the damage assessment report indicates the activation criterion has been met. CC ID 01373
    [Business continuity and disaster recovery plans are enacted when required. R3:]
    Systems Continuity Corrective
    Maintain normal security levels when an emergency occurs. CC ID 06377 Systems Continuity Preventive
    Execute fail-safe procedures when an emergency occurs. CC ID 07108 Systems Continuity Preventive
    Restore systems and environments to be operational. CC ID 13476
    [if the infection cannot be reliably removed, systems are restored from a known good backup or rebuilt. Security Control: 0917; Revision: 7; Bullet 4]
    Systems Continuity Corrective
    Include roles and responsibilities in the continuity plan, as necessary. CC ID 13254
    [The CISO contributes to the development and maintenance of a business continuity and disaster recovery plan for their organisation to ensure that business-critical services are supported appropriately in the event of a disaster. Security Control: 0734; Revision: 2]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a recovery plan. CC ID 13288 Establish/Maintain Documentation Preventive
    Test the recovery plan, as necessary. CC ID 13290 Testing Detective
    Test the backup information, as necessary. CC ID 13303
    [Partial restoration of backups is tested on a quarterly or more frequent basis. Security Control: 1516; Revision: 1]
    Testing Detective
    Include restoration procedures in the continuity plan. CC ID 01169
    [A data restoration process, and supporting data restoration procedures, is developed and implemented. Security Control: 1548; Revision: 0
    A data restoration process, and supporting data restoration procedures, is developed and implemented. Security Control: 1548; Revision: 0]
    Establish Roles Preventive
    Include risk prioritized recovery procedures for each business unit in the recovery plan. CC ID 01166 Establish/Maintain Documentation Preventive
    Include the recovery plan in the continuity plan. CC ID 01377 Establish/Maintain Documentation Preventive
    Disseminate and communicate the recovery status of the contingency plan to interested personnel and affected parties. CC ID 12758 Communicate Preventive
    Establish, implement, and maintain organizational facility continuity plans. CC ID 02224 Establish/Maintain Documentation Preventive
    Install and maintain redundant power supplies for critical facilities. CC ID 06355 Configuration Preventive
    Install electrical grounding equipment. CC ID 06359
    [{have} Building management cables are labelled with their purpose in black writing on a yellow background, with a minimum size of 2.5 cm x 1 cm, and attached at five-metre intervals. Security Control: 1639; Revision: 0
    {have} Building management cables are labelled with their purpose in black writing on a yellow background, with a minimum size of 2.5 cm x 1 cm, and attached at five-metre intervals. Security Control: 1639; Revision: 0]
    Physical and Environmental Protection Preventive
    Establish, implement, and maintain system continuity plan strategies. CC ID 00735 Establish/Maintain Documentation Preventive
    Include technical preparation considerations for backup operations in the continuity plan. CC ID 01250
    [Where practical, cryptographic equipment and encryption software provides a means of data recovery to allow for circumstances where the encryption key is unavailable due to loss, damage or failure. Security Control: 0455; Revision: 2]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain backup procedures for in scope systems. CC ID 01258
    [A data backup process, and supporting data backup procedures, is developed and implemented. Security Control: 1547; Revision: 0
    A data backup process, and supporting data backup procedures, is developed and implemented. Security Control: 1547; Revision: 0]
    Systems Continuity Preventive
    Determine which data elements to back up. CC ID 13483 Data and Information Management Detective
    Document the backup method and backup frequency on a case-by-case basis in the backup procedures. CC ID 01384 Systems Continuity Preventive
    Establish and maintain off-site electronic media storage facilities. CC ID 00957 Physical and Environmental Protection Preventive
    Separate the off-site electronic media storage facilities from the primary facility through geographic separation. CC ID 01390 Testing Detective
    Configure the off-site electronic media storage facilities to utilize timely and effective recovery operations. CC ID 01392 Configuration Preventive
    Outline explicit mitigation actions for potential off-site electronic media storage facilities accessibility issues for when area-wide disruptions occur or area-wide disasters occur. CC ID 01393 Establish/Maintain Documentation Preventive
    Review the security of the off-site electronic media storage facilities, as necessary. CC ID 00573 Systems Continuity Detective
    Store backup media at an off-site electronic media storage facility. CC ID 01332
    [{offline storage} Backups are stored offline, or online but in a non-rewritable and non-erasable manner. Security Control: 1512; Revision: 0]
    Data and Information Management Preventive
    Transport backup media in lockable electronic media storage containers. CC ID 01264 Data and Information Management Preventive
    Store backup media in a fire-rated container which is not collocated with the operational system. CC ID 14289 Systems Continuity Preventive
    Identify the access methods for backup media at both the primary facility and the off-site electronic media storage facility. CC ID 01257 Data and Information Management Preventive
    Store backup vital records in a manner that is accessible for emergency retrieval. CC ID 12765 Systems Continuity Preventive
    Perform backup procedures for in scope systems. CC ID 11692
    [{secure manner} Information, applications and configuration settings are backed up in a secure and proven manner on a regular basis. P9:
    {be critical}{daily basis} Backups of important information, software and configuration settings are performed at least daily. Security Control: 1511; Revision: 0]
    Process or Activity Preventive
    Back up all records. CC ID 11974
    [{secure manner} Information, applications and configuration settings are backed up in a secure and proven manner on a regular basis. P9:]
    Systems Continuity Preventive
    Document the Recovery Point Objective for triggering backup operations and restoration operations. CC ID 01259 Establish/Maintain Documentation Preventive
    Encrypt backup data. CC ID 00958 Configuration Preventive
    Log the execution of each backup. CC ID 00956 Establish/Maintain Documentation Preventive
    Test backup media for media integrity and information integrity, as necessary. CC ID 01401
    [Full restoration of backups is tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur. Security Control: 1515; Revision: 1
    Full restoration of backups is tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur. Security Control: 1515; Revision: 1]
    Testing Detective
    Test backup media at the alternate facility in addition to testing at the primary facility. CC ID 06375 Testing Detective
    Test each restored system for media integrity and information integrity. CC ID 01920 Testing Detective
    Include stakeholders when testing restored systems, as necessary. CC ID 13066 Testing Corrective
    Digitally sign disk images, as necessary. CC ID 06814 Establish/Maintain Documentation Preventive
    Include emergency communications procedures in the continuity plan. CC ID 00750 Establish/Maintain Documentation Preventive
    Maintain contact information for key third parties in a readily accessible manner. CC ID 12764
    [Organisations and service providers maintain 24x7 contact details for each other in order to report cyber security incidents. Security Control: 1433; Revision: 2
    Organisations and service providers provide each other with additional out-of-band contact details for use when normal communication channels fail. Security Control: 1434; Revision: 2]
    Establish/Maintain Documentation Preventive
  • Operational management
    473
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Operational management CC ID 00805 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a capacity management plan. CC ID 11751 Establish/Maintain Documentation Preventive
    Align critical Information Technology resource availability planning with capacity planning. CC ID 01618
    [Denial-of-service attack prevention and mitigation strategies are discussed with cloud service providers, specifically: Security Control: 1431; Revision: 2
    Where a requirement for high availability exists, a denial of service mitigation service is used. Security Control: 1441; Revision: 2
    Denial-of-service attack prevention and mitigation strategies are discussed with cloud service providers, specifically: any costs likely to be incurred as a result of denial-of-service attacks Security Control: 1431; Revision: 2; Bullet 2]
    Business Processes Preventive
    Provide excess capacity or redundancy to limit any effects of a Denial of Service attack. CC ID 06754
    [A denial of service response plan is developed and implemented that includes: what actions can be taken to clear a denial of service. Security Control: 1019; Revision: 7; Bullet 4
    {prepare}{minimum}{static website} A static version of a website is pre-prepared that requires minimal processing and bandwidth in order to facilitate at least a basic level of service when under a denial-of-service attack. Security Control: 1518; Revision: 0
    Denial-of-service attack prevention and mitigation strategies are discussed with cloud service providers, specifically: pre-approved actions that can be undertaken during denial-of-service attacks Security Control: 1431; Revision: 2; Bullet 5
    Denial-of-service attack prevention and mitigation strategies are discussed with cloud service providers, specifically: thresholds for turning off online services during denial-of-service attacks Security Control: 1431; Revision: 2; Bullet 4
    Denial-of-service attack prevention and mitigation strategies are discussed with cloud service providers, specifically: their capacity to withstand denial-of-service attacks Security Control: 1431; Revision: 2; Bullet 1
    Denial-of-service attack prevention and mitigation strategies are discussed with cloud service providers, specifically: denial-of-service attack prevention arrangements with upstream service providers to block malicious traffic as far upstream as possible. Security Control: 1431; Revision: 2; Bullet 6]
    Technical Security Preventive
    Implement network redundancy, as necessary. CC ID 13048 Systems Continuity Preventive
    Implement all approved programs. CC ID 13677
    [{Standard Operating Environment}{authorised version} When developing a Microsoft Windows SOE, the 64-bit version of the operating system is used. Security Control: 1408; Revision: 3]
    Business Processes Preventive
    Utilize technical resources when implementing new programs, as necessary. CC ID 14863 Process or Activity Preventive
    Manage cloud services. CC ID 13144
    [A cloud service provider is used for hosting online services. Security Control: 1437; Revision: 3]
    Business Processes Preventive
    Protect clients' hosted environments. CC ID 11862
    [{content delivery network} Where a high availability requirement exists for website hosting, CDNs that cache websites are used. Security Control: 1438; Revision: 1]
    Physical and Environmental Protection Preventive
    Notify cloud customers of the geographic locations of the cloud service organization and its assets. CC ID 13037
    [Organisations are notified by cloud service providers of any change to configured regions or availability zones. Security Control: 1578; Revision: 0]
    Communicate Preventive
    Establish, implement, and maintain cloud service agreements. CC ID 13157 Establish/Maintain Documentation Preventive
    Include the asset removal policy in the cloud service agreement. CC ID 13161 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain cloud management procedures. CC ID 13149
    [Only community or private clouds are used for outsourced cloud services. Security Control: 1529; Revision: 1]
    Technical Security Preventive
    Establish, implement, and maintain a cloud service usage standard. CC ID 13143 Establish/Maintain Documentation Preventive
    Include the roles and responsibilities of cloud service users in the cloud service usage standard. CC ID 13984 Establish/Maintain Documentation Preventive
    Include information security requirements in the cloud service usage standard. CC ID 13148 Establish/Maintain Documentation Preventive
    Monitor managing cloud services. CC ID 13150 Monitor and Evaluate Occurrences Detective
    Disseminate and communicate documentation of pertinent monitoring capabilities to interested personnel and affected parties. CC ID 13159 Communicate Preventive
    Disseminate and communicate the legal jurisdiction of cloud services to interested personnel and affected parties. CC ID 13147 Communicate Preventive
    Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an internal control framework. CC ID 00820 Establish/Maintain Documentation Preventive
    Include vulnerability management and risk assessment in the internal control framework. CC ID 13102
    [{timely manner} Security vulnerabilities in operating systems and firmware assessed as extreme risk are patched, updated or mitigated within 48 hours of the security vulnerabilities being identified by vendors, independent third parties, system managers or users. Security Control: 1494; Revision: 0]
    Establish/Maintain Documentation Preventive
    Automate vulnerability management, as necessary. CC ID 11730 Configuration Preventive
    Establish, implement, and maintain an information security program. CC ID 00812
    [The CISO regularly reviews and updates their organisation's cyber security program to ensure its relevance in addressing cyber threats and harnessing business and cyber security opportunities. Security Control: 1617; Revision: 0]
    Establish/Maintain Documentation Preventive
    Include physical safeguards in the information security program. CC ID 12375 Establish/Maintain Documentation Preventive
    Include technical safeguards in the information security program. CC ID 12374
    [{be similar} Security controls for MFDs connected to a network are of a similar strength to those for other devices on the network. Security Control: 0590; Revision: 5]
    Establish/Maintain Documentation Preventive
    Include administrative safeguards in the information security program. CC ID 12373 Establish/Maintain Documentation Preventive
    Include system development in the information security program. CC ID 12389 Establish/Maintain Documentation Preventive
    Include system maintenance in the information security program. CC ID 12388 Establish/Maintain Documentation Preventive
    Include system acquisition in the information security program. CC ID 12387 Establish/Maintain Documentation Preventive
    Include access control in the information security program. CC ID 12386 Establish/Maintain Documentation Preventive
    Review and approve access controls, as necessary. CC ID 13074 Process or Activity Detective
    Include operations management in the information security program. CC ID 12385 Establish/Maintain Documentation Preventive
    Include communication management in the information security program. CC ID 12384
    [The CISO develops and maintains a cyber security communications strategy for their organisation. Security Control: 0720; Revision: 1
    {be different}{sensitive information}{classified information} Separate fax machines or MFDs are used for sending sensitive or classified fax messages and all other fax messages. Security Control: 1092; Revision: 2]
    Establish/Maintain Documentation Preventive
    Include environmental security in the information security program. CC ID 12383 Establish/Maintain Documentation Preventive
    Include physical security in the information security program. CC ID 12382 Establish/Maintain Documentation Preventive
    Include human resources security in the information security program. CC ID 12381 Establish/Maintain Documentation Preventive
    Include asset management in the information security program. CC ID 12380 Establish/Maintain Documentation Preventive
    Include a continuous monitoring program in the information security program. CC ID 14323 Establish/Maintain Documentation Preventive
    Include how the information security department is organized in the information security program. CC ID 12379 Establish/Maintain Documentation Preventive
    Include risk management in the information security program. CC ID 12378
    [Security risk management processes are embedded into organisational risk management frameworks. G4:]
    Establish/Maintain Documentation Preventive
    Include mitigating supply chain risks in the information security program. CC ID 13352 Establish/Maintain Documentation Preventive
    Provide management direction and support for the information security program. CC ID 11999 Process or Activity Preventive
    Monitor and review the effectiveness of the information security program. CC ID 12744 Monitor and Evaluate Occurrences Preventive
    Establish, implement, and maintain an information security policy. CC ID 11740
    [{annual basis}{as of date} Security documentation is nd-color:#B7D8ED;" class="term_primary-verb">reviewed at least annually and includes a 'current as at [date]' or equivalent statement. Security Control: 0888; Revision: 5]
    Establish/Maintain Documentation Preventive
    Align the information security policy with the organization's risk acceptance level. CC ID 13042 Business Processes Preventive
    Include a commitment to the information security requirements in the information security policy. CC ID 13496 Establish/Maintain Documentation Preventive
    Include information security objectives in the information security policy. CC ID 13493 Establish/Maintain Documentation Preventive
    Include the use of Cloud Services in the information security policy. CC ID 13146 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain information security procedures. CC ID 12006 Business Processes Preventive
    Define thresholds for approving information security activities in the information security program. CC ID 15702 Process or Activity Preventive
    Approve the information security policy at the organization's management level or higher. CC ID 11737
    [Organisational-level security documentation is approved by the Chief Information Security Officer while system-specific security documentation is approved by the system's authorising officer. Security Control: 0047; Revision: 4]
    Process or Activity Preventive
    Document the roles and responsibilities for all activities that protect restricted data in the information security procedures. CC ID 12304 Establish/Maintain Documentation Preventive
    Describe the group activities that protect restricted data in the information security procedures. CC ID 12294 Establish/Maintain Documentation Preventive
    Assign ownership of the information security program to the appropriate role. CC ID 00814
    [A CISO is appointed to provide cyber security leadership and guidance for their organisation. Security Control: 0714; Revision: 5]
    Establish Roles Preventive
    Assign the responsibility for establishing, implementing, and maintaining the information security program to the appropriate role. CC ID 11884 Human Resources Management Preventive
    Assign information security responsibilities to interested personnel and affected parties in the information security program. CC ID 11885 Establish/Maintain Documentation Preventive
    Assign the responsibility for distributing the information security program to the appropriate role. CC ID 11883 Human Resources Management Preventive
    Disseminate and communicate the information security policy to interested personnel and affected parties. CC ID 11739
    [Security documentation, including notification of subsequent changes, is communicated to all stakeholders. Security Control: 1602; Revision: 0]
    Communicate Preventive
    Establish, implement, and maintain a social media governance program. CC ID 06536 Establish/Maintain Documentation Preventive
    Refrain from requiring supervision when users are accessing social media applications. CC ID 14011 Business Processes Preventive
    Refrain from requiring users to disclose social media account usernames or authenticators. CC ID 14009 Business Processes Preventive
    Refrain from accepting instant messages from unknown senders. CC ID 12537
    [{refrain from sending}{refrain from receiving}{not be authorized} Personnel are advised not to send or receive files via unauthorised online services. Security Control: 0824; Revision: 2]
    Behavior Preventive
    Include instant messaging, texting, and tweeting in the social media acceptable use policy. CC ID 04578 Establish/Maintain Documentation Preventive
    Include explicit restrictions in the social media acceptable use policy. CC ID 06655
    [{refrain from posting}{organizational information}{not be authorized} Personnel are advised to not post work information to unauthorised online services and to report cases where such information is posted. Security Control: 0820; Revision: 5]
    Establish/Maintain Documentation Preventive
    Include contributive content sites in the social media acceptable use policy. CC ID 06656 Establish/Maintain Documentation Preventive
    Perform social network analysis, as necessary. CC ID 14864 Investigate Detective
    Establish, implement, and maintain operational control procedures. CC ID 00831
    [A system administration process, with supporting system administration procedures, is developed and implemented. Security Control: 0042; Revision: 4]
    Establish/Maintain Documentation Preventive
    Include assigning and approving operations in operational control procedures. CC ID 06382 Establish/Maintain Documentation Preventive
    Include startup processes in operational control procedures. CC ID 00833 Establish/Maintain Documentation Preventive
    Establish and maintain a data processing run manual. CC ID 00832 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a Standard Operating Procedures Manual. CC ID 00826
    [A system administration process, with supporting system administration procedures, is developed and implemented. Security Control: 0042; Revision: 4]
    Establish/Maintain Documentation Preventive
    Use systems in accordance with the standard operating procedures manual. CC ID 15049
    [High assurance ICT equipment is installed, configured, administered and operated in accordance with guidance produced by the ACSC. Security Control: 0290; Revision: 5
    {guidance documentation} Evaluated products are installed, configured, administered and operated in accordance with vendor guidance and evaluation documentation. Security Control: 0289; Revision: 2]
    Process or Activity Preventive
    Include metrics in the standard operating procedures manual. CC ID 14988 Establish/Maintain Documentation Preventive
    Include maintenance measures in the standard operating procedures manual. CC ID 14986 Establish/Maintain Documentation Preventive
    Include the expected lifetime of the system in the standard operating procedures manual. CC ID 14984 Establish/Maintain Documentation Preventive
    Include technical measures used to interpret output in the standard operating procedures manual. CC ID 14982 Establish/Maintain Documentation Preventive
    Include technical measures used to interpret output in the standard operating procedures manual. CC ID 14981 Establish/Maintain Documentation Preventive
    Include predetermined changes in the standard operating procedures manual. CC ID 14977 Establish/Maintain Documentation Preventive
    Include specifications for input data in the standard operating procedures manual. CC ID 14975 Establish/Maintain Documentation Preventive
    Include risks to health and safety or fundamental rights in the standard operating procedures manual. CC ID 14973 Establish/Maintain Documentation Preventive
    Include circumstances that may impact the system in the standard operating procedures manual. CC ID 14972 Establish/Maintain Documentation Preventive
    Include what the system was tested and validated for in the standard operating procedures manual. CC ID 14969 Establish/Maintain Documentation Preventive
    Include the intended purpose in the standard operating procedures manual. CC ID 14967 Establish/Maintain Documentation Preventive
    Include information on system performance in the standard operating procedures manual. CC ID 14965 Establish/Maintain Documentation Preventive
    Include contact details in the standard operating procedures manual. CC ID 14962 Establish/Maintain Documentation Preventive
    Include information sharing procedures in standard operating procedures. CC ID 12974 Records Management Preventive
    Establish, implement, and maintain information sharing agreements. CC ID 15645 Business Processes Preventive
    Provide support for information sharing activities. CC ID 15644 Process or Activity Preventive
    Adhere to operating procedures as defined in the Standard Operating Procedures Manual. CC ID 06328 Business Processes Preventive
    Update operating procedures that contribute to user errors. CC ID 06935 Establish/Maintain Documentation Corrective
    Disseminate and communicate the Standard Operating Procedures Manual to all interested personnel and affected parties. CC ID 12026 Communicate Preventive
    Establish, implement, and maintain a job scheduling methodology. CC ID 00834 Establish/Maintain Documentation Preventive
    Establish and maintain a job schedule exceptions list. CC ID 00835 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a data processing continuity plan. CC ID 00836 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain Voice over Internet Protocol operating procedures. CC ID 04583 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 Establish/Maintain Documentation Preventive
    Include that explicit management authorization must be given for the use of all technologies and their documentation in the Acceptable Use Policy. CC ID 01351 Establish/Maintain Documentation Preventive
    Include requiring users to protect restricted data in accordance with the Governance, Risk, and Compliance framework in the Acceptable Use Policy. CC ID 11894
    [Personnel are advised of the permitted sensitivity or classification of information that can be discussed over both internal and external telephone systems. Security Control: 0229; Revision: 3
    {refrain from posting}{organizational information}{not be authorized} Personnel are advised to not post work information to unauthorised online services and to report cases where such information is posted. Security Control: 0820; Revision: 5
    {refrain from communicating}{public access area} Sensitive or classified information is not viewed or communicated in public locations unless care is taken to ">reduce the chance of conversations being overheard or the screen of a mobile device being pan style="background-color:#CBD0E5;" class="term_secondary-verb">observed. Security Control: 0866; Revision: 4]
    Establish/Maintain Documentation Preventive
    Include Bring Your Own Device agreements in the Acceptable Use Policy. CC ID 15703 Establish/Maintain Documentation Preventive
    Include the obligations of users in the Bring Your Own Device agreement. CC ID 15708 Establish/Maintain Documentation Preventive
    Include the rights of the organization in the Bring Your Own Device agreement. CC ID 15707 Establish/Maintain Documentation Preventive
    Include the circumstances in which the organization may confiscate, audit, or inspect assets in the Bring Your Own Device agreement. CC ID 15706 Establish/Maintain Documentation Preventive
    Include the circumstances in which the organization may manage assets in the Bring Your Own Device agreement. CC ID 15705 Establish/Maintain Documentation Preventive
    Include Bring Your Own Device usage in the Acceptable Use Policy. CC ID 12293 Establish/Maintain Documentation Preventive
    Include Bring Your Own Device security guidelines in the Acceptable Use Policy. CC ID 01352
    [{employee-owned device}{official information} Personnel accessing official or classified systems or information using a privately-owned mobile device primary-verb">usepan> an ACSC approved mary-nounle="background-color:#CBD0E5;" class="term_secondary-verb">">platform, a security configuration in accordance with ACSC guidance, and have enforced separation of official and classified information from any personal information. Security Control: 1400; Revision: 4
    {employee-owned device}{official information} Personnel accessing official or classified systems or information using a privately-owned mobile device primary-verb">usepan> an ACSC approved platform, a ss="term_primary-noun">security configuration in accordance with ACSC guidance, and have enforced separation of official and classified information from any personal information. Security Control: 1400; Revision: 4
    {employee-owned device}{official information} Personnel accessing official or classified systems or information using a privately-owned mobile device use an ACSC approved platform, a security configuration in accordance with ACSC guidance, and have enforced ground-color:#F0BBBC;" class="term_primary-noun">separation of official and ackground-color:#F0BBBC;" class="term_primary-noun">classified information from any style="background-color:#F0BBBC;" class="term_primary-noun">personal information. Security Control: 1400; Revision: 4
    {employee-owned device}{classified information} Privately-owned mobile devices do not access highly classified systems or information. Security Control: 0694; Revision: 5]
    Establish/Maintain Documentation Preventive
    Include asset tags in the Acceptable Use Policy. CC ID 01354
    [The Australian Cyber Security Centre (ACSC)'s approval is sought before applying labels to external surfaces of high assurance ICT equipment. Security Control: 0296; Revision: 4]
    Establish/Maintain Documentation Preventive
    Specify the owner of applicable assets in the Acceptable Use Policy CC ID 15699 Establish/Maintain Documentation Preventive
    Include asset use policies in the Acceptable Use Policy. CC ID 01355
    [A telephone systems usage policy is developed and implemented. Security Control: 1078; Revision: 2
    {sensitive information} Cordless telephone systems are not used for sensitive or classified conversations. Security Control: 0233; Revision: 3
    {be lower}{security classification} Microphones (including headsets and USB handsets) and webcams are not used with non-SECRET workstations in SECRET areas. Security Control: 0559; Revision: 4
    A fax machine and MFD usage policy is developed and implemented. Security Control: 0588; Revision: 3
    {security classification}{be lower} Microphones (including headsets and USB handsets) and webcams are not used with non-TOP SECRET workstations in TOP SECRET areas. Security Control: 1450; Revision: 1
    A mobile device usage policy is developed and implemented. Security Control: 1082; Revision: 2]
    Establish/Maintain Documentation Preventive
    Include authority for access authorization lists for assets in all relevant Acceptable Use Policies. CC ID 11872 Establish/Maintain Documentation Preventive
    Include access control mechanisms in the Acceptable Use Policy. CC ID 01353 Establish/Maintain Documentation Preventive
    Include temporary activation of remote access technologies for third parties in the Acceptable Use Policy. CC ID 11892 Technical Security Preventive
    Include prohibiting the copying or moving of restricted data from its original source onto local hard drives or removable storage media in the Acceptable Use Policy. CC ID 11893 Establish/Maintain Documentation Preventive
    Include a removable storage media use policy in the Acceptable Use Policy. CC ID 06772
    [A removable media usage policy is developed and implemented. Security Control: 1359; Revision: 3]
    Data and Information Management Preventive
    Correlate the Acceptable Use Policy with the network security policy. CC ID 01356
    [{be overseas} Personnel take the following precautions when travelling overseas with mobile devices: avoiding connecting devices to open or untrusted Wi-Fi networks Security Control: 1299; Revision: 2; Bullet 6
    A web usage policy is developed and implemented. Security Control: 0258; Revision: 3]
    Establish/Maintain Documentation Preventive
    Include appropriate network locations for each technology in the Acceptable Use Policy. CC ID 11881 Establish/Maintain Documentation Preventive
    Correlate the Acceptable Use Policy with the approved product list. CC ID 01357
    [{be overseas}{refrain from using} Personnel take the following precautions when travelling overseas with mobile devices: never using any gifted devices, especially media, when travelling or upon returning from travelling. Security Control: 1299; Revision: 2; Bullet 12]
    Establish/Maintain Documentation Preventive
    Include facility access and facility use in the Acceptable Use Policy. CC ID 06441 Establish/Maintain Documentation Preventive
    Include disciplinary actions in the Acceptable Use Policy. CC ID 00296 Establish/Maintain Documentation Corrective
    Include the usage restrictions of mobile code technologies in the Acceptable Use Policy. CC ID 15311 Establish/Maintain Documentation Preventive
    Include a software installation policy in the Acceptable Use Policy. CC ID 06749
    [{temporary file}{database management system software} All temporary installation files and logs are removed after DBMS software has been installed. Security Control: 1245; Revision: 2
    {refrain from enabling} Users do not have the ability to uninstall or disable approved software. Security Control: 0382; Revision: 6]
    Establish/Maintain Documentation Preventive
    Document idle session termination and logout for remote access technologies in the Acceptable Use Policy. CC ID 12472 Establish/Maintain Documentation Preventive
    Disseminate and communicate the Acceptable Use Policy to all interested personnel and affected parties. CC ID 12431 Communicate Preventive
    Require interested personnel and affected parties to sign Acceptable Use Policies. CC ID 06661 Establish/Maintain Documentation Preventive
    Require interested personnel and affected parties to re-sign Acceptable Use Policies, as necessary. CC ID 06663 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an Intellectual Property Right program. CC ID 00821 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain domain name registration and renewal procedures. CC ID 07075
    [Domain names for online services are protected via registrar locking and confirming domain registration details are correct. Security Control: 1432; Revision: 1]
    Business Processes Preventive
    Establish, implement, and maintain Intellectual Property Rights protection procedures. CC ID 11512 Establish/Maintain Documentation Preventive
    Protect against circumvention of the organization's Intellectual Property Rights. CC ID 11513 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an e-mail policy. CC ID 06439
    [Notification of undeliverable, bounced or blocked emails are only sent to senders that can be verified via SPF or other trusted means. Security Control: 1024; Revision: 4
    An email usage policy is developed and implemented. Security Control: 0264; Revision: 3]
    Establish/Maintain Documentation Preventive
    Include business use of personal e-mail in the e-mail policy. CC ID 14381 Establish/Maintain Documentation Preventive
    Identify the sender in all electronic messages. CC ID 13996 Data and Information Management Preventive
    Protect policies, standards, and procedures from unauthorized modification or disclosure. CC ID 10603 Establish/Maintain Documentation Preventive
    Implement and comply with the Governance, Risk, and Compliance framework. CC ID 00818
    [When introducing additional connectivity to a CDS, such as adding a new gateway to a common network, the ACSC is consulted on the impact to the security of the CDS; and directions provided by the ACSC are complied with. Security Control: 0627; Revision: 5]
    Business Processes Preventive
    Analyze how policies used to create management boundaries relates to the Governance, Risk, and Compliance approach. CC ID 12821 Process or Activity Preventive
    Analyze how the organization sets limits in policies relating to the Governance, Risk, and Compliance approach. CC ID 12819 Process or Activity Preventive
    Analyze how the Board of Directors' and senior management's tone influences the Governance, Risk, and Compliance approach. CC ID 12818 Process or Activity Preventive
    Analyze the degree to which the governing body is engaged in the Governance, Risk, and Compliance approach. CC ID 12817 Process or Activity Preventive
    Analyze the Governance, Risk, and Compliance approach. CC ID 12816 Process or Activity Preventive
    Analyze the organizational culture. CC ID 12899 Process or Activity Preventive
    Include individual commitment to the organization's Governance, Risk, and Compliance framework in the analysis of the organizational culture. CC ID 12922 Process or Activity Detective
    Include the organizational climate in the analysis of the organizational culture. CC ID 12921 Process or Activity Detective
    Include consistency of leadership actions to mission, vision, and values in the analysis of the organizational culture. CC ID 12920 Process or Activity Detective
    Include employee engagement in the analysis of the organizational culture. CC ID 12914 Behavior Preventive
    Include contractual relationships with workforce members in the analysis of the organizational culture. CC ID 15674 Business Processes Preventive
    Include the number of workforce members who are not employees in the analysis of the organizational culture. CC ID 15673 Business Processes Preventive
    Include the type of work performed by workforce members in the analysis of the organizational culture. CC ID 15675 Business Processes Preventive
    Include skill development in the analysis of the organizational culture. CC ID 12913 Behavior Preventive
    Include employee turnover rates in the analysis of the organizational culture. CC ID 12912 Behavior Preventive
    Include demographic characteristics of employees in the analysis of the organizational culture. CC ID 15671 Business Processes Preventive
    Include employee loyalty in the analysis of the organizational culture. CC ID 12911 Behavior Preventive
    Include employee satisfaction in the analysis of the organizational culture. CC ID 12910 Behavior Preventive
    Establish, implement, and maintain consequences for non-compliance with the organizational compliance framework. CC ID 11747 Process or Activity Corrective
    Comply with all implemented policies in the organization's compliance framework. CC ID 06384 Establish/Maintain Documentation Preventive
    Provide assurance to interested personnel and affected parties that the Governance, Risk, and Compliance capability is reliable, effective, efficient, and responsive. CC ID 12788 Communicate Preventive
    Review systems for compliance with organizational information security policies. CC ID 12004 Business Processes Preventive
    Disseminate and communicate the Governance, Risk, and Compliance framework to all interested personnel and affected parties. CC ID 00815 Behavior Preventive
    Establish, implement, and maintain a network management program. CC ID 13123 Establish/Maintain Documentation Preventive
    Document the network design in the network management program. CC ID 13135
    [{be necessary}{contract} Network documentation provided to a third party, or published in public tender documentation, only contains details necessary for other parties to undertake contractual services. Security Control: 1178; Revision: 3]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an Asset Management program. CC ID 06630 Business Processes Preventive
    Establish, implement, and maintain an asset management policy. CC ID 15219
    [An ICT equipment management policy is developed and implemented. Security Control: 1551; Revision: 0]
    Establish/Maintain Documentation Preventive
    Assign an information owner to organizational assets, as necessary. CC ID 12729
    [Each system has a designated system owner. Security Control: 1071; Revision: 1]
    Human Resources Management Preventive
    Establish, implement, and maintain classification schemes for all systems and assets. CC ID 01902
    [{highly classified information}{non-volatile media} Following sanitisation, highly classified non-volatile EPROM and EEPROM media retains its classification. Security Control: 0358; Revision: 5]
    Establish/Maintain Documentation Preventive
    Apply security controls to each level of the information classification standard. CC ID 01903 Systems Design, Build, and Implementation Preventive
    Establish, implement, and maintain the systems' confidentiality level. CC ID 01904 Establish/Maintain Documentation Preventive
    Define confidentiality controls. CC ID 01908 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain the systems' availability level. CC ID 01905 Establish/Maintain Documentation Preventive
    Restrict unscheduled downtime in order to maintain high availability for critical systems. CC ID 12742 Process or Activity Preventive
    Define integrity controls. CC ID 01909 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain the systems' integrity level. CC ID 01906 Establish/Maintain Documentation Preventive
    Define availability controls. CC ID 01911 Establish/Maintain Documentation Preventive
    Establish safety classifications for systems according to their potential harmful effects to operators or end users. CC ID 06603 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an asset safety classification scheme. CC ID 06604 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain the Asset Classification Policy. CC ID 06642 Establish/Maintain Documentation Preventive
    Disseminate and communicate the Asset Classification Policy to interested personnel and affected parties. CC ID 14851 Communicate Preventive
    Classify assets according to the Asset Classification Policy. CC ID 07186
    [{is higher} Media is reclassified if information copied onto the media is of a higher sensitivity or classification than the information already on the media, or information stored on the media is subject to a classification upgrade. Security Control: 0331; Revision: 5
    If reclassifying media to a lower sensitivity or classification, the reclassification of all information on the media has been approved by the originator, or the media has been appropriately sanitised/destroyed and a formal administrative decision has been made to reclassify it. Security Control: 0330; Revision: 3
    {be the highest} ICT equipment is classified based on the highest sensitivity or classification of information that it is approved for processing, storing or communicating. Security Control: 0293; Revision: 4
    ICT equipment, with the exception of high assurance ICT equipment, is labelled with protective markings reflecting its sensitivity or classification. Security Control: 0294; Revision: 4]
    Establish Roles Preventive
    Document the decision for assigning an asset to a specific asset classification in the Asset Classification Policy. CC ID 07185 Establish/Maintain Documentation Preventive
    Apply asset protection mechanisms for all assets according to their assigned Asset Classification Policy. CC ID 07184
    [{be suitable} ICT equipment is handled in a manner suitable for its sensitivity or classification. Security Control: 1599; Revision: 0]
    Establish Roles Preventive
    Disallow systems from processing information, disseminating and communicating information, or storing information that is above the system's assigned asset classification. CC ID 06606 Configuration Preventive
    Assign decomposed system components the same asset classification as the originating system. CC ID 06605 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an asset inventory. CC ID 06631
    [A cable register is maintained and regularly audited. Security Control: 0211; Revision: 5]
    Business Processes Preventive
    Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689
    [The identity and value of systems, applications and information is determined and documented. G2:
    An ICT equipment and media register is maintained and regularly audited. Security Control: 0336; Revision: 4
    An ICT equipment and media register is maintained and regularly audited. Security Control: 0336; Revision: 4
    All ICT equipment and media are accounted for on a regular basis. Security Control: 0159; Revision: 4
    Cable registers contain the following information: cable colour Security Control: 0208; Revision: 5; Bullet 2
    {database inventory} A database register is maintained and regularly audited. Security Control: 1243; Revision: 4
    {database inventory} A database register is maintained and regularly audited. Security Control: 1243; Revision: 4
    Cable registers contain the following information: seal numbers (if applicable). Security Control: 0208; Revision: 5; Bullet 7
    {software inventory} A software register, including versions and patch histories of applications, drivers, operating systems and firmware for workstations, servers, mobile devices, network devices and all other ICT equipment, is maintained and regularly audited. Security Control: 1493; Revision: 1]
    Establish/Maintain Documentation Preventive
    Include all account types in the Information Technology inventory. CC ID 13311 Establish/Maintain Documentation Preventive
    Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695
    [Data transfer logs are used to record all data imports and exports from systems. Security Control: 1586; Revision: 0
    {be independent} The requirement to use a firewall as part of gateway infrastructure is met by both parties independently; shared ICT equipment does not satisfy the requirements of both parties. Security Control: 1194; Revision: 2]
    Systems Design, Build, and Implementation Preventive
    Identify processes, Information Systems, and third parties that transmit, process, or store personal data. CC ID 06289 Data and Information Management Preventive
    Include each Information System's major applications in the Information Technology inventory. CC ID 01407 Establish/Maintain Documentation Preventive
    Categorize all major applications according to the business information they process. CC ID 07182 Establish/Maintain Documentation Preventive
    Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164 Establish/Maintain Documentation Preventive
    Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408 Establish/Maintain Documentation Preventive
    Include each Information System's minor applications in the Information Technology inventory. CC ID 01409 Establish/Maintain Documentation Preventive
    Conduct environmental surveys. CC ID 00690 Physical and Environmental Protection Preventive
    Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a hardware asset inventory. CC ID 00691
    [{SECRET area} An authorised RF devices for SECRET and TOP SECRET areas register is maintained and regularly audited. Security Control: 1543; Revision: 1]
    Establish/Maintain Documentation Preventive
    Include network equipment in the Information Technology inventory. CC ID 00693
    [A cable register is maintained and regularly audited. Security Control: 0211; Revision: 5
    Cable registers contain the following information: site/floor plan diagram Security Control: 0208; Revision: 5; Bullet 6
    A network device register is maintained and regularly audited. Security Control: 1301; Revision: 2]
    Establish/Maintain Documentation Preventive
    Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719 Establish/Maintain Documentation Preventive
    Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885 Process or Activity Preventive
    Include software in the Information Technology inventory. CC ID 00692
    [{software inventory} A software register, including versions and patch histories of applications, drivers, operating systems and firmware for workstations, servers, mobile devices, network devices and all other ICT equipment, is maintained and regularly audited. Security Control: 1493; Revision: 1]
    Establish/Maintain Documentation Preventive
    Establish and maintain a list of authorized software and versions required for each system. CC ID 12093
    [{SECRET area} An authorised RF devices for SECRET and TOP SECRET areas register is maintained and regularly audited. Security Control: 1543; Revision: 1]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a storage media inventory. CC ID 00694 Establish/Maintain Documentation Preventive
    Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962 Establish/Maintain Documentation Detective
    Establish, implement, and maintain a records inventory and database inventory. CC ID 01260 Establish/Maintain Documentation Preventive
    Add inventoried assets to the asset register database, as necessary. CC ID 07051
    [The identity and value of systems, applications and information is determined and documented. G2:]
    Establish/Maintain Documentation Preventive
    Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052 Monitor and Evaluate Occurrences Corrective
    Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053 Monitor and Evaluate Occurrences Corrective
    Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181 Establish/Maintain Documentation Preventive
    Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054 Technical Security Preventive
    Link the authentication system to the asset inventory. CC ID 13718 Technical Security Preventive
    Record the decommission date for applicable assets in the asset inventory. CC ID 14920 Establish/Maintain Documentation Preventive
    Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918 Establish/Maintain Documentation Preventive
    Include source code in the asset inventory. CC ID 14858 Records Management Preventive
    Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344 Human Resources Management Preventive
    Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110 Technical Security Detective
    Record the review date for applicable assets in the asset inventory. CC ID 14919 Establish/Maintain Documentation Preventive
    Record software license information for each asset in the asset inventory. CC ID 11736 Data and Information Management Preventive
    Record services for applicable assets in the asset inventory. CC ID 13733 Establish/Maintain Documentation Preventive
    Record protocols for applicable assets in the asset inventory. CC ID 13734 Establish/Maintain Documentation Preventive
    Record the software version in the asset inventory. CC ID 12196 Establish/Maintain Documentation Preventive
    Record the publisher for applicable assets in the asset inventory. CC ID 13725 Establish/Maintain Documentation Preventive
    Record the authentication system in the asset inventory. CC ID 13724 Establish/Maintain Documentation Preventive
    Tag unsupported assets in the asset inventory. CC ID 13723 Establish/Maintain Documentation Preventive
    Record the install date for applicable assets in the asset inventory. CC ID 13720 Establish/Maintain Documentation Preventive
    Record the make, model of device for applicable assets in the asset inventory. CC ID 12465 Establish/Maintain Documentation Preventive
    Record the asset tag for physical assets in the asset inventory. CC ID 06632
    [{be overseas} Before travelling overseas with mobile devices, personnel take the following actions: record all details of the devices being taken, such as product types, serial numbers and International Mobile Equipment Identity numbers Security Control: 1555; Revision: 0; Bullet 1
    {have} Building management cables are labelled with their purpose in black writing on a yellow background, with a minimum size of 2.5 cm x 1 cm, and attached at five-metre intervals. Security Control: 1639; Revision: 0]
    Establish/Maintain Documentation Preventive
    Record the host name of applicable assets in the asset inventory. CC ID 13722 Establish/Maintain Documentation Preventive
    Record network ports for applicable assets in the asset inventory. CC ID 13730 Establish/Maintain Documentation Preventive
    Record the MAC address for applicable assets in the asset inventory. CC ID 13721 Establish/Maintain Documentation Preventive
    Record the operating system version for applicable assets in the asset inventory. CC ID 11748 Data and Information Management Preventive
    Record the operating system type for applicable assets in the asset inventory. CC ID 06633 Establish/Maintain Documentation Preventive
    Record the department associated with the asset in the asset inventory. CC ID 12084 Establish/Maintain Documentation Preventive
    Record the physical location for applicable assets in the asset inventory. CC ID 06634 Establish/Maintain Documentation Preventive
    Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635 Establish/Maintain Documentation Preventive
    Record the firmware version for applicable assets in the asset inventory. CC ID 12195 Establish/Maintain Documentation Preventive
    Record the related business function for applicable assets in the asset inventory. CC ID 06636 Establish/Maintain Documentation Preventive
    Record the deployment environment for applicable assets in the asset inventory. CC ID 06637 Establish/Maintain Documentation Preventive
    Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638 Establish/Maintain Documentation Preventive
    Record trusted keys and certificates in the asset inventory. CC ID 15486 Data and Information Management Preventive
    Record cipher suites and protocols in the asset inventory. CC ID 15489 Data and Information Management Preventive
    Link the software asset inventory to the hardware asset inventory. CC ID 12085 Establish/Maintain Documentation Preventive
    Record the owner for applicable assets in the asset inventory. CC ID 06640 Establish/Maintain Documentation Preventive
    Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696 Establish/Maintain Documentation Preventive
    Record all changes to assets in the asset inventory. CC ID 12190 Establish/Maintain Documentation Preventive
    Record cloud service derived data in the asset inventory. CC ID 13007 Establish/Maintain Documentation Preventive
    Include cloud service customer data in the asset inventory. CC ID 13006 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a system redeployment program. CC ID 06276
    [{be overseas} Upon returning from travelling overseas with mobile devices, personnel take the following actions: sanitise and reset devices, including all media used with them Security Control: 1300; Revision: 4; Bullet 1]
    Establish/Maintain Documentation Preventive
    Test systems for malicious code prior to when the system will be redeployed. CC ID 06339 Testing Detective
    Notify organizational unit leaders prior to when the system is redeployed or the system is disposed. CC ID 06400
    [Following sanitisation, destruction or declassification, a formal administrative decision is made to handle ICT equipment, or its waste, as 'publicly releasable' before it is released into the public domain. Security Control: 0316; Revision: 2
    When disposing of ICT equipment that has been designed or modified to meet TEMPEST standards, the ACSC is contacted for requirements relating to its secure disposal. Security Control: 0321; Revision: 3]
    Behavior Preventive
    Wipe all data on systems prior to when the system is redeployed or the system is disposed. CC ID 06401
    [{make full}{randomize} At least three pages of random text with no blank areas are printed on each colour printer cartridge or MFD print drum. Security Control: 0317; Revision: 3
    Memory in network devices is sanitised using the following processes, in order of preference: loading a dummy configuration file, performing a factory reset and then reinstalling firmware. Security Control: 1223; Revision: 4; Bullet 3
    {be overseas} Upon returning from travelling overseas with mobile devices, personnel take the following actions: sanitise and reset devices, including all media used with them Security Control: 1300; Revision: 4; Bullet 1
    {cryptographic erasure} If a cryptographic zeroise or sanitise function is provided for cryptographic keys on highly classified mobile devices, the function is used as part of the mobile device emergency sanitisation process. Security Control: 0702; Revision: 4
    Televisions and computer monitors with minor burn-in or image persistence are sanitised by displaying a solid white image on the screen for an extended period of time. Security Control: 1076; Revision: 2
    {be suitable} Content sanitisation is performed on suitable file types if content conversion is not appropriate for data transiting a security domain boundary. Security Control: 1287; Revision: 1]
    Data and Information Management Preventive
    Transfer legal ownership of assets when the system is redeployed to a third party. CC ID 06698 Acquisition/Sale of Assets or Services Preventive
    Document the staff's operating knowledge of the system prior to a personnel status change. CC ID 06937 Establish/Maintain Documentation Preventive
    Redeploy systems to other organizational units, as necessary. CC ID 11452 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a system disposal program. CC ID 14431
    [An ICT equipment disposal process, and supporting ICT equipment disposal procedures, is developed and implemented. Security Control: 1550; Revision: 0
    An ICT equipment disposal process, and supporting ICT equipment disposal procedures, is developed and implemented. Security Control: 1550; Revision: 0]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain printer and multifunction device disposition procedures. CC ID 15216
    [MFD print drums and image transfer rollers are inspected and destroyed if there is remnant toner which cannot be removed or if a print is visible on the image transfer roller. Security Control: 1219; Revision: 1
    {clear} Fax machines are checked to ensure no pages are trapped in the paper path due to a paper jam. Security Control: 1226; Revision: 2
    Printer ribbons in printers and MFDs are removed and destroyed. Security Control: 1534; Revision: 0
    {clear} Printers and MFDs are checked to ensure no pages are trapped in the paper path due to a paper jam. Security Control: 1221; Revision: 1
    Printer and MFD platens are inspected and destroyed if any images are retained on the platen. Security Control: 1220; Revision: 1]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a system preventive maintenance program. CC ID 00885
    [{alternate location}{physical transfer requirement} ICT equipment maintained or repaired off-site is done so in accordance with the physical transfer and storage requirements for the sensitivity or classification of the ICT equipment. Security Control: 0310; Revision: 4]
    Establish/Maintain Documentation Preventive
    Establish and maintain maintenance reports. CC ID 11749 Establish/Maintain Documentation Preventive
    Establish and maintain system inspection reports. CC ID 06346
    [At the conclusion of a security assessment for a system, a security assessment report is produced by the assessor and covers: Security Control: 1563; Revision: 0
    At the conclusion of a security assessment for a system, a security assessment report is produced by the assessor and covers: the scope of the security assessment Security Control: 1563; Revision: 0; Bullet 1
    At the conclusion of a security assessment for a system, a security assessment report is produced by the assessor and covers: the system's strengths and weaknesses Security Control: 1563; Revision: 0; Bullet 2
    At the conclusion of a security assessment for a system, a security assessment report is produced by the assessor and covers: security risks associated with the operation of the system Security Control: 1563; Revision: 0; Bullet 3
    At the conclusion of a security assessment for a system, a security assessment report is produced by the assessor and covers: the effectiveness of the implementation of security controls Security Control: 1563; Revision: 0; Bullet 4]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a system maintenance policy. CC ID 14032 Establish/Maintain Documentation Preventive
    Include compliance requirements in the system maintenance policy. CC ID 14217 Establish/Maintain Documentation Preventive
    Include management commitment in the system maintenance policy. CC ID 14216 Establish/Maintain Documentation Preventive
    Include roles and responsibilities in the system maintenance policy. CC ID 14215 Establish/Maintain Documentation Preventive
    Include the scope in the system maintenance policy. CC ID 14214 Establish/Maintain Documentation Preventive
    Disseminate and communicate the system maintenance policy to interested personnel and affected parties. CC ID 14213 Communicate Preventive
    Include the purpose in the system maintenance policy. CC ID 14187 Establish/Maintain Documentation Preventive
    Include coordination amongst entities in the system maintenance policy. CC ID 14181 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain system maintenance procedures. CC ID 14059 Establish/Maintain Documentation Preventive
    Disseminate and communicate the system maintenance procedures to interested personnel and affected parties. CC ID 14194 Communicate Preventive
    Include a technology refresh plan in the system preventive maintenance program. CC ID 13061 Establish/Maintain Documentation Preventive
    Plan and conduct maintenance so that it does not interfere with scheduled operations. CC ID 06389 Physical and Environmental Protection Preventive
    Maintain contact with the device manufacturer or component manufacturer for maintenance requests. CC ID 06388 Behavior Preventive
    Replace system components when third party support is no longer available. CC ID 10644 Maintenance Preventive
    Obtain justification for the continued use of system components when third party support is no longer available. CC ID 10645 Maintenance Preventive
    Control and monitor all maintenance tools. CC ID 01432 Physical and Environmental Protection Detective
    Obtain approval before removing maintenance tools from the facility. CC ID 14298 Business Processes Preventive
    Control remote maintenance according to the system's asset classification. CC ID 01433
    [{alternate location} ICT equipment maintained or repaired off-site is treated as per the requirements for the sensitivity or classification of the area that the ICT equipment will be returned to. Security Control: 0944; Revision: 4]
    Technical Security Preventive
    Separate remote maintenance sessions from other network sessions with a logically separate communications path based upon encryption. CC ID 10614 Configuration Preventive
    Approve all remote maintenance sessions. CC ID 10615 Technical Security Preventive
    Log the performance of all remote maintenance. CC ID 13202 Log Management Preventive
    Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 Technical Security Preventive
    Conduct maintenance with authorized personnel. CC ID 01434
    [{be on premises} Maintenance and repairs of ICT equipment is carried out on-site by an appropriately cleared technician. Security Control: 0305; Revision: 5]
    Testing Detective
    Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295 Maintenance Preventive
    Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291
    [{uncleared individual} If an uncleared technician is used to undertake maintenance or repairs of ICT equipment, the ICT equipment and associated media is sanitised before maintenance or repair work is undertaken. Security Control: 0307; Revision: 2
    {Advanced Technology Attachment} The ATA secure erase command is used where available, in addition to using block overwriting software, to ensure the growth defects table (g-list) is overwritten. Security Control: 1067; Revision: 3]
    Maintenance Preventive
    Respond to maintenance requests inside the organizationally established time frame. CC ID 04878 Behavior Preventive
    Establish and maintain an archive of maintenance reports in a maintenance log. CC ID 06202 Establish/Maintain Documentation Preventive
    Acquire spare parts prior to when maintenance requests are scheduled. CC ID 11833 Acquisition/Sale of Assets or Services Preventive
    Perform periodic maintenance according to organizational standards. CC ID 01435 Behavior Preventive
    Remove components being serviced from the information system prior to performing maintenance. CC ID 14251 Maintenance Preventive
    Employ dedicated systems during system maintenance. CC ID 12108 Technical Security Preventive
    Isolate dedicated systems used for system maintenance from Internet access. CC ID 12114 Technical Security Preventive
    Control granting access to appropriate parties performing maintenance on organizational assets. CC ID 11873 Human Resources Management Preventive
    Identify and authenticate appropriate parties prior to granting access to maintain assets. CC ID 11874
    [Personnel who are contractors are identified as such. Security Control: 1583; Revision: 0
    Personnel who are foreign nationals are identified as such, including by their specific nationality. Security Control: 0975; Revision: 7
    {Australian Eyes Only information} Where systems process, store or communicate AUSTEO, AGAO or REL information, personnel who are foreign nationals are identified as such, including by their specific nationality. Security Control: 0420; Revision: 9]
    Physical and Environmental Protection Preventive
    Calibrate assets according to the calibration procedures for the asset. CC ID 06203 Testing Detective
    Post calibration limits or calibration tolerances on or near assets requiring calibration. CC ID 06204 Establish/Maintain Documentation Preventive
    Implement automated mechanisms to transfer predictive maintenance data to a maintenance management system. CC ID 10616 Process or Activity Preventive
    Dispose of hardware and software at their life cycle end. CC ID 06278
    [Televisions and computer monitors that cannot be sanitised are destroyed. Security Control: 1222; Revision: 1
    {not be able} When unable to sanitise printer cartridges or MFD print drums, they are destroyed as per electrostatic memory devices. Security Control: 0318; Revision: 3
    {confidentiality requirement}{integrity requirement} Systems and applications are designed, deployed, maintained and decommissioned according to their value and their confidentiality, integrity and availability requirements. P1:
    {confidentiality requirement}{integrity requirement} Systems and applications are designed, deployed, maintained and decommissioned according to their value and their confidentiality, integrity and availability requirements. P1:
    {confidentiality requirement}{integrity requirement} Systems and applications are designed, deployed, maintained and decommissioned according to their value and their confidentiality, integrity and availability requirements. P1:
    {confidentiality requirement}{integrity requirement} Systems and applications are designed, deployed, maintained and decommissioned according to their value and their confidentiality, integrity and availability requirements. P1:]
    Business Processes Preventive
    Refrain from placing assets being disposed into organizational dumpsters. CC ID 12200 Business Processes Preventive
    Establish, implement, and maintain disposal contracts. CC ID 12199 Establish/Maintain Documentation Preventive
    Include disposal procedures in disposal contracts. CC ID 13905 Establish/Maintain Documentation Preventive
    Remove asset tags prior to disposal of an asset. CC ID 12198
    [Labels and markings indicating the classification, codewords, caveats, owner, system, network, or any other marking that can associate the ICT equipment with its original use, are removed prior to disposal. Security Control: 1217; Revision: 1]
    Business Processes Preventive
    Document the storage information for all systems that are stored instead of being disposed or redeployed. CC ID 06936 Establish/Maintain Documentation Preventive
    Test for detrimental environmental factors after a system is disposed. CC ID 06938 Testing Detective
    Establish, implement, and maintain a customer service program. CC ID 00846 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an Incident Management program. CC ID 00853 Business Processes Preventive
    Include intrusion detection procedures in the Incident Management program. CC ID 00588 Establish/Maintain Documentation Preventive
    Contain the incident to prevent further loss and preserve the system for forensic analysis. CC ID 01751
    [When a data spill occurs, information owners are advised and access to the information is restricted. Security Control: 0133; Revision: 1
    Cyber security incidents are contained, eradicated and recovered from in a timely manner. R2:]
    Process or Activity Corrective
    Refrain from accessing compromised systems. CC ID 01752
    [{be overseas} Personnel take the following precautions when travelling overseas with mobile devices: avoiding reuse of media once used with other parties' devices or systems Security Control: 1299; Revision: 2; Bullet 10]
    Technical Security Corrective
    Isolate compromised systems from the network. CC ID 01753
    [When malicious code is detected, the following steps are taken to handle the infection: all previously connected media used in the period leading up to the infection are scanned for signs of infection and isolated if necessary Security Control: 0917; Revision: 7; Bullet 2
    When malicious code is detected, the following steps are taken to handle the infection: the infected systems are isolated Security Control: 0917; Revision: 7; Bullet 1]
    Technical Security Corrective
    Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754 Log Management Corrective
    Change authenticators after a security incident has been detected. CC ID 06789
    [Passwords/passphrases are changed if: they are directly compromised Security Control: 1590; Revision: 0; Bullet 1]
    Technical Security Corrective
    Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677 Investigate Detective
    Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095
    [The integrity of evidence gathered during an investigation is maintained by investigators: recording all of their actions Security Control: 0138; Revision: 4; Bullet 1]
    Establish/Maintain Documentation Preventive
    Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674 Establish/Maintain Documentation Detective
    Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678 Establish/Maintain Documentation Detective
    Share incident information with interested personnel and affected parties. CC ID 01212
    [Service providers report all cyber security incidents to the organisation's CISO, or one of their delegates, as soon as possible after they occur or are discovered. Security Control: 0141; Revision: 4
    Cyber security incidents are reported to an organisation's CISO, or one of their delegates, as soon as possible after they occur or are discovered. Security Control: 0123; Revision: 3
    {relevant authority} Cyber security incidents are identified and reported both internally and externally to relevant bodies in a timely manner. R1:
    The compromise or suspected compromise of CGCE or associated keying material is reported to an organisation's Chief Information Security Officer, or one of their delegates, as soon as possible after it occurs. Security Control: 0142; Revision: 3]
    Data and Information Management Corrective
    Share data loss event information with the media. CC ID 01759 Behavior Corrective
    Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036 Data and Information Management Preventive
    Share data loss event information with interconnected system owners. CC ID 01209 Establish/Maintain Documentation Corrective
    Report data loss event information to breach notification organizations. CC ID 01210
    [Cyber security incidents are reported to the ACSC. Security Control: 0140; Revision: 6]
    Data and Information Management Corrective
    Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326 Log Management Detective
    Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731 Behavior Corrective
    Remediate security violations according to organizational standards. CC ID 12338
    [Cyber security incidents are contained, eradicated and recovered from in a timely manner. R2:]
    Business Processes Preventive
    Include data loss event notifications in the Incident Response program. CC ID 00364 Establish/Maintain Documentation Preventive
    Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365
    [When a data spill occurs, information owners are advised and access to the information is restricted. Security Control: 0133; Revision: 1]
    Behavior Corrective
    Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801 Behavior Detective
    Delay sending incident response notifications under predetermined conditions. CC ID 00804 Behavior Corrective
    Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985 Establish/Maintain Documentation Preventive
    Avoid false positive incident response notifications. CC ID 04732 Behavior Detective
    Establish, implement, and maintain incident response notifications. CC ID 12975 Establish/Maintain Documentation Corrective
    Refrain from charging for providing incident response notifications. CC ID 13876 Business Processes Preventive
    Include information required by law in incident response notifications. CC ID 00802 Establish/Maintain Documentation Detective
    Title breach notifications "Notice of Data Breach". CC ID 12977 Establish/Maintain Documentation Preventive
    Display titles of incident response notifications clearly and conspicuously. CC ID 12986 Establish/Maintain Documentation Preventive
    Display headings in incident response notifications clearly and conspicuously. CC ID 12987 Establish/Maintain Documentation Preventive
    Design the incident response notification to call attention to its nature and significance. CC ID 12984 Establish/Maintain Documentation Preventive
    Use plain language to write incident response notifications. CC ID 12976 Establish/Maintain Documentation Preventive
    Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983 Establish/Maintain Documentation Preventive
    Include details of the investigation in incident response notifications. CC ID 12296 Establish/Maintain Documentation Preventive
    Include the issuer's name in incident response notifications. CC ID 12062 Establish/Maintain Documentation Preventive
    Include a "What Happened" heading in breach notifications. CC ID 12978 Establish/Maintain Documentation Preventive
    Include a general description of the data loss event in incident response notifications. CC ID 04734 Establish/Maintain Documentation Preventive
    Include the date (or estimated date) the privacy breach was detected in incident response notifications. CC ID 04745 Establish/Maintain Documentation Preventive
    Include the identification of the data source in incident response notifications. CC ID 12305 Establish/Maintain Documentation Preventive
    Include a "What Information Was Involved" heading in the breach notification. CC ID 12979 Establish/Maintain Documentation Preventive
    Include the type of information that was lost in incident response notifications. CC ID 04735 Establish/Maintain Documentation Preventive
    Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776 Establish/Maintain Documentation Preventive
    Include a "What We Are Doing" heading in the breach notification. CC ID 12982 Establish/Maintain Documentation Preventive
    Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736 Establish/Maintain Documentation Preventive
    Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737 Establish/Maintain Documentation Preventive
    Include a "For More Information" heading in breach notifications. CC ID 12981 Establish/Maintain Documentation Preventive
    Include details of the companies and persons involved in incident response notifications. CC ID 12295 Establish/Maintain Documentation Preventive
    Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744 Establish/Maintain Documentation Preventive
    Include the reporting individual's contact information in incident response notifications. CC ID 12297 Establish/Maintain Documentation Preventive
    Include any consequences in the incident response notifications. CC ID 12604 Establish/Maintain Documentation Preventive
    Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746 Establish/Maintain Documentation Preventive
    Include a "What You Can Do" heading in the breach notification. CC ID 12980 Establish/Maintain Documentation Preventive
    Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738 Establish/Maintain Documentation Detective
    Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767 Communicate Corrective
    Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766 Business Processes Corrective
    Include contact information in incident response notifications. CC ID 04739 Establish/Maintain Documentation Preventive
    Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085 Communicate Preventive
    Send paper incident response notifications to affected parties, as necessary. CC ID 00366 Behavior Corrective
    Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803 Behavior Corrective
    Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368 Behavior Corrective
    Telephone incident response notifications to affected parties, as necessary. CC ID 04650 Behavior Corrective
    Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747 Behavior Preventive
    Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748 Establish/Maintain Documentation Preventive
    Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750 Behavior Preventive
    Publish the incident response notification in a general circulation periodical. CC ID 04651 Behavior Corrective
    Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769 Behavior Preventive
    Send electronic incident response notifications to affected parties, as necessary. CC ID 00367 Behavior Corrective
    Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347 Communicate Corrective
    Include incident recovery procedures in the Incident Management program. CC ID 01758
    [Cyber security incidents are contained, eradicated and recovered from in a timely manner. R2:]
    Establish/Maintain Documentation Corrective
    Change wireless access variables after a data loss event has been detected. CC ID 01756 Technical Security Corrective
    Eradicate the cause of the incident after the incident has been contained. CC ID 01757 Business Processes Corrective
    Establish, implement, and maintain a restoration log. CC ID 12745 Establish/Maintain Documentation Preventive
    Include a description of the restored data that was restored manually in the restoration log. CC ID 15463 Data and Information Management Preventive
    Include a description of the restored data in the restoration log. CC ID 15462 Data and Information Management Preventive
    Implement security controls for personnel that have accessed information absent authorization. CC ID 10611 Human Resources Management Corrective
    Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592 Establish/Maintain Documentation Preventive
    Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265 Monitor and Evaluate Occurrences Detective
    Re-image compromised systems with secure builds. CC ID 12086 Technical Security Corrective
    Include incident management procedures in the Incident Management program. CC ID 12689 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858
    [A method of emergency access to systems is documented and tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur. Security Control: 1610; Revision: 0]
    Establish/Maintain Documentation Corrective
    Include after-action analysis procedures in the Incident Management program. CC ID 01219
    [{be successful} Post-incident analysis is performed for successful targeted cyber intrusions; this includes storing full network traffic for at least seven days after a targeted cyber intrusion. Security Control: 1213; Revision: 1]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain incident management audit logs. CC ID 13514 Records Management Preventive
    Log incidents in the Incident Management audit log. CC ID 00857
    [A cyber security incident register is maintained with the following information: Security Control: 0125; Revision: 4
    A cyber security incident register is maintained with the following information: a description of the cyber security incident Security Control: 0125; Revision: 4; Bullet 3
    A cyber security incident register is maintained with the following information: any actions taken in response to the cyber security incident Security Control: 0125; Revision: 4; Bullet 4
    {individual} A cyber security incident register is maintained with the following information: to whom the cyber security incident was reported. Security Control: 0125; Revision: 4; Bullet 5
    A cyber security incident register is maintained with the following information: the date the cyber security incident was discovered Security Control: 0125; Revision: 4; Bullet 2
    Cyber security events and anomalous activities are detected, collected, correlated and analysed in a timely manner. D1:]
    Establish/Maintain Documentation Preventive
    Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 Log Management Corrective
    Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 Log Management Preventive
    Establish, implement, and maintain an Incident Response program. CC ID 00579 Establish/Maintain Documentation Preventive
    Create an incident response report following an incident response. CC ID 12700 Establish/Maintain Documentation Preventive
    Include when the incident occurred in the incident response report. CC ID 12709
    [A cyber security incident register is maintained with the following information: the date the cyber security incident occurred Security Control: 0125; Revision: 4; Bullet 1]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an incident response plan. CC ID 12056
    [Systems have an incident response plan that covers the following: the types of incidents likely to be encountered and the expected response to each type Security Control: 0043; Revision: 3; Bullet 2]
    Establish/Maintain Documentation Preventive
    Include addressing external communications in the incident response plan. CC ID 13351 Establish/Maintain Documentation Preventive
    Include addressing internal communications in the incident response plan. CC ID 13350 Establish/Maintain Documentation Preventive
    Include change control procedures in the incident response plan. CC ID 15479 Establish/Maintain Documentation Preventive
    Include addressing information sharing in the incident response plan. CC ID 13349
    [Systems have an incident response plan that covers the following: how to report cyber security incidents, internally to the organisation and externally to the Australian Cyber Security Centre (ACSC) Security Control: 0043; Revision: 3; Bullet 3
    Systems have an incident response plan that covers the following: other parties which need to be informed in the event of a cyber security incident Security Control: 0043; Revision: 3; Bullet 4]
    Establish/Maintain Documentation Preventive
    Include dynamic reconfiguration in the incident response plan. CC ID 14306 Establish/Maintain Documentation Preventive
    Include a definition of reportable incidents in the incident response plan. CC ID 14303
    [Systems have an incident response plan that covers the following: guidelines on what constitutes a cyber security incident Security Control: 0043; Revision: 3; Bullet 1]
    Establish/Maintain Documentation Preventive
    Include the management support needed for incident response in the incident response plan. CC ID 14300
    [{be responsible}Systems have an incident response plan that covers the following: the authority, or authorities, responsible for investigating and responding to cyber security incidents Security Control: 0043; Revision: 3; Bullet 5]
    Establish/Maintain Documentation Preventive
    Include how incident response fits into the organization in the incident response plan. CC ID 14294 Establish/Maintain Documentation Preventive
    Include the resources needed for incident response in the incident response plan. CC ID 14292 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a cyber incident response plan. CC ID 13286
    [Systems have an incident response plan that covers the following: the criteria by which an investigation of a cyber security incident would be requested from a law enforcement agency, the ACSC or other relevant authority Security Control: 0043; Revision: 3; Bullet 6
    A denial of service response plan is developed and implemented that includes: Security Control: 1019; Revision: 7]
    Establish/Maintain Documentation Preventive
    Include incident response team structures in the Incident Response program. CC ID 01237 Establish/Maintain Documentation Preventive
    Include identifying remediation actions in the incident response plan. CC ID 13354
    [Systems have an incident response plan that covers the following: the types of incidents likely to be encountered and the expected response to each type Security Control: 0043; Revision: 3; Bullet 2]
    Establish/Maintain Documentation Preventive
    Include business continuity procedures in the Incident Response program. CC ID 06433
    [Systems have an incident response plan that covers the following: system contingency measures or a reference to such details if they are located in a separate document. Security Control: 0043; Revision: 3; Bullet 8
    {way} A denial of service response plan is developed and implemented that includes: how capabilities can be maintained during a denial of service Security Control: 1019; Revision: 7; Bullet 3]
    Establish/Maintain Documentation Preventive
    Coordinate backup procedures as defined in the system continuity plan with backup procedures necessary for incident response procedures. CC ID 06432 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a digital forensic evidence framework. CC ID 08652 Establish/Maintain Documentation Preventive
    Retain collected evidence for potential future legal actions. CC ID 01235 Records Management Preventive
    Establish, implement, and maintain a chain of custody for all devices containing digital forensic evidence. CC ID 08686
    [The integrity of evidence gathered during an investigation is maintained by investigators: maintaining a proper chain of custody. Security Control: 0138; Revision: 4; Bullet 4]
    Establish/Maintain Documentation Detective
    Establish, implement, and maintain secure storage and handling of evidence procedures. CC ID 08656
    [The integrity of evidence gathered during an investigation is maintained by investigators: Security Control: 0138; Revision: 4
    The integrity of evidence gathered during an investigation is maintained by investigators: creating checksums for all evidence Security Control: 0138; Revision: 4; Bullet 2
    Systems have an incident response plan that covers the following: the steps necessary to ensure the integrity of evidence relating to a cyber security incident Security Control: 0043; Revision: 3; Bullet 7]
    Records Management Preventive
    Collect evidence from the incident scene. CC ID 02236 Business Processes Corrective
    Secure devices containing digital forensic evidence. CC ID 08681 Investigate Detective
    Create a system image of the device before collecting digital forensic evidence. CC ID 08673
    [The integrity of evidence gathered during an investigation is maintained by investigators: copying evidence onto media for archiving Security Control: 0138; Revision: 4; Bullet 3]
    Investigate Detective
    Disseminate and communicate the incident response procedures to all interested personnel and affected parties. CC ID 01215
    [{be aware} The CISO is fully aware of all cyber security incidents within their organisation. Security Control: 0733; Revision: 2]
    Establish/Maintain Documentation Preventive
    Provide language analysis support, as necessary. CC ID 14084 Business Processes Preventive
    Transcribe voice materials, as necessary. CC ID 14260
    [{logging capability}{transcription capability} PowerShell is configured to use module logging, script block logging and transcription functionality. Security Control: 1623; Revision: 0]
    Process or Activity Preventive
    Establish, implement, and maintain a change control program. CC ID 00886
    [A change management process, and supporting change management procedures, is developed and implemented covering: Security Control: 1211; Revision: 3
    A change management process, and supporting change management procedures, is developed and implemented covering: Security Control: 1211; Revision: 3]
    Establish/Maintain Documentation Preventive
    Include potential consequences of unintended changes in the change control program. CC ID 12243 Establish/Maintain Documentation Preventive
    Include version control in the change control program. CC ID 13119 Establish/Maintain Documentation Preventive
    Include service design and transition in the change control program. CC ID 13920 Establish/Maintain Documentation Preventive
    Separate the production environment from development environment or test environment for the change control process. CC ID 11864 Maintenance Preventive
    Integrate configuration management procedures into the change control program. CC ID 13646 Technical Security Preventive
    Establish, implement, and maintain a back-out plan. CC ID 13623 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain back-out procedures for each proposed change in a change request. CC ID 00373 Establish/Maintain Documentation Preventive
    Approve back-out plans, as necessary. CC ID 13627 Establish/Maintain Documentation Corrective
    Manage change requests. CC ID 00887
    [A change management process, and supporting change management procedures, is developed and implemented covering: identification and documentation of requests for change Security Control: 1211; Revision: 3; Bullet 1]
    Business Processes Preventive
    Include documentation of the impact level of proposed changes in the change request. CC ID 11942 Establish/Maintain Documentation Preventive
    Establish and maintain a change request approver list. CC ID 06795 Establish/Maintain Documentation Preventive
    Document all change requests in change request forms. CC ID 06794 Establish/Maintain Documentation Preventive
    Test proposed changes prior to their approval. CC ID 00548
    [A change management process, and supporting change management procedures, is developed and implemented covering: approval required for changes to be made Security Control: 1211; Revision: 3; Bullet 2]
    Testing Detective
    Examine all changes to ensure they correspond with the change request. CC ID 12345 Business Processes Detective
    Approve tested change requests. CC ID 11783 Data and Information Management Preventive
    Validate the system before implementing approved changes. CC ID 01510 Systems Design, Build, and Implementation Preventive
    Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807
    [A change management process, and supporting change management procedures, is developed and implemented covering: notification of any planned disruptions or outages Security Control: 1211; Revision: 3; Bullet 4]
    Behavior Preventive
    Establish, implement, and maintain emergency change procedures. CC ID 00890 Establish/Maintain Documentation Preventive
    Perform emergency changes, as necessary. CC ID 12707 Process or Activity Preventive
    Back up emergency changes after the change has been performed. CC ID 12734 Process or Activity Preventive
    Log emergency changes after they have been performed. CC ID 12733 Establish/Maintain Documentation Preventive
    Perform risk assessments prior to approving change requests. CC ID 00888
    [A change management process, and supporting change management procedures, is developed and implemented covering: assessment of potential security impacts Security Control: 1211; Revision: 3; Bullet 3]
    Testing Preventive
    Conduct network certifications prior to approving change requests for networks. CC ID 13121 Process or Activity Detective
    Analyze mitigating controls for vulnerabilities in the network when certifying the network. CC ID 13126 Investigate Detective
    Collect data about the network environment when certifying the network. CC ID 13125 Investigate Detective
    Implement changes according to the change control program. CC ID 11776
    [A change management process, and supporting change management procedures, is developed and implemented covering: implementation and testing of approved changes Security Control: 1211; Revision: 3; Bullet 5]
    Business Processes Preventive
    Provide audit trails for all approved changes. CC ID 13120 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a patch management program. CC ID 00896
    [{timely manner} Security vulnerabilities in applications and drivers assessed as extreme risk are patched, updated or mitigated within 48 hours of the security vulnerabilities being identified by vendors, independent third parties, system managers or users. Security Control: 1144; Revision: 9
    {moderate risk}{timely manner} Security vulnerabilities in operating systems and firmware assessed as moderate or low risk are patched, updated or mitigated within one month of the security vulnerability being identified by vendors, independent third parties, system managers or users. Security Control: 1496; Revision: 0
    {approved patch} High assurance ICT equipment is only patched with patches approved by the ACSC using methods and timeframes prescribed by the ACSC. Security Control: 0300; Revision: 6
    {approved patch} High assurance ICT equipment is only patched with patches approved by the ACSC using methods and timeframes prescribed by the ACSC. Security Control: 0300; Revision: 6
    {approved patch} High assurance ICT equipment is only patched with patches approved by the ACSC using methods and timeframes prescribed by the ACSC. Security Control: 0300; Revision: 6
    {moderate risk}{timely manner} Security vulnerabilities in applications and drivers assessed as moderate or low risk are patched, updated or mitigated within one month of the security vulnerability being identified by vendors, independent third parties, system managers or users. Security Control: 1472; Revision: 1
    An automated mechanism is used to confirm and record that deployed operating system and firmware patches or updates have been installed, applied successfully and remain in place. Security Control: 1500; Revision: 0
    {timely manner} Security vulnerabilities in operating systems and firmware assessed as high risk are patched, updated or mitigated within two weeks of the security vulnerability being identified by vendors, independent third parties, system managers or users. Security Control: 1495; Revision: 0
    A patch management process, and supporting patch management procedures, is developed and implemented. Security Control: 1143; Revision: 7
    {timely manner} Security vulnerabilities in operating systems and firmware assessed as extreme risk are patched, updated or mitigated within 48 hours of the security vulnerabilities being identified by vendors, independent third parties, system managers or users. Security Control: 1494; Revision: 0
    Security vulnerabilities in applications and drivers assessed as high risk are patched, updated or mitigated within two weeks of the security vulnerability being identified by vendors, independent third parties, system managers or users. Security Control: 0940; Revision: 8
    An automated mechanism is used to confirm and record that deployed application and driver patches or updates have been installed, applied successfully and remain in place. Security Control: 1497; Revision: 0
    A centralised and managed approach is ;" class="term_primary-verb">used to patch or update applications and drivers. Security Control: 0298; Revision: 7
    An approach for patching or updating operating systems and firmware that ensures the integrity and authenticity of patches or updates, as well as the processes used to apply them, is used. Security Control: 1499; Revision: 0]
    Process or Activity Preventive
    Document the sources of all software updates. CC ID 13316 Establish/Maintain Documentation Preventive
    Implement patch management software, as necessary. CC ID 12094 Technical Security Preventive
    Include updates and exceptions to hardened images as a part of the patch management program. CC ID 12087 Technical Security Preventive
    Establish, implement, and maintain patch management procedures. CC ID 15224
    [A patch management process, and supporting patch management procedures, is developed and implemented. Security Control: 1143; Revision: 7]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a patch log. CC ID 01642 Establish/Maintain Documentation Preventive
    Review the patch log for missing patches. CC ID 13186 Technical Security Detective
    Perform a patch test prior to deploying a patch. CC ID 00898 Testing Detective
    Prioritize deploying patches according to vulnerability risk metrics. CC ID 06796 Business Processes Preventive
    Deploy software patches. CC ID 07032
    [{supported version} Applications that are no longer supported by vendors with patches or updates for security vulnerabilities are updated or replaced with vendor-supported versions. Security Control: 0304; Revision: 5]
    Configuration Corrective
    Test software patches for any potential compromise of the system's security. CC ID 13175 Testing Detective
    Patch software. CC ID 11825
    [{be overseas}Before travelling overseas with mobile devices, personnel take the following actions: update all applications and operating systems Security Control: 1555; Revision: 0; Bullet 2]
    Technical Security Corrective
    Patch the operating system, as necessary. CC ID 11824
    [{be overseas}Before travelling overseas with mobile devices, personnel take the following actions: update all applications and operating systems Security Control: 1555; Revision: 0; Bullet 2
    A centralised and managed approach is used to patch or update operating systems and firmware. Security Control: 1498; Revision: 1
    {supported version} Operating systems for workstations, servers and ICT equipment that are no longer supported by vendors with patches or updates for security vulnerabilities are updated or replaced with vendor-supported versions. Security Control: 1501; Revision: 0
    {software separation mechanism} When using a software-based isolation mechanism to share a physical server's hardware, patches are applied to the isolation mechanism and underlying operating system in a timely manner. Security Control: 1606; Revision: 0]
    Technical Security Corrective
    Deploy software patches in the disaster recovery environment to mirror those in the production environment. CC ID 13174 Configuration Corrective
    Remove outdated software after software has been updated. CC ID 11792 Configuration Corrective
    Update computer firmware, as necessary. CC ID 11755
    [A centralised and managed approach is used to patch or update operating systems and firmware. Security Control: 1498; Revision: 1]
    Configuration Corrective
    Review changes to computer firmware. CC ID 12226 Testing Detective
    Certify changes to computer firmware are free of malicious logic. CC ID 12227 Testing Detective
    Remove outdated computer firmware after the computer firmware has been updated. CC ID 10671 Configuration Corrective
    Implement cryptographic mechanisms to authenticate software and computer firmware before installation. CC ID 10682 Technical Security Detective
    Establish, implement, and maintain a software release policy. CC ID 00893 Establish/Maintain Documentation Preventive
    Disseminate and communicate software update information to users and regulators. CC ID 06602 Behavior Preventive
    Allow interested personnel and affected parties to opt out of specific version releases and software updates. CC ID 06809 Data and Information Management Preventive
    Mitigate the adverse effects of unauthorized changes. CC ID 12244 Business Processes Corrective
    Establish, implement, and maintain approved change acceptance testing procedures. CC ID 06391
    [A method of emergency access to systems is documented and tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur. Security Control: 1610; Revision: 0]
    Establish/Maintain Documentation Detective
    Test the system's operational functionality after implementing approved changes. CC ID 06294
    [A change management process, and supporting change management procedures, is developed and implemented covering: implementation and testing of approved changes Security Control: 1211; Revision: 3; Bullet 5]
    Testing Detective
    Perform and pass acceptance testing before moving a system back into operation after an approved change has occurred. CC ID 04541 Testing Detective
    Establish, implement, and maintain a change acceptance testing log. CC ID 06392 Establish/Maintain Documentation Corrective
    Update associated documentation after the system configuration has been changed. CC ID 00891
    [{system documentation}A change management process, and supporting change management procedures, is developed and implemented covering: the maintenance of system and security documentation. Security Control: 1211; Revision: 3; Bullet 6]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a configuration change log. CC ID 08710 Configuration Detective
    Document approved configuration deviations. CC ID 08711 Establish/Maintain Documentation Corrective
  • Physical and environmental protection
    273
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Physical and environmental protection CC ID 00709 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a physical security program. CC ID 11757 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an anti-tamper protection program. CC ID 10638 Monitor and Evaluate Occurrences Detective
    Monitor for evidence of when tampering indicators are being identified. CC ID 11905
    [{be uniquely identifiable} In shared non-government facilities, uniquely identifiable SCEC endorsed tamper-evident seals are used to seal all removable covers on cable reticulation systems. Security Control: 0195; Revision: 5]
    Monitor and Evaluate Occurrences Detective
    Inspect device surfaces to detect tampering. CC ID 11868 Investigate Detective
    Inspect device surfaces to detect unauthorized substitution. CC ID 11869 Investigate Detective
    Inspect for tampering at random intervals. CC ID 10640 Monitor and Evaluate Occurrences Detective
    Alert interested personnel and affected parties when evidence of tampering is discovered. CC ID 15319 Communicate Preventive
    Establish, implement, and maintain a facility physical security program. CC ID 00711
    [Any facility containing a system, including a deployable system, is certified and accredited to at least the sensitivity or classification of the system. Security Control: 0810; Revision: 4]
    Establish/Maintain Documentation Preventive
    Establish and maintain a contract for accessing facilities that transmit, process, or store restricted data. CC ID 12050 Establish/Maintain Documentation Preventive
    Refrain from providing access to facilities that transmit, process, or store restricted data until the contract for accessing the facility is signed. CC ID 12311 Behavior Preventive
    Protect the facility from crime. CC ID 06347 Physical and Environmental Protection Preventive
    Define communication methods for reporting crimes. CC ID 06349 Establish/Maintain Documentation Preventive
    Include identification cards or badges in the physical security program. CC ID 14818 Establish/Maintain Documentation Preventive
    Protect facilities from eavesdropping. CC ID 02222
    [{area}{eavesdropping protection} When penetrating an audio secured space, ASIO is consulted and all directions provided are complied with. Security Control: 0198; Revision: 2
    Speakerphones are not used on telephone systems in TOP SECRET areas unless the telephone system is located in a room rated as audio secure, the room is audio secure during conversations and only personnel involved in discussions are present in the room. Security Control: 0235; Revision: 3
    Speakerphones are not used on telephone systems in TOP SECRET areas unless the telephone system is located in a room rated as audio secure, the room is audio secure during conversations and only personnel involved in discussions are present in the room. Security Control: 0235; Revision: 3
    In PROTECTED areas, off-hook audio protection features are used on all telephones that are not authorised for the transmission of PROTECTED information. Security Control: 0236; Revision: 4
    In TOP SECRET areas, push-to-talk handsets or push-to-talk headsets are used on all telephones that are not authorised for the transmission of TOP SECRET information. Security Control: 0237; Revision: 4
    In SECRET areas, push-to-talk handsets or push-to-talk headsets are used on all telephones that are not authorised for the transmission of SECRET information. Security Control: 0931; Revision: 5
    The effective range of wireless communications outside an organisation's area of control is limited by implementing RF shielding on buildings in which wireless networks are used. Security Control: 1013; Revision: 5]
    Physical and Environmental Protection Preventive
    Inspect telephones for eavesdropping devices. CC ID 02223 Physical and Environmental Protection Detective
    Establish, implement, and maintain security procedures for virtual meetings CC ID 15581 Establish/Maintain Documentation Preventive
    Hold conferences requiring sensitive information discussions in spaces that have commensurate security. CC ID 11440 Physical and Environmental Protection Preventive
    Provide one-time meeting support for discussions involving Top Secret information. CC ID 11441 Physical and Environmental Protection Preventive
    Establish clear zones around any sensitive facilities. CC ID 02214 Physical and Environmental Protection Preventive
    Post and maintain security signage for all facilities. CC ID 02201 Establish/Maintain Documentation Preventive
    Inspect items brought into the facility. CC ID 06341 Physical and Environmental Protection Preventive
    Maintain all physical security systems. CC ID 02206 Physical and Environmental Protection Preventive
    Detect anomalies in physical barriers. CC ID 13533 Investigate Detective
    Maintain all security alarm systems. CC ID 11669 Physical and Environmental Protection Preventive
    Identify and document physical access controls for all physical entry points. CC ID 01637 Establish/Maintain Documentation Preventive
    Control physical access to (and within) the facility. CC ID 01329
    [Physical access to systems, supporting infrastructure and facilities is restricted to authorised personnel. P14:]
    Physical and Environmental Protection Preventive
    Establish, implement, and maintain physical access procedures. CC ID 13629 Establish/Maintain Documentation Preventive
    Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 Physical and Environmental Protection Preventive
    Secure physical entry points with physical access controls or security guards. CC ID 01640 Physical and Environmental Protection Detective
    Configure the access control system to grant access only during authorized working hours. CC ID 12325 Physical and Environmental Protection Preventive
    Establish, implement, and maintain a visitor access permission policy. CC ID 06699 Establish/Maintain Documentation Preventive
    Escort visitors within the facility, as necessary. CC ID 06417 Establish/Maintain Documentation Preventive
    Check the visitor's stated identity against a provided government issued identification. CC ID 06701 Physical and Environmental Protection Preventive
    Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 Testing Preventive
    Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 Behavior Preventive
    Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 Establish/Maintain Documentation Preventive
    Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 Establish/Maintain Documentation Preventive
    Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 Physical and Environmental Protection Corrective
    Authorize physical access to sensitive areas based on job functions. CC ID 12462 Establish/Maintain Documentation Preventive
    Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747
    [{uncleared individual}{personnel}If an uncleared technician is used to undertake maintenance or repairs of ICT equipment, the technician is escorted by someone who: is appropriately cleared and briefed Security Control: 0306; Revision: 4; Bullet 1
    {uncleared individual}{personnel}If an uncleared technician is used to undertake maintenance or repairs of ICT equipment, the technician is escorted by someone who: takes all responsible measures to ensure the integrity of the ICT equipment Security Control: 0306; Revision: 4; Bullet 3
    {uncleared individual}{personnel}If an uncleared technician is used to undertake maintenance or repairs of ICT equipment, the technician is escorted by someone who: takes due care to ensure that information is not disclosed Security Control: 0306; Revision: 4; Bullet 2
    {uncleared individual}{personnel}{familiarize}If an uncleared technician is used to undertake maintenance or repairs of ICT equipment, the technician is escorted by someone who: is sufficiently familiar with the ICT equipment to understand the work being performed. Security Control: 0306; Revision: 4; Bullet 5
    {uncleared individual}{personnel}If an uncleared technician is used to undertake maintenance or repairs of ICT equipment, the technician is escorted by someone who: has the authority to direct the technician Security Control: 0306; Revision: 4; Bullet 4]
    Monitor and Evaluate Occurrences Preventive
    Establish, implement, and maintain physical identification procedures. CC ID 00713 Establish/Maintain Documentation Preventive
    Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 Human Resources Management Preventive
    Implement physical identification processes. CC ID 13715 Process or Activity Preventive
    Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 Process or Activity Preventive
    Issue photo identification badges to all employees. CC ID 12326 Physical and Environmental Protection Preventive
    Implement operational requirements for card readers. CC ID 02225 Testing Preventive
    Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 Establish/Maintain Documentation Preventive
    Document all lost badges in a lost badge list. CC ID 12448 Establish/Maintain Documentation Corrective
    Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 Physical and Environmental Protection Preventive
    Manage constituent identification inside the facility. CC ID 02215 Behavior Preventive
    Direct each employee to be responsible for their identification card or badge. CC ID 12332 Human Resources Management Preventive
    Manage visitor identification inside the facility. CC ID 11670 Physical and Environmental Protection Preventive
    Issue visitor identification badges to all non-employees. CC ID 00543 Behavior Preventive
    Secure unissued visitor identification badges. CC ID 06712 Physical and Environmental Protection Preventive
    Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 Behavior Preventive
    Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 Physical and Environmental Protection Preventive
    Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 Establish/Maintain Documentation Preventive
    Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 Process or Activity Preventive
    Include error handling controls in identification issuance procedures. CC ID 13709 Establish/Maintain Documentation Preventive
    Include an appeal process in the identification issuance procedures. CC ID 15428 Business Processes Preventive
    Include information security in the identification issuance procedures. CC ID 15425 Establish/Maintain Documentation Preventive
    Include identity proofing processes in the identification issuance procedures. CC ID 06597 Process or Activity Preventive
    Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 Establish/Maintain Documentation Preventive
    Include an identity registration process in the identification issuance procedures. CC ID 11671 Establish/Maintain Documentation Preventive
    Restrict access to the badge system to authorized personnel. CC ID 12043 Physical and Environmental Protection Preventive
    Enforce dual control for badge assignments. CC ID 12328 Physical and Environmental Protection Preventive
    Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 Physical and Environmental Protection Preventive
    Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 Physical and Environmental Protection Preventive
    Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 Establish/Maintain Documentation Preventive
    Assign employees the responsibility for controlling their identification badges. CC ID 12333 Human Resources Management Preventive
    Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 Establish/Maintain Documentation Preventive
    Prevent tailgating through physical entry points. CC ID 06685 Physical and Environmental Protection Preventive
    Establish, implement, and maintain a door security standard. CC ID 06686 Establish/Maintain Documentation Preventive
    Install doors so that exposed hinges are on the secured side. CC ID 06687 Configuration Preventive
    Install emergency doors to permit egress only. CC ID 06688 Configuration Preventive
    Install contact alarms on doors, as necessary. CC ID 06710 Configuration Preventive
    Use locks to protect against unauthorized physical access. CC ID 06342 Physical and Environmental Protection Preventive
    Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650 Configuration Preventive
    Test locks for physical security vulnerabilities. CC ID 04880 Testing Detective
    Secure unissued access mechanisms. CC ID 06713 Technical Security Preventive
    Establish, implement, and maintain a lock and access mechanism inventory (keys, lock combinations, or key cards) for all physical access control systems. CC ID 00748
    [Keys or equivalent access mechanisms to server rooms, communications rooms and security containers are appropriately controlled. Security Control: 1074; Revision: 2]
    Establish/Maintain Documentation Preventive
    Change cipher lock codes, as necessary. CC ID 06651 Technical Security Preventive
    Record the assigned access mechanism serial number or cipher lock code when issuing controlled items. CC ID 06715 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a window security standard. CC ID 06689
    [{not be protected} When using infrared keyboards, the following activities are prevented: infrared keyboards operating in areas with unprotected windows. Security Control: 0223; Revision: 4; Bullet 4]
    Establish/Maintain Documentation Preventive
    Install contact alarms on openable windows, as necessary. CC ID 06690 Configuration Preventive
    Install glass break alarms on windows, as necessary. CC ID 06691 Configuration Preventive
    Post signs at all physical entry points stating the organization's right to inspect upon entry. CC ID 02204 Establish/Maintain Documentation Preventive
    Install and maintain security lighting at all physical entry points. CC ID 02205 Physical and Environmental Protection Preventive
    Manage access to loading docks, unloading docks, and mail rooms. CC ID 02210 Physical and Environmental Protection Preventive
    Secure the loading dock with physical access controls or security guards. CC ID 06703 Physical and Environmental Protection Preventive
    Isolate loading areas from information processing facilities, if possible. CC ID 12028 Physical and Environmental Protection Preventive
    Screen incoming mail and deliveries. CC ID 06719 Physical and Environmental Protection Preventive
    Protect access to the facility's mechanical systems area. CC ID 02212 Physical and Environmental Protection Preventive
    Establish, implement, and maintain elevator security guidelines. CC ID 02232 Physical and Environmental Protection Preventive
    Establish, implement, and maintain stairwell security guidelines. CC ID 02233 Physical and Environmental Protection Preventive
    Establish, implement, and maintain glass opening security guidelines. CC ID 02234 Physical and Environmental Protection Preventive
    Establish, implement, and maintain after hours facility access procedures. CC ID 06340 Establish/Maintain Documentation Preventive
    Establish a security room, if necessary. CC ID 00738 Physical and Environmental Protection Preventive
    Implement physical security standards for mainframe rooms or data centers. CC ID 00749
    [Servers and network devices are secured in server rooms or communications rooms that meet the requirements for a Security Zone or secure room suitable for their sensitivity or classification. Security Control: 1053; Revision: 2
    Server rooms, communications rooms and security containers are not left in unsecured states. Security Control: 0813; Revision: 3]
    Physical and Environmental Protection Preventive
    Establish and maintain equipment security cages in a shared space environment. CC ID 06711 Physical and Environmental Protection Preventive
    Secure systems in lockable equipment cabinets, as necessary. CC ID 06716
    [{lockable cabinet} Servers and network devices are secured in lockable commercial cabinets or security containers suitable for their sensitivity or classification taking into account protection afforded by the Security Zone or secure room they reside in. Security Control: 1530; Revision: 0]
    Physical and Environmental Protection Preventive
    Lock all lockable equipment cabinets. CC ID 11673 Physical and Environmental Protection Detective
    Establish, implement, and maintain vault physical security standards. CC ID 02203 Physical and Environmental Protection Preventive
    Establish, implement, and maintain a guideline for working in a secure area. CC ID 04538
    [{be the same} When using infrared keyboards, the following activities are prevented: multiple infrared keyboards for different systems being used in the same area Security Control: 0224; Revision: 4; Bullet 2]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain emergency re-entry procedures. CC ID 11672 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain emergency exit procedures. CC ID 01252 Establish/Maintain Documentation Preventive
    Establish, Implement, and maintain a camera operating policy. CC ID 15456 Establish/Maintain Documentation Preventive
    Disseminate and communicate the camera installation policy to interested personnel and affected parties. CC ID 15461 Communicate Preventive
    Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 Monitor and Evaluate Occurrences Detective
    Establish and maintain a visitor log. CC ID 00715 Log Management Preventive
    Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700 Establish/Maintain Documentation Preventive
    Report anomalies in the visitor log to appropriate personnel. CC ID 14755 Investigate Detective
    Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649 Behavior Preventive
    Record the visitor's name in the visitor log. CC ID 00557 Log Management Preventive
    Record the visitor's organization in the visitor log. CC ID 12121 Log Management Preventive
    Record the visitor's acceptable access areas in the visitor log. CC ID 12237 Log Management Preventive
    Record the date and time of entry in the visitor log. CC ID 13255 Establish/Maintain Documentation Preventive
    Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466 Establish/Maintain Documentation Preventive
    Retain all records in the visitor log as prescribed by law. CC ID 00572 Log Management Preventive
    Establish, implement, and maintain a physical access log. CC ID 12080 Establish/Maintain Documentation Preventive
    Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641 Log Management Preventive
    Log when the vault is accessed. CC ID 06725 Log Management Detective
    Log when the cabinet is accessed. CC ID 11674 Log Management Detective
    Store facility access logs in off-site storage. CC ID 06958 Log Management Preventive
    Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675 Monitor and Evaluate Occurrences Preventive
    Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328 Monitor and Evaluate Occurrences Detective
    Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609 Monitor and Evaluate Occurrences Detective
    Configure video cameras to cover all physical entry points. CC ID 06302 Configuration Preventive
    Configure video cameras to prevent physical tampering or disablement. CC ID 06303 Configuration Preventive
    Retain video events according to Records Management procedures. CC ID 06304 Records Management Preventive
    Monitor physical entry point alarms. CC ID 01639 Physical and Environmental Protection Detective
    Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677 Monitor and Evaluate Occurrences Detective
    Monitor for alarmed security doors being propped open. CC ID 06684 Monitor and Evaluate Occurrences Detective
    Establish, implement, and maintain physical security threat reports. CC ID 02207 Establish/Maintain Documentation Preventive
    Build and maintain fencing, as necessary. CC ID 02235 Physical and Environmental Protection Preventive
    Implement security measures for all interior spaces that allow for any payment transactions. CC ID 06352 Physical and Environmental Protection Preventive
    Employ security guards to provide physical security, as necessary. CC ID 06653 Establish Roles Preventive
    Establish, implement, and maintain a facility wall standard. CC ID 06692 Establish/Maintain Documentation Preventive
    Design interior walls with sound absorbing materials as well as thermal resistant materials. CC ID 06372 Physical and Environmental Protection Preventive
    Design interior walls that provide security to extend from true floor to true ceiling. CC ID 06693 Configuration Preventive
    Refrain from search and seizure inside organizational facilities absent a warrant. CC ID 09980 Behavior Preventive
    Disallow either search or seizure of any person inside organizational facilities absent a warrant. CC ID 09981 Behavior Preventive
    Disallow copying or excerpting from documents, books, or records that are on or in the premises of an organizational facility absent a warrant. CC ID 09982 Business Processes Preventive
    Disallow inspecting computers or searching computer records inside organizational facilities absent a warrant. CC ID 09983 Behavior Preventive
    Do nothing to help during a search and seizure inside organizational facilities absent a warrant and being legally compelled to assist. CC ID 09984 Behavior Preventive
    Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718
    [Physical security controls are implemented to protect network devices, especially those in public areas, from physical damage or unauthorised access. Security Control: 1296; Revision: 2
    ICT equipment and media are secured when not in use. Security Control: 0161; Revision: 5
    ICT equipment in TOP SECRET areas meets industry and government standards relating to electromagnetic interference/electromagnetic compatibility. Security Control: 0250; Revision: 3]
    Physical and Environmental Protection Preventive
    Control the transiting and internal distribution or external distribution of assets. CC ID 00963
    [Keyed CGCE is transported based on the sensitivity or classification of the keying material in it. Security Control: 0501; Revision: 4]
    Records Management Preventive
    Log the transiting, internal distribution, and external distribution of restricted storage media. CC ID 12321 Log Management Preventive
    Encrypt digital media containing sensitive information during transport outside controlled areas. CC ID 14258 Technical Security Preventive
    Obtain management authorization for restricted storage media transit or distribution from a controlled access area. CC ID 00964 Records Management Preventive
    Use locked containers to transport non-digital media outside of controlled areas. CC ID 14286 Physical and Environmental Protection Preventive
    Transport restricted media using a delivery method that can be tracked. CC ID 11777 Business Processes Preventive
    Track restricted storage media while it is in transit. CC ID 00967 Data and Information Management Detective
    Restrict physical access to distributed assets. CC ID 11865
    [Physical access to systems, supporting infrastructure and facilities is restricted to authorised personnel. P14:]
    Physical and Environmental Protection Preventive
    House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 Physical and Environmental Protection Preventive
    Protect electronic storage media with physical access controls. CC ID 00720
    [{physical control} Unauthorised media is prevented from connecting to systems via the use of device access control software, disabling connection ports, or by physical means. Security Control: 0342; Revision: 5]
    Physical and Environmental Protection Preventive
    Protect physical assets with earthquake-resistant mechanisms. CC ID 06360 Physical and Environmental Protection Preventive
    Establish, implement, and maintain a media protection policy. CC ID 14029 Establish/Maintain Documentation Preventive
    Include compliance requirements in the media protection policy. CC ID 14185 Establish/Maintain Documentation Preventive
    Include coordination amongst entities in the media protection policy. CC ID 14184 Establish/Maintain Documentation Preventive
    Include management commitment in the media protection policy. CC ID 14182 Establish/Maintain Documentation Preventive
    Include roles and responsibilities in the media protection policy. CC ID 14180 Establish/Maintain Documentation Preventive
    Include the scope in the media protection policy. CC ID 14167 Establish/Maintain Documentation Preventive
    Include the purpose in the media protection policy. CC ID 14166 Establish/Maintain Documentation Preventive
    Disseminate and communicate the media protection policy to interested personnel and affected parties. CC ID 14165 Communicate Preventive
    Establish, implement, and maintain media protection procedures. CC ID 14062 Establish/Maintain Documentation Preventive
    Disseminate and communicate the media protection procedures to interested personnel and affected parties. CC ID 14186 Communicate Preventive
    Establish, implement, and maintain removable storage media controls. CC ID 06680
    [Encryption software that has completed an ACE is used if an organisation wishes to reduce the physical storage or handling requirements for ICT equipment or media that contains classified information. Security Control: 0457; Revision: 5]
    Data and Information Management Preventive
    Control access to restricted storage media. CC ID 04889 Data and Information Management Preventive
    Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 Physical and Environmental Protection Preventive
    Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961
    [{geographically separate} Backups are stored at a multiple geographically-dispersed locations. Security Control: 1513; Revision: 0]
    Records Management Preventive
    Treat archive media as evidence. CC ID 00960 Records Management Preventive
    Log the transfer of removable storage media. CC ID 12322
    [{external device}The following events are logged for operating systems: transfer of data to and from external media Security Control: 0582; Revision: 6; Bullet 11]
    Log Management Preventive
    Establish, implement, and maintain storage media access control procedures. CC ID 00959 Establish/Maintain Documentation Preventive
    Require removable storage media be in the custody of an authorized individual. CC ID 12319 Behavior Preventive
    Control the storage of restricted storage media. CC ID 00965 Records Management Preventive
    Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717 Physical and Environmental Protection Preventive
    Protect the combinations for all combination locks. CC ID 02199 Physical and Environmental Protection Preventive
    Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200 Establish/Maintain Documentation Preventive
    Establish and maintain eavesdropping protection for vaults. CC ID 02231 Physical and Environmental Protection Preventive
    Serialize all removable storage media. CC ID 00949 Configuration Preventive
    Protect distributed assets against theft. CC ID 06799
    [{be overseas}{refrain from leaving unattended} Personnel take the following precautions when travelling overseas with mobile devices: never leaving devices or media unattended for any period of time, including by placing them in checked-in luggage or leaving them in hotel safes Security Control: 1299; Revision: 2; Bullet 1]
    Physical and Environmental Protection Preventive
    Include Information Technology assets in the asset removal policy. CC ID 13162 Establish/Maintain Documentation Preventive
    Specify the assets to be returned or removed in the asset removal policy. CC ID 13163 Establish/Maintain Documentation Preventive
    Disseminate and communicate the asset removal policy to interested personnel and affected parties. CC ID 13160 Communicate Preventive
    Establish, implement, and maintain asset removal procedures or asset decommissioning procedures. CC ID 04540 Establish/Maintain Documentation Preventive
    Prohibit assets from being taken off-site absent prior authorization. CC ID 12027 Process or Activity Preventive
    Control the delivery of assets through physical entry points and physical exit points. CC ID 01441 Physical and Environmental Protection Preventive
    Control the removal of assets through physical entry points and physical exit points. CC ID 11681 Physical and Environmental Protection Preventive
    Maintain records of all system components entering and exiting the facility. CC ID 14304 Log Management Preventive
    Establish, implement, and maintain on-site logical controls for all distributed assets. CC ID 11682
    [Security measures are implemented to prevent unauthorised access to network management traffic. Security Control: 1006; Revision: 6]
    Technical Security Preventive
    Establish, implement, and maintain off-site logical controls for all distributed assets. CC ID 11683 Technical Security Preventive
    Establish, implement, and maintain on-site physical controls for all distributed assets. CC ID 04820 Physical and Environmental Protection Preventive
    Establish, implement, and maintain off-site physical controls for all distributed assets. CC ID 04539 Physical and Environmental Protection Preventive
    Establish, implement, and maintain missing asset reporting procedures. CC ID 06336 Establish/Maintain Documentation Preventive
    Attach asset location technologies to distributed assets. CC ID 10626 Physical and Environmental Protection Detective
    Employ asset location technologies in accordance with applicable laws and regulations. CC ID 10627
    [{be overseas}{remote wipe}Before travelling overseas with mobile devices, personnel take the following actions: configure remote locate and wipe functionality Security Control: 1555; Revision: 0; Bullet 5]
    Physical and Environmental Protection Preventive
    Monitor the location of distributed assets. CC ID 11684 Monitor and Evaluate Occurrences Detective
    Remote lock any distributed assets reported lost or stolen. CC ID 14008 Technical Security Corrective
    Remote wipe any distributed asset reported lost or stolen. CC ID 12197 Process or Activity Corrective
    Unpair missing Bluetooth devices. CC ID 12428 Physical and Environmental Protection Corrective
    Establish, implement, and maintain end user computing device security guidelines. CC ID 00719
    [Fax machines and MFDs are located in areas where their use can be observed. Security Control: 1036; Revision: 3]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a locking screen saver policy. CC ID 06717
    [Systems are configured with a session or screen lock that: completely conceals all information on the screen Security Control: 0428; Revision: 6; Bullet 2]
    Establish/Maintain Documentation Preventive
    Secure workstations to desks with security cables. CC ID 04724 Physical and Environmental Protection Preventive
    Establish, implement, and maintain a mobile device management program. CC ID 15212 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a mobile device management policy. CC ID 15214
    [A mobile device management policy is developed and implemented. Security Control: 1533; Revision: 2]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain mobile device security guidelines. CC ID 04723
    [{refrain from storing}{refrain from communicating} Mobile devices do not process, store or communicate TOP SECRET information unless explicitly approved by the ACSC to do so. Security Control: 0687; Revision: 5
    {company-issued mobile device} Personnel accessing official or classified systems or information using an organisation-owned mobile device use an ACSC approved platform with a security configuration in accordance with ACSC guidance. Security Control: 1482; Revision: 3
    Web browsing from mobile devices is conducted through an organisation's internet gateway rather than via a direct connection to the internet. Security Control: 0874; Revision: 4
    {be overseas}{refrain from using}{not be trusted} Personnel take the following precautions when travelling overseas with mobile devices: never using designated charging stations, wall outlet charging ports or chargers supplied by untrusted people Security Control: 1299; Revision: 2; Bullet 5
    Privacy filters are applied to the screens of highly classified mobile devices. Security Control: 1145; Revision: 3]
    Establish/Maintain Documentation Preventive
    Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242 Data and Information Management Preventive
    Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292 Establish/Maintain Documentation Preventive
    Include legal requirements in the mobile device security guidelines. CC ID 12291 Establish/Maintain Documentation Preventive
    Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290 Establish/Maintain Documentation Preventive
    Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289
    [{be overseas}Before travelling overseas with mobile devices, personnel take the following actions: backup all important data and configuration settings. Security Control: 1555; Revision: 0; Bullet 7]
    Establish/Maintain Documentation Preventive
    Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288 Establish/Maintain Documentation Preventive
    Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430 Physical and Environmental Protection Preventive
    Refrain from pairing bluetooth devices in unsecured areas. CC ID 12429
    [Bluetooth and wireless keyboards are not used unless in an RF screened building. Security Control: 1058; Revision: 2]
    Physical and Environmental Protection Preventive
    Encrypt information stored on mobile devices. CC ID 01422
    [{approved cryptography} All information on mobile devices is encrypted using at least an Australian Signals Directorate Approved Cryptographic Algorithm. Security Control: 0869; Revision: 3
    {be overseas}Before travelling overseas with mobile devices, personnel take the following actions: enable encryption, including for any media used Security Control: 1555; Revision: 0; Bullet 6]
    Data and Information Management Preventive
    Remove dormant systems from the network, as necessary. CC ID 13727 Process or Activity Corrective
    Separate systems that transmit, process, or store restricted data from those that do not by deploying physical access controls. CC ID 00722
    [{cryptographic control} Areas in which HACE is used are separated from other areas and designated as a cryptographic controlled area. Security Control: 0506; Revision: 3
    An evaluated peripheral switch is used when accessing a system containing AUSTEO or AGAO information and a system of the same classification that is not authorised to process the same caveat. Security Control: 0594; Revision: 4]
    Physical and Environmental Protection Preventive
    Secure computer monitors from unauthorized viewing. CC ID 01437 Physical and Environmental Protection Preventive
    Establish, implement, and maintain asset return procedures. CC ID 04537 Establish/Maintain Documentation Preventive
    Request the return of all appropriate assets upon notification of a personnel status change. CC ID 06678 Behavior Preventive
    Require the return of all assets upon notification an individual is terminated. CC ID 06679 Behavior Preventive
    Prohibit the use of recording devices near restricted data or restricted information, absent authorization. CC ID 04598 Behavior Preventive
    Prohibit usage of cell phones near restricted data or restricted information, absent authorization. CC ID 06354 Behavior Preventive
    Prohibit mobile device usage near restricted data or restricted information, absent authorization. CC ID 04597
    [{employee-owned device}{official information} Legal advice is sought prior to allowing privately-owned mobile devices to access official or classified systems or information. Security Control: 1297; Revision: 2]
    Behavior Preventive
    Prohibit wireless technology usage near restricted data or restricted information, absent authorization. CC ID 08706
    [{not be authorized}{SECRET area} Security measures are used to detect and respond to unauthorised RF devices in SECRET and TOP SECRET areas. Security Control: 0829; Revision: 4
    {not be authorized}{SECRET area} Unauthorised RF devices are not brought into SECRET and TOP SECRET areas. Security Control: 0225; Revision: 2
    If IP phones are used in public areas, their ability to access data networks, voicemail and directory services are prevented. Security Control: 0558; Revision: 5
    {transmitted}When using infrared keyboards, the following activities are prevented: line of sight and reflected communications travelling into unsecured spaces Security Control: 0224; Revision: 4; Bullet 1
    {be the same} When using infrared keyboards, the following activities are prevented: multiple infrared keyboards for different systems being used in the same area Security Control: 0223; Revision: 4; Bullet 2
    {transmitted}{not be secure}When using infrared keyboards, the following activities are prevented: line of sight and reflected communications travelling into unsecured spaces Security Control: 0223; Revision: 4; Bullet 1
    When using infrared keyboards, the following activities are prevented: infrared keyboards operating in areas with windows that have not had a permanent method of blocking infrared transmissions applied to them. Security Control: 0224; Revision: 4; Bullet 4
    Wireless RF pointing devices are not used in TOP SECRET areas unless used in an RF screened building. Security Control: 0221; Revision: 2
    {be the same}When using infrared keyboards, the following activities are prevented: other infrared devices being used in the same area Security Control: 0224; Revision: 4; Bullet 3
    {be the same}When using infrared keyboards, the following activities are prevented: other infrared devices being used in the same area Security Control: 0223; Revision: 4; Bullet 3]
    Configuration Preventive
    Inspect mobile devices for the storage of restricted data or restricted information. CC ID 08707
    [Mobile devices are kept under continual direct supervision when being actively used. Security Control: 0871; Revision: 3]
    Investigate Detective
    Log an incident if unauthorized restricted data or unauthorized restricted information is discovered on a mobile device. CC ID 08708 Monitor and Evaluate Occurrences Corrective
    Establish, implement, and maintain open storage container procedures. CC ID 02198 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a clean desk policy. CC ID 06534 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a clear screen policy. CC ID 12436 Technical Security Preventive
    Establish, implement, and maintain contact card reader security guidelines. CC ID 06588 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain contactless card reader security guidelines. CC ID 06589 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain Personal Identification Number input device security guidelines. CC ID 06590 Establish/Maintain Documentation Preventive
    Identify customer property within the organizational facility. CC ID 06612 Physical and Environmental Protection Preventive
    Protect customer property under the care of the organization. CC ID 11685 Physical and Environmental Protection Preventive
    Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 Technical Security Preventive
    Provide a physical disconnect of collaborative computing devices in a way that supports ease of use. CC ID 06769 Configuration Preventive
    Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 Technical Security Preventive
    Provide storage media shelving capable of bearing all potential loads. CC ID 11400 Physical and Environmental Protection Preventive
    Install and protect network cabling. CC ID 08624
    [Cables from cable trays to wall outlet boxes are run in flexible or plastic conduit. Security Control: 1115; Revision: 4
    {applicable requirements} Cabling infrastructure is installed in accordance with relevant Australian Standards, as directed by the Australian Communications and Media Authority. Security Control: 0181; Revision: 3]
    Physical and Environmental Protection Preventive
    Control physical access to network cables. CC ID 00723 Process or Activity Preventive
    Install and protect fiber optic cable, as necessary. CC ID 08625
    [Fibre-optic cables are used for cabling infrastructure instead of copper cables. Security Control: 1111; Revision: 3]
    Physical and Environmental Protection Preventive
    Restrict fiber optic cables to carry only specific security classification traffic. CC ID 08628
    [With fibre-optic cables, the fibres in the sheath only carry a single cable group. Security Control: 0189; Revision: 3
    {be different} With fibre-optic cables contains subunits, each subunit only carries a single cable group; however, each subunit can carry a different cable group. Security Control: 0190; Revision: 3]
    Physical and Environmental Protection Preventive
    Restrict the length of fiber optic flying leads to 5 meters. CC ID 08639 Physical and Environmental Protection Detective
    Label fiber optic flying leads according to security classification of data being carried over the fiber optic cables. CC ID 08640
    [{security classification}{be appropriate} The cable groups in the following table are used. 1 OFFICIAL, PROTECTED; 2 SECRET; 3 TOP SECRET. Security Control: 0187; Revision: 6
    {cable identification number}Cable registers contain the following information: cable identifier Security Control: 0208; Revision: 5; Bullet 1
    Cable registers contain the following information: sensitivity/classification Security Control: 0208; Revision: 5; Bullet 3
    {designated}{security classification} The cable colours in the following table are used. TOP SECRET Red; SECRET Salmon pink; PROTECTED Any colour (except red or salmon pink); OFFICIAL Any colour (except red or salmon pink). Security Control: 0926; Revision: 8
    {not conform}{be appropriate} Cables with non-conformant cable colouring are both banded with the appropriate colour and labelled at inspection points. Security Control: 1216; Revision: 2]
    Physical and Environmental Protection Preventive
    Install network cable in a way that allows ease of inspecting. CC ID 08626
    [If fibre-optic fly leads exceeding five metres in length are used to connect wall outlet boxes to ICT equipment, they are run in a protective and easily inspected pathway that is clearly labelled at the ICT equipment end with the wall outlet box's identifier. Security Control: 0218; Revision: 5
    In non-shared government facilities, cables are inspectable at a minimum of five-metre intervals. Security Control: 1112; Revision: 2
    {location}{not be}{TOP SECRET security classification} In non-TOP SECRET areas of shared government facilities, cables are inspectable at a minimum of five-metre intervals. Security Control: 1118; Revision: 1
    In TOP SECRET areas of shared government facilities, cables are fully inspectable for their entire length. Security Control: 1119; Revision: 1
    {location}{be lower}{TOP SECRET security classification} In non-TOP SECRET areas of shared non-government facilities, cables are inspectable at a minimum of five-metre intervals. Security Control: 1126; Revision: 1
    In TOP SECRET areas of shared non-government facilities, cables are fully inspectable for their entire length. Security Control: 0184; Revision: 2
    {be transparent} In shared non-government facilities, conduits or the front covers of ducts, cable trays in floors and ceilings, and associated fittings are clear plastic. Security Control: 1164; Revision: 2]
    Physical and Environmental Protection Preventive
    Inspect network cabling at distances determined by security classification. CC ID 08644 Physical and Environmental Protection Detective
    Bundle network cables together at each inspection point by security classification of data being carried over that cable. CC ID 08649
    [{not conform}{be appropriate} Cables with non-conformant cable colouring are both >bandedan> with the appropriate colour and labelled at inspection points. Security Control: 1216; Revision: 2]
    Physical and Environmental Protection Preventive
    Establish and maintain security classifications for network cabling. CC ID 08627 Establish/Maintain Documentation Preventive
    Label conduit according to security classification of data being carried over the network cable inside the conduit. CC ID 08630
    [{TOP SECRET security classification}{in accordance with}{applicable requirements} Labels for TOP SECRET conduits are a minimum size of 2.5 cm x 1 cm, attached at five-metre intervals and marked as 'TS RUN'. Security Control: 0201; Revision: 3
    {TOP SECRET security classification}{in accordance with}{applicable requirements} Labels for TOP SECRET conduits are a minimum size of 2.5 cm x 1 cm, attached at five-metre intervals and marked as 'TS RUN'. Security Control: 0201; Revision: 3
    A cable labelling process, and supporting cable labelling procedures, is developed and implemented. Security Control: 0206; Revision: 5
    A cable labelling process, and supporting cable labelling procedures, is developed and implemented. Security Control: 0206; Revision: 5]
    Physical and Environmental Protection Preventive
    Label each end of a network cable run. CC ID 08632
    [Cable registers contain the following information: destination Security Control: 0208; Revision: 5; Bullet 5
    Cable registers contain the following information: source Security Control: 0208; Revision: 5; Bullet 4
    {source address}{destination address} Cables are labelled at each end with sufficient source and destination details to enable the physical identification and inspection of the cable. Security Control: 1096; Revision: 2
    Cables for foreign systems installed in Australian facilities are labelled at inspection points. Security Control: 1640; Revision: 0]
    Physical and Environmental Protection Preventive
    Terminate approved network cables on the patch panel. CC ID 08633
    [{designated locations}{proximity} In non-TOP SECRET areas, cable reticulation systems leading into cabinets are terminated as close as possible to the cabinet. Security Control: 1102; Revision: 2]
    Physical and Environmental Protection Preventive
    Establish and maintain documentation for network cabling schemes. CC ID 08641 Establish/Maintain Documentation Preventive
    Prevent installing network cabling inside walls shared with third parties. CC ID 08648
    [In shared non-government facilities, cables are not run in party walls. Security Control: 1133; Revision: 2]
    Physical and Environmental Protection Preventive
    Install network cabling specifically for maintenance purposes. CC ID 10613 Physical and Environmental Protection Preventive
    Install and maintain network jacks and outlet boxes. CC ID 08635
    [{be transparent} Wall outlet box covers are clear plastic. Security Control: 1109; Revision: 3
    {be opposite}{be different} Wall outlet boxes have connectors on opposite sides of the wall outlet box if the cable group contains cables belonging to different classifications. Security Control: 1104; Revision: 3]
    Physical and Environmental Protection Preventive
    Implement physical controls to restrict access to publicly accessible network jacks. CC ID 11989 Physical and Environmental Protection Preventive
    Label network cabling outlet boxes. CC ID 08631
    [Wall outlet boxes denote the classifications, cable identifiers and wall outlet box identifier. Security Control: 1095; Revision: 4
    Wall outlet boxes denote the classifications, cable identifiers and wall outlet box identifier. Security Control: 1095; Revision: 4]
    Physical and Environmental Protection Preventive
    Enable network jacks at the patch panel, as necessary. CC ID 06305 Configuration Preventive
    Implement logical controls to enable network jacks, as necessary. CC ID 11934 Physical and Environmental Protection Preventive
    Identify network jacks by security classification according to security classification of data being carried over the cable. CC ID 08634 Physical and Environmental Protection Preventive
    Identify network cable faceplates by security classification according to security classification of data being carried over the cable. CC ID 08643 Physical and Environmental Protection Preventive
    Install and maintain network patch panels. CC ID 08636
    [{security classification}{be lower}{be the same}{TOP SECRET security classification}Where spatial constraints demand patch panels of lower classifications than TOP SECRET be located in the same cabinet as a TOP SECRET patch panel: approval from the TOP SECRET system's authorising officer is obtained prior to installation. Security Control: 0217; Revision: 4; Bullet 3]
    Physical and Environmental Protection Preventive
    Separate network patch panels in different network cabinets according to security classification of data being carried over the cables. CC ID 08637
    [{be lower} There is a visible gap between TOP SECRET cabinets and cabinets of lower classifications. Security Control: 1116; Revision: 3
    {TOP SECRET security classification}{physical separation} TOP SECRET and non-TOP SECRET patch panels are physically separated by installing them in separate cabinets. Security Control: 0216; Revision: 2
    {be different}{grouping} Different cables groups do not share a wall outlet box. Security Control: 1105; Revision: 3]
    Physical and Environmental Protection Preventive
    Assign access to network patch panels on a need to know basis. CC ID 08638
    [{security classification}{be lower}{be the same}{TOP SECRET security classification}Where spatial constraints demand patch panels of lower classifications than TOP SECRET be located in the same cabinet as a TOP SECRET patch panel: only personnel holding a Positive Vetting security clearance have access to the cabinet Security Control: 0217; Revision: 4; Bullet 2]
    Physical and Environmental Protection Preventive
    Encase network cabling in conduit or closed cable reticulation systems, as necessary. CC ID 08647
    [{designated}{corresponding}{security classifications} The wall outlet box colours in the following table are used. TOP SECRET Red; SECRET Salmon pink; PROTECTED Any colour (except red or salmon pink); OFFICIAL Any colour (except red or salmon pink). Security Control: 1107; Revision: 4
    In shared government facilities, where wall penetrations exit into a lower classified space, cables are encased in conduit with all gaps between the conduit and the wall filled with an appropriate sealing compound. Security Control: 1122; Revision: 1
    In shared non-government facilities, where wall penetrations exit into a lower classified space, cables are encased in conduit with all gaps between the conduit and the wall filled with an appropriate sealing compound. Security Control: 1134; Revision: 1]
    Physical and Environmental Protection Preventive
    Install conduit on walls connecting to network cable outlet boxes, as necessary. CC ID 08646
    [{TOP SECRET security classification}{in accordance with}{applicable requirements} Labels for TOP SECRET conduits are a minimum size of 2.5 cm x 1 cm, attached at five-metre intervals and marked as 'TS RUN'. Security Control: 0201; Revision: 3]
    Physical and Environmental Protection Preventive
    Seal data conduit couplings and data conduit fitting bodies. CC ID 08629
    [{be visible} In shared non-government facilities, a visible smear of conduit glue is used to seal all plastic conduit joints and conduit runs connected by threaded lock nuts. Security Control: 0194; Revision: 2]
    Physical and Environmental Protection Preventive
    Install cable reticulation systems as close to the network cabinets as possible. CC ID 08642
    [{proximity} In TOP SECRET areas, cable reticulation systems leading into cabinets in a secure communications or server room are terminated as close as possible to the cabinet. Security Control: 1101; Revision: 2
    {not be secure} In TOP SECRET areas, cable reticulation systems leading into cabinets not in a secure communications or server room are terminated at the boundary of the cabinet. Security Control: 1103; Revision: 2
    Cables are terminated in individual cabinets; or for small systems, one cabinet with a division plate to delineate cable groups. Security Control: 1098; Revision: 3
    In shared non-government facilities, cables are run in an enclosed cable reticulation system. Security Control: 1130; Revision: 3]
    Physical and Environmental Protection Preventive
    Partition cable bundles in cable reticulation systems by security classification of data being carried over the network cable. CC ID 08645
    [{TOP SECRET security classification} TOP SECRET cables are terminated in an individual TOP SECRET cabinet Security Control: 1100; Revision: 1
    {be different}{be the same} Different cable groups do not terminate on the same patch panel. Security Control: 0213; Revision: 3
    {security classification}{be lower}{be the same}{TOP SECRET security classification}Where spatial constraints demand patch panels of lower classifications than TOP SECRET be located in the same cabinet as a TOP SECRET patch panel: a physical barrier in the cabinet is provided to separate patch panels Security Control: 0217; Revision: 4; Bullet 1
    {TOP SECRET security classification} In TOP SECRET areas of shared government facilities, a power distribution board with a feed from an Uninterruptible Power Supply is used to power all TOP SECRET ICT equipment. Security Control: 1123; Revision: 2
    Cable groups sharing a common cable reticulation system have a dividing partition or a visible gap between the cable groups. Security Control: 1114; Revision: 3]
    Physical and Environmental Protection Preventive
  • Privacy protection for information and data
    18
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Privacy protection for information and data CC ID 00008 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a privacy framework that protects restricted data. CC ID 11850 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a personal data use limitation program. CC ID 13428 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain restricted data use limitation procedures. CC ID 00128 Establish/Maintain Documentation Preventive
    Process restricted data lawfully and carefully. CC ID 00086 Establish Roles Preventive
    Process traffic data in a controlled manner. CC ID 00130
    [{be inspectable}{be auditable} Information communicated between different systems is controlled, inspectable and auditable. P8:]
    Data and Information Management Preventive
    Establish, implement, and maintain a data handling program. CC ID 13427 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain data handling policies. CC ID 00353 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain data and information confidentiality policies. CC ID 00361 Establish/Maintain Documentation Preventive
    Limit data leakage. CC ID 00356 Data and Information Management Preventive
    Identify potential red flags to alert the organization before a data leakage has occurred. CC ID 04654 Monitor and Evaluate Occurrences Preventive
    Establish, implement, and maintain suspicious user account activity procedures. CC ID 04854 Monitor and Evaluate Occurrences Detective
    Review accounts that are changed for additional user requests. CC ID 11846
    [Break glass accounts are tested after credentials are changed. Security Control: 1615; Revision: 0]
    Monitor and Evaluate Occurrences Detective
    Establish, implement, and maintain a telephone systems usage policy. CC ID 15170
    [{refrain from enabling}{be the same} A direct connection from an MFD to a digital telephone system is not enabled unless the digital telephone system is authorised to operate at the same sensitivity or color:#F0BBBC;" class="term_primary-noun">classification as the network to which the MFD is term_secondary-verb">connected. Security Control: 0245; Revision: 5]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain caller identification controls. CC ID 04790
    [{be different}{visual signal} When permitting different levels of conversation for different kinds of connections, telephone systems give a visual indication of what kind of connection has been made. Security Control: 0231; Revision: 1
    IP phones authenticate themselves to the call controller upon registration Security Control: 0551; Revision: 7; Bullet 1
    Authentication and authorisation is used for all actions on a video conferencing network, including call setup and changing settings. Security Control: 0553; Revision: 3
    {mutual authentication} An encrypted and non-replayable two-way authentication scheme is used for call authentication and authorisation. Security Control: 0554; Revision: 1
    {unique identifier} Individual logins are used for IP phones. Security Control: 1014; Revision: 5
    Authentication and authorisation is used for all actions on an IP telephony network, including registering a new IP phone, changing phone users, changing settings and accessing voicemail. Security Control: 0555; Revision: 3]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an anti-spam policy. CC ID 00283 Establish/Maintain Documentation Preventive
    Include that commercial electronic messages may be sent to an individual in any situation where the sender has prior consent from the individual or another existing business relationship in the anti-spam policy. CC ID 00300 Establish/Maintain Documentation Preventive
    Send commercial electronic messages to individuals who have an existing relationship with the organization. CC ID 00301
    [{Australian Eyes Only information} Emails containing AUSTEO, AGAO or REL information are only sent to named recipients and not to groups or distribution lists unless the nationality of all members of the distribution lists can be confirmed. Security Control: 0269; Revision: 3]
    Behavior Preventive
  • Records management
    84
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Records management CC ID 00902 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain records management policies. CC ID 00903 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a record classification scheme. CC ID 00914 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain electronic signature requirements. CC ID 06219 Establish/Maintain Documentation Preventive
    Allow electronic signatures to satisfy requirements for written signatures, as necessary. CC ID 11807
    [{be overseas}{high risk area}If travelling overseas with mobile devices to high/extreme risk countries, personnel are: advised to avoid taking any personal devices, especially if rooted or jailbroken. Security Control: 1554; Revision: 0; Bullet 3]
    Records Management Preventive
    Allow authorized parties to authenticate electronic records with electronic signatures. CC ID 11964 Technical Security Preventive
    Allow authorized parties to authenticate transactions with electronic signatures. CC ID 11963 Technical Security Preventive
    Define each system's preservation requirements for records and logs. CC ID 00904 Establish/Maintain Documentation Detective
    Establish, implement, and maintain a data retention program. CC ID 00906
    [A digital preservation policy is developed and implemented. Security Control: 1510; Revision: 1]
    Establish/Maintain Documentation Detective
    Remove dormant data from systems, as necessary. CC ID 13726 Process or Activity Preventive
    Select the appropriate format for archived data and records. CC ID 06320 Data and Information Management Preventive
    Archive appropriate records, logs, and database tables. CC ID 06321 Records Management Preventive
    Maintain continued integrity for all stored data and stored records. CC ID 00969 Testing Detective
    Archive document metadata in a fashion that allows for future reading of the metadata. CC ID 10060 Data and Information Management Preventive
    Store personal data that is retained for long periods after use on a separate server or media. CC ID 12314 Data and Information Management Preventive
    Determine how long to keep records and logs before disposing them. CC ID 11661 Process or Activity Preventive
    Retain records in accordance with applicable requirements. CC ID 00968
    [{be successful} Post-incident analysis is performed for successful targeted cyber intrusions; this includes storing full network traffic for at least seven days after a targeted cyber intrusion. Security Control: 1213; Revision: 1
    {stipulated time frame}{applicable requirement} Event logs are retained for a minimum of 7 years in accordance with the National Archives of Australia's Administrative Functions Disposal Authority Express Version 2 publication. Security Control: 0859; Revision: 3
    {stipulated time frame} DNS and proxy logs are retained for at least 18 months. Security Control: 0991; Revision: 4
    {highly classified information}{be non-volatile} Following sanitisation, highly classified non-volatile flash memory media retains its classification. Security Control: 0360; Revision: 5]
    Records Management Preventive
    Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657
    [SCEC or ASIO approved equipment is used when destroying media. Security Control: 1361; Revision: 1
    {media destruction} Personnel supervising the destruction of media supervise the handling of the media to the point of destruction and ensure that the destruction is completed successfully. Security Control: 0371; Revision: 3
    A media disposal process, and supporting media disposal procedures, is developed and implemented. Security Control: 0374; Revision: 2
    A media destruction process, and supporting media destruction procedures, is developed and implemented. Security Control: 0363; Revision: 2
    {media destruction} The resulting waste for all destruction methods, except for furnace/incinerator and degausser, is stored and handled as per the following table. 1. Initial Media Handling: TOP SECRET. Screen Aperture Size Particles Can Pass Through: Less Than or Equal to 3 mm OFFICIAL; Less Than or Equal to 6 mm SECRET; Less Than or Equal to 9 mm SECRET. 2. Initial Media Handling: SECRET. Screen Aperture Size Particles Can Pass Through: Less Than or Equal to 3 mm OFFICIAL; Less Than or Equal to 6 mm PROTECTED; Less Than or Equal to 9 mm SECRET. 3. Initial Media Handling: PROTECTED. Screen Aperture Size Particles Can Pass Through: Less Than or Equal to 3 mm OFFICIAL; Less Than or Equal to 6 mm OFFICIAL; Less Than or Equal to 9 mm OFFICIAL. 4. Initial Media Handling: OFFICIAL: Sensitive. Screen Aperture Size Particles Can Pass Through: Less Than or Equal to 3 mm OFFICIAL; Less Than or Equal to 6 mm OFFICIAL; Less Than or Equal to 9 mm OFFICIAL. 5. Initial Media Handling: OFFICIAL. Screen Aperture Size Particles Can Pass Through: Less Than or Equal to 3 mm OFFICIAL; Less Than or Equal to 6 mm OFFICIAL; Less Than or Equal to 9 mm OFFICIAL. Security Control: 0368; Revision: 6
    A mobile device emergency sanitisation process, and supporting mobile device emergency sanitisation procedures, is developed and implemented. Security Control: 0701; Revision: 4
    A mobile device emergency sanitisation process, and supporting mobile device emergency sanitisation procedures, is developed and implemented. Security Control: 0701; Revision: 4
    {accountable material}{media destruction} Personnel supervising the destruction of accountable media supervise the handling of the material to the point of destruction, ensure that the destruction is completed successfully and sign a destruction certificate afterwards. Security Control: 0373; Revision: 3
    {accountable material}{media destruction} Personnel supervising the destruction of accountable media supervise the handling of the material to the point of destruction, ensure that the destruction is completed successfully and sign a destruction certificate afterwards. Security Control: 0373; Revision: 3
    {be non-volatile}{highly classified media} Following sanitisation, highly classified non-volatile magnetic media retains its classification. Security Control: 0356; Revision: 5
    {Top Secret information}{media destruction} The destruction of TOP SECRET media or accountable material is not outsourced. Security Control: 0839; Revision: 2]
    Establish/Maintain Documentation Preventive
    Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643
    [If reclassifying media to a lower sensitivity or classification, the reclassification of all information on the media has been approved by the originator, or the media has been appropriately sanitised/destroyed and a formal administrative decision has been made to reclassify it. Security Control: 0330; Revision: 3
    Media is sanitised before it is used with systems for the first time. Security Control: 1600; Revision: 0
    Memory in network devices is sanitised using the following processes, in order of preference: following device-specific guidance provided by the ACSC Security Control: 1223; Revision: 4; Bullet 1
    A media sanitisation process, and supporting media sanitisation procedures, is developed and implemented. Security Control: 0348; Revision: 3
    If not using write-once media for transferring data manually between two systems belonging to different security domains, the media is sanitised between each data transfer. Security Control: 0947; Revision: 5
    An ICT equipment sanitisation process, and supporting ICT equipment sanitisation procedures, is developed and implemented. Security Control: 0313; Revision: 4
    An ICT equipment sanitisation process, and supporting ICT equipment sanitisation procedures, is developed and implemented. Security Control: 0313; Revision: 4
    {be overseas}{Australian Eyes Only information}{be in situ} ICT equipment, including associated media, that is located overseas and has processed or stored AUSTEO or AGAO information is sanitised in situ. Security Control: 1218; Revision: 2
    Following destruction of magnetic media using a degausser, the magnetic media is physically damaged by deforming the internal platters by any means prior to disposal. Security Control: 1641; Revision: 0
    When disposing of ICT equipment containing media, the ICT equipment is sanitised by sanitising the media within the ICT equipment, removing the media from the ICT equipment or destroying the ICT equipment in its entirety. Security Control: 0311; Revision: 5
    {sanitization requirement} Where a consumer guide for evaluated encryption software exists, the sanitisation and post-sanitisation requirements stated in the consumer guide are followed. Security Control: 1464; Revision: 1
    {non-volatile media} The host-protected area and device configuration overlay table of non-volatile magnetic media is reset prior to sanitisation. Security Control: 1065; Revision: 2]
    Data and Information Management Preventive
    Degauss as a method of sanitizing electronic storage media. CC ID 00973
    [If using degaussers to destroy media, degaussers evaluated by the United States' National Security Agency are used. Security Control: 1160; Revision: 2
    {non-volatile media}{randomize} Non-volatile flash memory media is sanitised by overwriting the media at least twice in its entirety with a random pattern followed by a read back for verification. Security Control: 0359; Revision: 3
    {non-volatile media}{randomize} Non-volatile EEPROM media is sanitised by overwriting the media at least once in its entirety with a random pattern followed by a read back for verification. Security Control: 0836; Revision: 2
    {non-volatile media} Non-volatile magnetic media is sanitised by booting from separate media to the media being sanitised and then overwriting the media at least once (or three times if pre-2001 or under 15 Gigabytes) in its entirety with a random pattern followed by a read back for verification. Security Control: 0354; Revision: 5
    {randomize} Volatile media is sanitised by removing power from the media for at least 10 minutes or by overwriting all locations on the media with a random pattern followed by a read back for verification. Security Control: 0351; Revision: 5
    {randomize} Volatile media is sanitised by removing power from the media for at least 10 minutes or by overwriting all locations on the media with a random pattern followed by a read back for verification. Security Control: 0351; Revision: 5
    {randomize} Volatile media is sanitised by overwriting the media at least once in its entirety with a random pattern, followed by a read back for verification, and then followed by removing power from the media for at least 10 minutes. Security Control: 0352; Revision: 3
    {be sufficient} A degausser of sufficient field strength for the coercivity of the magnetic media is used, with the field strength being checked at regular intervals. Security Control: 0361; Revision: 3
    {be capable} A degausser capable of the magnetic orientation (longitudinal or perpendicular) of the magnetic media is used. Security Control: 0838; Revision: 2
    {be non-volatile}{erasable programmable read-only memory}{be random} Non-volatile EPROM media is sanitised by erasing the media in accordance with the manufacturer's specification, increasing the specified ultraviolet erasure time by a factor of three, then overwriting the media at least once in its entirety with a random pattern followed by a read back for verification. Security Control: 0357; Revision: 4
    {be non-volatile}{erasable programmable read-only memory}{be random} Non-volatile EPROM media is sanitised by erasing the media in accordance with the manufacturer's specification, increasing the specified ultraviolet erasure time by a factor of three, then overwriting the media at least once in its entirety with a random pattern followed by a read back for verification. Security Control: 0357; Revision: 4]
    Records Management Preventive
    Destroy electronic storage media following the storage media disposition and destruction procedures. CC ID 00970
    [When disposing of high assurance ICT equipment, it is destroyed prior to its disposal. Security Control: 0315; Revision: 6
    The destruction of accountable material is performed under the supervision of at least two personnel cleared to the sensitivity or classification of the media being destroyed. Security Control: 0372; Revision: 4
    The following media types are destroyed prior to disposal as they cannot be sanitised: microfiche and microfilm Security Control: 0350; Revision: 4; Bullet 1
    The following media types are destroyed prior to disposal as they cannot be sanitised: faulty media that cannot be successfully sanitised. Security Control: 0350; Revision: 4; Bullet 6
    One of the methods in the following table is used to destroy media. Destruction Methods: 1. Furnace/ Incinerator: Electrostatic memory devices, Magnetic floppy disks, Magnetic hard disks, Magnetic tapes, Optical disks, Semiconductor memory; 2. Hammer Mill: Electrostatic memory devices, Magnetic floppy disks, Magnetic hard disks, Magnetic tapes, Optical disks, Semiconductor memory; 3. Disintegrator: Electrostatic memory devices, Magnetic floppy disks, Magnetic hard disks, Magnetic tapes, Optical disks, Semiconductor memory; 4. Grinder/ Sander: Electrostatic memory devices, Magnetic hard disks, Optical disks; 5. Cutting: Magnetic floppy disks, Magnetic tapes, Optical disks; 6. Degausser: Magnetic floppy disks, Magnetic hard disks, Magnetic tapes. Security Control: 0366; Revision: 2
    Any product-specific directions provided by degausser manufacturers are followed. Security Control: 0362; Revision: 3
    {media destruction} The destruction of media is performed under the supervision of at least one person cleared to the sensitivity or classification of the media being destroyed. Security Control: 0370; Revision: 4
    The following media types are destroyed prior to disposal as they cannot be sanitised: optical discs Security Control: 0350; Revision: 4; Bullet 2
    The following media types are destroyed prior to disposal as they cannot be sanitised: other types of media that cannot be sanitised Security Control: 0350; Revision: 4; Bullet 5
    Equipment that is capable of reducing microform to a fine powder, with resultant particles not showing more than five consecutive characters per particle upon microscopic inspection, is used to destroy microfiche and microfilm. Security Control: 1517; Revision: 0
    The following media types are destroyed prior to disposal as they cannot be sanitised: read-only memory Security Control: 0350; Revision: 4; Bullet 4
    {be overseas}{Australian Eyes Only information}{cannot achieve}{be in situ} ICT equipment, including associated media, that is located overseas and has processed or stored AUSTEO or AGAO information that cannot be sanitised in situ is returned to Australia for destruction. Security Control: 0312; Revision: 4
    The following media types are destroyed prior to disposal as they cannot be sanitised: programmable read-only memory Security Control: 0350; Revision: 4; Bullet 3
    {vendor documentation} Memory in network devices is sanitised using the following processes, in order of preference: following vendor sanitisation guidance Security Control: 1223; Revision: 4; Bullet 2]
    Testing Detective
    Maintain media sanitization equipment in operational condition. CC ID 00721
    [{be sufficient} A degausser of sufficient field strength for the coercivity of the magnetic media is used, with the field strength being checked at regular intervals. Security Control: 0361; Revision: 3]
    Testing Detective
    Define each system's disposition requirements for records and logs. CC ID 11651 Process or Activity Preventive
    Establish, implement, and maintain records disposition procedures. CC ID 00971
    [{media destruction}{external service} When outsourcing the destruction of media to an external destruction service, a National Association for Information Destruction AAA certified destruction service with endorsements, as specified in ASIO's PSC-167, is used. Security Control: 0840; Revision: 3
    Labels and markings indicating the classification, codewords, caveats, owner, system, network, or any other marking that can associate media with its original use, are removed prior to disposal. Security Control: 0378; Revision: 3
    The paper tray of the fax machine is removed, and a fax message with a minimum length of four pages is transmitted, before the paper tray is re-installed to allow a fax summary page to be printed. Security Control: 1225; Revision: 2]
    Establish/Maintain Documentation Preventive
    Manage the disposition status for all records. CC ID 00972
    [{media disposal}{public information} Following sanitisation, destruction or declassification, a formal administrative decision is made to handle media, or its waste, as 'publicly releasable' before it is released into the public domain. Security Control: 0375; Revision: 3]
    Records Management Preventive
    Use a second person to confirm and sign-off that manually deleted data was deleted. CC ID 12313 Data and Information Management Preventive
    Remove and/or destroy records according to the records' retention event and retention period schedule. CC ID 06621 Records Management Preventive
    Place printed records awaiting destruction into secure containers. CC ID 12464 Physical and Environmental Protection Preventive
    Destroy printed records so they cannot be reconstructed. CC ID 11779 Physical and Environmental Protection Preventive
    Automate a programmatic process to remove stored data and records that exceed retention requirements. CC ID 06082 Data and Information Management Preventive
    Include methods to identify records that meet or exceed the record's retention event in the records disposition procedures. CC ID 11962 Establish/Maintain Documentation Preventive
    Maintain disposal records or redeployment records. CC ID 01644
    [{accountable material}{media destruction} Personnel supervising the destruction of accountable media supervise the handling of the material to the point of destruction, ensure that the destruction is completed successfully and sign a destruction certificate afterwards. Security Control: 0373; Revision: 3]
    Establish/Maintain Documentation Preventive
    Include the name of the signing officer in the disposal record. CC ID 15710 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain records management procedures. CC ID 11619 Establish/Maintain Documentation Preventive
    Control error handling when data is being inputted. CC ID 00922 Data and Information Management Detective
    Use automated entry devices to reduce errors during data input. CC ID 06626
    [Validation and/or sanitisation is performed on all input handled by a web application. Security Control: 1240; Revision: 2]
    Data and Information Management Preventive
    Establish, implement, and maintain electronic storage media management procedures. CC ID 00931
    [{be suitable} Media is handled in a manner suitable for its sensitivity or classification. Security Control: 0831; Revision: 5
    A media management policy is developed and implemented. Security Control: 1549; Revision: 0]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain security label procedures. CC ID 06747
    [Media, with the exception of internally mounted fixed media within ICT equipment, is labelled with protective markings reflecting its sensitivity or classification. Security Control: 0332; Revision: 4
    Protective marking tools do not automatically insert protective markings into emails. Security Control: 0271; Revision: 3
    Protective marking tools do not allow users to select protective markings that a system has not been authorised to process, store or communicate. Security Control: 0272; Revision: 4]
    Establish/Maintain Documentation Preventive
    Label restricted storage media appropriately. CC ID 00966 Data and Information Management Preventive
    Label printed output for specific record categories as directed by the organization's information classification standard. CC ID 01420 Records Management Detective
    Establish, implement, and maintain restricted material identification procedures. CC ID 01889 Establish/Maintain Documentation Preventive
    Conspicuously locate the restricted record's overall classification. CC ID 01890 Establish/Maintain Documentation Preventive
    Mark a restricted record's displayed pages or printed pages with the appropriate classification. CC ID 01891 Establish/Maintain Documentation Preventive
    Mark a restricted record's components (appendices, annexes) with the appropriate classification. CC ID 01892 Establish/Maintain Documentation Preventive
    Mark a restricted record's portions (paragraphs, sections) with the appropriate classification. CC ID 01893 Establish/Maintain Documentation Preventive
    Mark a restricted record's subject line or title with the appropriate classification. CC ID 01894 Establish/Maintain Documentation Preventive
    Mark all forms of electronic messages that contain restricted data or restricted information with the appropriate classification. CC ID 01896
    [Protective markings are applied to emails and reflect the information in their subject, body and attachments. Security Control: 0270; Revision: 5
    Protective markings are applied to emails and reflect the information in their subject, body and attachments. Security Control: 0270; Revision: 5]
    Data and Information Management Preventive
    Establish, implement, and maintain label inheritance mechanisms for aggregate data sets. CC ID 06957 Technical Security Preventive
    Establish the minimum originator requirements for security labels. CC ID 06579 Establish/Maintain Documentation Preventive
    Establish the minimum intermediate system requirements for security labels. CC ID 06581 Establish/Maintain Documentation Preventive
    Establish the minimum receiver requirements for records or electronic storage media marked with security labels. CC ID 06580 Establish/Maintain Documentation Preventive
    Establish policy based processing rules to process incoming records or electronic storage media marked with security labels. CC ID 06582 Establish/Maintain Documentation Preventive
    Establish and maintain access controls for all records. CC ID 00371 Records Management Preventive
    Reproduce materials containing restricted data or restricted information in accordance with compliance requirements. CC ID 02202 Data and Information Management Preventive
    Establish, implement, and maintain a records lifecycle management program. CC ID 00951 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain information preservation procedures. CC ID 06277 Establish/Maintain Documentation Preventive
    Implement and maintain high availability storage, as necessary. CC ID 00952 Technical Security Preventive
    Implement and maintain backups and duplicate copies of organizational records. CC ID 00953
    [{stipulated time frame} Backups are stored for three months or greater. Security Control: 1514; Revision: 0]
    Records Management Preventive
    Establish, implement, and maintain the duplicate original of record indexes. CC ID 00954 Records Management Preventive
    Establish, implement, and maintain a transparent storage media strategy. CC ID 00932 Records Management Preventive
    Establish, implement, and maintain an online availability plan that is commensurate with the electronic storage media. CC ID 00934 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain online storage monitoring and reporting capabilities. CC ID 00935 Monitor and Evaluate Occurrences Detective
    Establish, implement, and maintain online storage controls. CC ID 00942 Technical Security Preventive
    Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943
    [When a user authenticates to encryption functionality for ICT equipment or media storing encrypted information, it is treated in accordance with its original sensitivity or classification until such a time that the user deauthenticates from the encryption functionality. Security Control: 0462; Revision: 5
    Cryptographic equipment is stored in a room that meets the requirements for a server room based on the sensitivity or classification of the information the cryptographic equipment processes. Security Control: 0505; Revision: 5]
    Records Management Preventive
    Store records on non-rewritable, non-erasable storage media formats, as necessary. CC ID 00944
    [{be different}{manual process} When transferring data manually between two systems belonging to different security domains, write-once media is used. Security Control: 0347; Revision: 4]
    Testing Detective
    Provide encryption for different types of electronic storage media. CC ID 00945
    [{data at rest}{data in transit} Information is encrypted at rest and in transit between different systems. P7:
    Hard disks of database servers are encrypted using full disk encryption. Security Control: 1425; Revision: 1
    Media is encrypted with at least an Australian Signals Directorate Approved Cryptographic Algorithm. Security Control: 1059; Revision: 3
    {be at rest} In addition to any encryption already in place, an AACA is used to encrypt AUSTEO and AGAO information when at rest on a system. Security Control: 1080; Revision: 2]
    Technical Security Preventive
    Implement electronic storage media integrity controls. CC ID 00946
    [Any media connected to a system is classified as the same sensitivity or classification as the system, unless the media is read-only, the media is inserted into a read-only device or the system has a mechanism through which read-only access can be ensured. Security Control: 0325; Revision: 5]
    Configuration Preventive
    Automate electronic storage media integrity check controls. CC ID 00948 Configuration Preventive
    Provide capacity for indexes on electronic storage media, as necessary. CC ID 00950 Configuration Preventive
    Provide audit trails for all pertinent records. CC ID 00372 Establish/Maintain Documentation Detective
    Establish, implement, and maintain a removable storage media log. CC ID 12317 Log Management Preventive
    Include a unique identifier for each removable storage media asset in the removable storage media log. CC ID 12320 Establish/Maintain Documentation Preventive
    Include the date and time in the removable storage media log. CC ID 12318 Establish/Maintain Documentation Preventive
    Include the name and signature of the current custodian in the removable storage media log. CC ID 12315 Establish/Maintain Documentation Preventive
    Include the number of physical media used for the data transfer in the removable storage media log. CC ID 12754 Establish/Maintain Documentation Preventive
    Include the recipient's name for the data transfer in the removable storage media log. CC ID 12753 Establish/Maintain Documentation Preventive
    Include the sender's name in the removable storage media log. CC ID 12752 Establish/Maintain Documentation Preventive
    Include the type of physical media being used for the data transfer in the removable storage media log. CC ID 12751 Establish/Maintain Documentation Preventive
    Include the reason for transfer in the removable storage media log. CC ID 12316 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain storage media downgrading procedures. CC ID 10619 Process or Activity Preventive
    Identify electronic storage media that require downgrading. CC ID 10620 Process or Activity Detective
    Downgrade electronic storage media, as necessary. CC ID 10621 Process or Activity Corrective
    Document all actions taken when downgrading electronic storage media. CC ID 10622 Establish/Maintain Documentation Preventive
    Test the storage media downgrade for correct performance. CC ID 10623 Testing Detective
  • System hardening through configuration management
    6296
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    System hardening through configuration management CC ID 00860 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a Configuration Management program. CC ID 00867 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a configuration management policy. CC ID 14023 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain configuration management procedures. CC ID 14074 Establish/Maintain Documentation Preventive
    Disseminate and communicate the configuration management procedures to interested personnel and affected parties. CC ID 14139
    [Personnel are advised of security risks associated with posting personal information to online services and are encouraged to use any available privacy settings to restrict who can view such information. Security Control: 0821; Revision: 3]
    Communicate Preventive
    Test network access controls for proper Configuration Management settings. CC ID 01281
    [A method of emergency access to systems is documented and tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur. Security Control: 1610; Revision: 0]
    Testing Detective
    Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 Establish/Maintain Documentation Preventive
    Include the operating systems and version numbers in the baseline configuration. CC ID 13269
    [{Standard Operating Environment} SOEs are used for workstations and servers. Security Control: 1406; Revision: 2]
    Establish/Maintain Documentation Preventive
    Include backup procedures in the Configuration Management policy. CC ID 01314
    [{secure manner} Information, applications and configuration settings are backed up in a secure and proven manner on a regular basis. P9:
    {be overseas}Before travelling overseas with mobile devices, personnel take the following actions: backup all important data and configuration settings. Security Control: 1555; Revision: 0; Bullet 7]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a system hardening standard. CC ID 00876 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain configuration standards for all systems based upon industry best practices. CC ID 11953
    [High assurance ICT equipment is only operated in an evaluated configuration. Security Control: 0292; Revision: 5
    High assurance ICT equipment is installed, configured, administered and operated in accordance with guidance produced by the ACSC. Security Control: 0290; Revision: 5
    {guidance documentation} Evaluated products are installed, configured, administered and operated in accordance with vendor guidance and evaluation documentation. Security Control: 0289; Revision: 2]
    Configuration Preventive
    Include common security parameter settings in the configuration standards for all systems. CC ID 12544 Establish/Maintain Documentation Preventive
    Apply configuration standards to all systems, as necessary. CC ID 12503 Configuration Preventive
    Document and justify system hardening standard exceptions. CC ID 06845 Configuration Preventive
    Configure security parameter settings on all system components appropriately. CC ID 12041
    [Application control is implemented using cryptographic hash rules, publisher certificate rules or path rules. Security Control: 0955; Revision: 6]
    Technical Security Preventive
    Provide documentation verifying devices are not susceptible to known exploits. CC ID 11987 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain system hardening procedures. CC ID 12001
    [{timely manner} Security vulnerabilities in operating systems and firmware assessed as extreme risk are patched, updated or mitigated within 48 hours of the security vulnerabilities being identified by vendors, independent third parties, system managers or users. Security Control: 1494; Revision: 0
    {software separation mechanism} When using a software-based isolation mechanism to share a physical server's hardware, the underlying operating system running on the server is hardened. Security Control: 1605; Revision: 0
    An approach for patching or updating applications and drivers that ensures the integrity and authenticity of patches or updates, as well as the processes used to apply them, is used. Security Control: 0303; Revision: 6]
    Establish/Maintain Documentation Preventive
    Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460
    [{energy saver}Systems are configured with a session or screen lock that: ensures that the screen does not enter a power saving state before the screen or session lock is activated Security Control: 0428; Revision: 6; Bullet 3
    Systems are configured with a session or screen lock that: requires the user to reauthenticate to rm_secondary-verb">unlock the system Security Control: 0428; Revision: 6; Bullet 4]
    Technical Security Preventive
    Configure the Intrusion Detection System and Intrusion Prevention System in accordance with organizational standards. CC ID 04831 Configuration Preventive
    Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490
    [{outside normal business hours} Outside of business hours, and after an appropriate period of inactivity, user sessions are terminated and workstations are rebooted. Security Control: 0853; Revision: 1
    {outside normal business hours} Outside of business hours, and after an appropriate period of inactivity, user sessions are terminated and workstations are rebooted. Security Control: 0853; Revision: 1]
    Configuration Preventive
    Enable historical logging on the Intrusion Detection System and Intrusion Prevention System. CC ID 04836 Configuration Preventive
    Configure the Intrusion Detection System and the Intrusion Prevention System to detect rogue devices and unauthorized connections. CC ID 04837 Configuration Preventive
    Display an explicit logout message when disconnecting an authenticated communications session. CC ID 10093 Configuration Preventive
    Configure the Intrusion Detection System and the Intrusion Prevention System to alert upon finding rogue devices and unauthorized connections. CC ID 07062 Configuration Preventive
    Invalidate session identifiers upon session termination. CC ID 10649 Technical Security Preventive
    Configure “Docker” to organizational standards. CC ID 14457 Configuration Preventive
    Configure the "autolock" argument to organizational standards. CC ID 14547 Configuration Preventive
    Configure the "COPY" instruction to organizational standards. CC ID 14515 Configuration Preventive
    Configure the "memory" argument to organizational standards. CC ID 14497 Configuration Preventive
    Configure the "docker0" bridge to organizational standards. CC ID 14504 Configuration Preventive
    Configure the "docker exec commands" to organizational standards. CC ID 14502 Configuration Preventive
    Configure the "health-cmd" argument to organizational standards. CC ID 14527 Configuration Preventive
    Configure the "HEALTHCHECK" to organizational standards. CC ID 14511 Configuration Detective
    Configure the maximum number of images to organizational standards. CC ID 14545 Configuration Preventive
    Configure the minimum number of manager nodes to organizational standards. CC ID 14543 Configuration Preventive
    Configure the "on-failure" restart policy to organizational standards. CC ID 14542 Configuration Preventive
    Configure the maximum number of containers to organizational standards. CC ID 14540 Configuration Preventive
    Configure the "lifetime_minutes" to organizational standards. CC ID 14539 Configuration Preventive
    Configure the "Linux kernel capabilities" to organizational standards. CC ID 14531 Configuration Preventive
    Configure the "Docker socket" to organizational standards. CC ID 14506 Configuration Preventive
    Configure the "read-only" argument to organizational standards. CC ID 14498 Configuration Preventive
    Configure the signed image enforcement to organizational standards. CC ID 14517 Configuration Preventive
    Configure the "storage-opt" argument to organizational standards. CC ID 14658 Configuration Preventive
    Configure the "swarm services" to organizational standards. CC ID 14516 Configuration Preventive
    Configure the "experimental" argument to organizational standards. CC ID 14494 Configuration Preventive
    Configure the cluster role-based access control policies to organizational standards. CC ID 14514 Configuration Preventive
    Configure the "secret management commands" to organizational standards. CC ID 14512 Configuration Preventive
    Configure the "renewal_threshold_minutes" to organizational standards. CC ID 14538 Configuration Preventive
    Configure the "docker swarm unlock-key" command to organizational standards. CC ID 14490 Configuration Preventive
    Configure the "per_user_limit" to organizational standards. CC ID 14523 Configuration Preventive
    Configure the "privileged" argument to organizational standards. CC ID 14510 Configuration Preventive
    Configure the "update instructions" to organizational standards. CC ID 14525 Configuration Preventive
    Configure the "swarm mode" to organizational standards. CC ID 14508 Configuration Preventive
    Configure the "USER" directive to organizational standards. CC ID 14507 Configuration Preventive
    Configure the "DOCKER_CONTENT_TRUST" to organizational standards. CC ID 14488 Configuration Preventive
    Configure the "no-new-privileges" argument to organizational standards. CC ID 14474 Configuration Preventive
    Configure the "seccomp-profile" argument to organizational standards. CC ID 14503 Configuration Preventive
    Configure the "cpu-shares" argument to organizational standards. CC ID 14489 Configuration Preventive
    Configure the "volume" argument to organizational standards. CC ID 14533 Configuration Preventive
    Configure the "cgroup-parent" to organizational standards. CC ID 14466 Configuration Preventive
    Configure the "live-restore" argument to organizational standards. CC ID 14465 Configuration Preventive
    Configure the "userland-proxy" argument to organizational standards. CC ID 14464 Configuration Preventive
    Configure the "user namespace support" to organizational standards. CC ID 14462 Configuration Preventive
    Configure "etcd" to organizational standards. CC ID 14535 Configuration Preventive
    Configure the "auto-tls" argument to organizational standards. CC ID 14621 Configuration Preventive
    Configure the "peer-auto-tls" argument to organizational standards. CC ID 14636 Configuration Preventive
    Configure the "peer-client-cert-auth" argument to organizational standards. CC ID 14614 Configuration Preventive
    Configure the "peer-cert-file" argument to organizational standards. CC ID 14606 Configuration Preventive
    Configure the "key-file" argument to organizational standards. CC ID 14604 Configuration Preventive
    Configure the "cert-file" argument to organizational standards. CC ID 14602 Configuration Preventive
    Configure the "client-cert-auth" argument to organizational standards. CC ID 14596 Configuration Preventive
    Configure the "peer-key-file" argument to organizational standards. CC ID 14595 Configuration Preventive
    Configure "Kubernetes" to organizational standards. CC ID 14528 Configuration Preventive
    Configure the "ImagePolicyWebhook" admission controller to organizational standards. CC ID 14657 Configuration Preventive
    Configure the "allowedCapabilities" to organizational standards. CC ID 14653 Configuration Preventive
    Configure the "allowPrivilegeEscalation" flag to organizational standards. CC ID 14645 Configuration Preventive
    Configure the "Security Context" to organizational standards. CC ID 14656 Configuration Preventive
    Configure the "cluster-admin" role to organizational standards. CC ID 14642 Configuration Preventive
    Configure the "automountServiceAccountToken" to organizational standards. CC ID 14639 Configuration Preventive
    Configure the "audit-log-maxsize" argument to organizational standards. CC ID 14624 Configuration Detective
    Configure the "seccomp" profile to organizational standards. CC ID 14652 Configuration Preventive
    Configure the "securityContext.privileged" flag to organizational standards. CC ID 14641 Configuration Preventive
    Configure the "audit-log-path" argument to organizational standards. CC ID 14622 Configuration Detective
    Configure the "audit-log-maxbackup" argument to organizational standards. CC ID 14613 Configuration Detective
    Configure the "audit-policy-file" to organizational standards. CC ID 14610 Configuration Preventive
    Configure the "audit-log-maxage" argument to organizational standards. CC ID 14605 Configuration Detective
    Configure the "bind-address" argument to organizational standards. CC ID 14601 Configuration Preventive
    Configure the "request-timeout" argument to organizational standards. CC ID 14583 Configuration Preventive
    Configure the "secure-port" argument to organizational standards. CC ID 14582 Configuration Preventive
    Configure the "service-account-key-file" argument to organizational standards. CC ID 14581 Configuration Preventive
    Configure the "insecure-bind-address" argument to organizational standards. CC ID 14580 Configuration Preventive
    Configure the "service-account-lookup" argument to organizational standards. CC ID 14579 Configuration Preventive
    Configure the "admission control plugin PodSecurityPolicy" to organizational standards. CC ID 14578 Configuration Preventive
    Configure the "profiling" argument to organizational standards. CC ID 14577 Configuration Preventive
    Configure the "hostNetwork" flag to organizational standards. CC ID 14649 Configuration Preventive
    Configure the "hostPID" flag to organizational standards. CC ID 14648 Configuration Preventive
    Configure the "etcd-certfile" argument to organizational standards. CC ID 14584 Configuration Preventive
    Configure the "runAsUser.rule" to organizational standards. CC ID 14651 Configuration Preventive
    Configure the "requiredDropCapabilities" to organizational standards. CC ID 14650 Configuration Preventive
    Configure the "hostIPC" flag to organizational standards. CC ID 14643 Configuration Preventive
    Configure the "admission control plugin ServiceAccount" to organizational standards. CC ID 14576 Configuration Preventive
    Configure the "insecure-port" argument to organizational standards. CC ID 14575 Configuration Preventive
    Configure the "admission control plugin AlwaysPullImages" to organizational standards. CC ID 14574 Configuration Preventive
    Configure the "pod" to organizational standards. CC ID 14644 Configuration Preventive
    Configure the "ClusterRoles" to organizational standards. CC ID 14637 Configuration Preventive
    Configure the "event-qps" argument to organizational standards. CC ID 14633 Configuration Preventive
    Configure the "Kubelet" to organizational standards. CC ID 14635 Configuration Preventive
    Configure the "NET_RAW" to organizational standards. CC ID 14647 Configuration Preventive
    Configure the "make-iptables-util-chains" argument to organizational standards. CC ID 14638 Configuration Preventive
    Configure the "hostname-override" argument to organizational standards. CC ID 14631 Configuration Preventive
    Configure the "admission control plugin NodeRestriction" to organizational standards. CC ID 14573 Configuration Preventive
    Configure the "admission control plugin AlwaysAdmit" to organizational standards. CC ID 14572 Configuration Preventive
    Configure the "etcd-cafile" argument to organizational standards. CC ID 14592 Configuration Preventive
    Configure the "encryption-provider-config" argument to organizational standards. CC ID 14587 Configuration Preventive
    Configure the "rotate-certificates" argument to organizational standards. CC ID 14640 Configuration Preventive
    Configure the "etcd-keyfile" argument to organizational standards. CC ID 14586 Configuration Preventive
    Configure the "client-ca-file" argument to organizational standards. CC ID 14585 Configuration Preventive
    Configure the "kube-apiserver" to organizational standards. CC ID 14589 Configuration Preventive
    Configure the "tls-private-key-file" argument to organizational standards. CC ID 14590 Configuration Preventive
    Configure the "streaming-connection-idle-timeout" argument to organizational standards. CC ID 14634 Configuration Preventive
    Configure the "RotateKubeletServerCertificate" argument to organizational standards. CC ID 14626 Configuration Preventive
    Configure the "protect-kernel-defaults" argument to organizational standards. CC ID 14629 Configuration Preventive
    Configure the "read-only-port" argument to organizational standards. CC ID 14627 Configuration Preventive
    Configure the "admission control plugin NamespaceLifecycle" to organizational standards. CC ID 14571 Configuration Preventive
    Configure the "terminated-pod-gc-threshold" argument to organizational standards. CC ID 14593 Configuration Preventive
    Configure the "tls-cert-file" argument to organizational standards. CC ID 14588 Configuration Preventive
    Configure the "kubelet-certificate-authority" argument to organizational standards. CC ID 14570 Configuration Preventive
    Configure the "service-account-private-key-file" argument to organizational standards. CC ID 14607 Configuration Preventive
    Configure the "admission control plugin SecurityContextDeny" to organizational standards. CC ID 14569 Configuration Preventive
    Configure the "kubelet-client-certificate" argument to organizational standards. CC ID 14568 Configuration Preventive
    Configure the "root-ca-file" argument to organizational standards. CC ID 14599 Configuration Preventive
    Configure the "admission control plugin EventRateLimit" to organizational standards. CC ID 14567 Configuration Preventive
    Configure the "use-service-account-credentials" argument to organizational standards. CC ID 14594 Configuration Preventive
    Configure the "token-auth-file" argument to organizational standards. CC ID 14566 Configuration Preventive
    Configure the "authorization-mode" argument to organizational standards. CC ID 14565 Configuration Preventive
    Configure the "anonymous-auth" argument to organizational standards. CC ID 14564 Configuration Preventive
    Configure the "kubelet-client-key" argument to organizational standards. CC ID 14563 Configuration Preventive
    Configure the "kubelet-https" argument to organizational standards. CC ID 14561 Configuration Preventive
    Configure the "basic-auth-file" argument to organizational standards. CC ID 14559 Configuration Preventive
    Configure the Remote Deposit Capture system to organizational standards. CC ID 13569 Configuration Preventive
    Block and/or remove unused software and unauthorized software. CC ID 00865
    [{versions}{no longer supported} PowerShell 2.0 and below is removed from operating systems. Security Control: 1621; Revision: 0]
    Configuration Preventive
    Assign system hardening to qualified personnel. CC ID 06813 Establish Roles Preventive
    Use the latest version of all software. CC ID 00897
    [Only the latest version of TLS is used. Security Control: 1139; Revision: 5
    {Standard Operating Environment} The latest version (N), or N-1 version, of an operating system is used for SOEs. Security Control: 1407; Revision: 3
    {prior to} Versions of S/MIME earlier than 3.0 are not used. Security Control: 0490; Revision: 3
    {latest version}{Standard Operating Environment} The latest releases of key business applications such as office productivity suites, PDF viewers, web browsers, common web browser plugins, email clients and software platforms are used when present within SOEs. Security Control: 1467; Revision: 1
    {latest version}{internet-facing applications}{Standard Operating Environment} The latest releases of web server software, server applications that store important data, and other internet-accessible server applications are used when present within SOEs. Security Control: 1483; Revision: 0
    If supported, the latest version of Microsoft's EMET is implemented on workstations and servers and configured with both operating system mitigation measures and application-specific mitigation measures. Security Control: 1414; Revision: 1]
    Technical Security Preventive
    Install the most current Windows Service Pack. CC ID 01695 Configuration Preventive
    Install all available critical security updates and important security updates in a timely manner. CC ID 01696
    [{software separation mechanism} When using a software-based isolation mechanism to share a physical server's hardware, patches are applied to the isolation mechanism and underlying operating system in a timely manner. Security Control: 1606; Revision: 0]
    Configuration Preventive
    Include risk information when communicating critical security updates. CC ID 14948 Communicate Preventive
    Change default configurations, as necessary. CC ID 00877 Configuration Preventive
    Configure custom security parameters for X-Windows. CC ID 02168 Configuration Preventive
    Configure custom security settings for Lotus Domino. CC ID 02171 Configuration Preventive
    Configure custom security settings for the Automated Security Enhancement Tool. CC ID 02177 Configuration Preventive
    Configure custom Security settings for Sun Answerbook2. CC ID 02178 Configuration Preventive
    Configure custom security settings for Command (PROM) Monitor. CC ID 02180 Configuration Preventive
    Configure and secure each interface for Executive Interfaces. CC ID 02182 Configuration Preventive
    Reconfigure the default settings and configure the system security for Site Management Complex. CC ID 02183 Configuration Preventive
    Configure the unisys executive (GENNED) GEN tags. CC ID 02184 Configuration Preventive
    Reconfigure the default Console Mode privileges. CC ID 02189 Configuration Preventive
    Restrict access to security-related Console Mode key-in groups based on the security profiles. CC ID 02190 Configuration Preventive
    Configure security profiles for the various Console Mode levels. CC ID 02191 Configuration Preventive
    Configure custom access privileges for all mapper files. CC ID 02194 Configuration Preventive
    Configure custom access privileges for the PSERVER configuration file. CC ID 02195 Configuration Preventive
    Configure custom access privileges for the DEPCON configuration file. CC ID 02196 Configuration Preventive
    Disable the default NetWare user web page unless absolutely necessary. CC ID 04447 Configuration Preventive
    Enable and reset the primary administrator names, primary administrator passwords, root names, and root passwords. CC ID 04448 Configuration Preventive
    Remove unnecessary documentation or unprotected documentation from installed applications. CC ID 04452 Configuration Preventive
    Complete the NetWare eGuide configuration. CC ID 04449 Configuration Preventive
    Verify the usr/aset/masters/uid_aliases file exists and contains an appropriate aliases list. CC ID 04902 Configuration Preventive
    Set the low security directory list properly. CC ID 04903 Configuration Preventive
    Set the medium security directory list properly. CC ID 04904 Configuration Preventive
    Set the high security directory list properly. CC ID 04905 Configuration Preventive
    Set the UID aliases pointer properly. CC ID 04906 Configuration Preventive
    Verify users are listed in the ASET userlist file. CC ID 04907 Technical Security Preventive
    Verify Automated Security Enhancement Tool checks the NIS+ tables, as appropriate. CC ID 04908 Testing Preventive
    Reconfigure the encryption keys from their default setting or previous setting. CC ID 06079 Configuration Preventive
    Change the default Service Set Identifier for Wireless Access Points and wireless bridges. CC ID 06086
    [The default SSID of wireless access points is changed. Security Control: 1316; Revision: 2]
    Configuration Preventive
    Revoke public execute privileges for all processes or applications that allow such privileges. CC ID 06568 Configuration Preventive
    Configure the system's booting configuration. CC ID 10656 Configuration Preventive
    Configure the system to boot directly to the correct Operating System. CC ID 04509 Configuration Preventive
    Verify an appropriate bootloader is used. CC ID 04900 Configuration Preventive
    Configure the ability to boot from USB devices, as appropriate. CC ID 04901 Configuration Preventive
    Configure the system to boot from hardware enforced read-only media. CC ID 10657 Configuration Preventive
    Establish, implement, and maintain procedures to standardize operating system software installation. CC ID 00869
    [{guidance documentation} Evaluated products are installed, configured, administered and operated in accordance with vendor guidance and evaluation documentation. Security Control: 0289; Revision: 2]
    Establish/Maintain Documentation Preventive
    Verify operating system installation plans include software security considerations. CC ID 00870 Establish/Maintain Documentation Preventive
    Configure the "Approved Installation Sites for ActiveX Controls" security mechanism properly. CC ID 04909 Configuration Preventive
    Configure Least Functionality and Least Privilege settings to organizational standards. CC ID 07599 Configuration Preventive
    Configure "Block public access (bucket settings)" to organizational standards. CC ID 15444 Configuration Preventive
    Configure S3 Bucket Policies to organizational standards. CC ID 15431 Configuration Preventive
    Configure "Allow suggested apps in Windows Ink Workspace" to organizational standards. CC ID 15417 Configuration Preventive
    Configure "Allow Cloud Search" to organizational standards. CC ID 15416 Configuration Preventive
    Configure "Configure Watson events" to organizational standards. CC ID 15414 Configuration Preventive
    Configure "Allow Clipboard synchronization across devices" to organizational standards. CC ID 15412 Configuration Preventive
    Configure "Prevent users from modifying settings" to organizational standards. CC ID 15411 Configuration Preventive
    Configure "Prevent users from sharing files within their profile" to organizational standards. CC ID 15408 Configuration Preventive
    Configure "Manage preview builds" to organizational standards. CC ID 15405 Configuration Preventive
    Configure "Turn off Help Experience Improvement Program" to organizational standards. CC ID 15403 Configuration Preventive
    Configure "Sign-in and lock last interactive user automatically after a restart" to organizational standards. CC ID 15402 Configuration Preventive
    Configure "Hardened UNC Paths" to organizational standards. CC ID 15400 Configuration Preventive
    Configure "Turn off all Windows spotlight features" to organizational standards. CC ID 15397 Configuration Preventive
    Configure "Allow Message Service Cloud Sync" to organizational standards. CC ID 15396 Configuration Preventive
    Configure "Configure local setting override for reporting to Microsoft MAPS" to organizational standards. CC ID 15394 Configuration Preventive
    Configure "Configure Windows spotlight on lock screen" to organizational standards. CC ID 15391 Configuration Preventive
    Configure "Do not suggest third-party content in Windows spotlight" to organizational standards. CC ID 15389 Configuration Preventive
    Configure "Enable Font Providers" to organizational standards. CC ID 15388 Configuration Preventive
    Configure "Disallow copying of user input methods to the system account for sign-in" to organizational standards. CC ID 15386 Configuration Preventive
    Configure "Do not display network selection UI" to organizational standards. CC ID 15381 Configuration Preventive
    Configure "Turn off KMS Client Online AVS Validation" to organizational standards. CC ID 15380 Configuration Preventive
    Configure "Allow Telemetry" to organizational standards. CC ID 15378 Configuration Preventive
    Configure "Allow users to enable online speech recognition services" to organizational standards. CC ID 15377 Configuration Preventive
    Configure "Prevent enabling lock screen camera" to organizational standards. CC ID 15373 Configuration Preventive
    Configure "Continue experiences on this device" to organizational standards. CC ID 15372 Configuration Preventive
    Configure "Prevent the usage of OneDrive for file storage" to organizational standards. CC ID 15369 Configuration Preventive
    Configure "Do not use diagnostic data for tailored experiences" to organizational standards. CC ID 15367 Configuration Preventive
    Configure "Network access: Restrict clients allowed to make remote calls to SAM" to organizational standards. CC ID 15365 Configuration Preventive
    Configure "Turn off Microsoft consumer experiences" to organizational standards. CC ID 15363 Configuration Preventive
    Configure "Allow Use of Camera" to organizational standards. CC ID 15362 Configuration Preventive
    Configure "Allow Online Tips" to organizational standards. CC ID 15360 Configuration Preventive
    Configure "Turn off cloud optimized content" to organizational standards. CC ID 15357 Configuration Preventive
    Configure "Apply UAC restrictions to local accounts on network logons" to organizational standards. CC ID 15356 Configuration Preventive
    Configure "Toggle user control over Insider builds" to organizational standards. CC ID 15354 Configuration Preventive
    Configure "Allow network connectivity during connected-standby (plugged in)" to organizational standards. CC ID 15353 Configuration Preventive
    Configure "Do not show feedback notifications" to organizational standards. CC ID 15350 Configuration Preventive
    Configure "Prevent enabling lock screen slide show" to organizational standards. CC ID 15349 Configuration Preventive
    Configure "Turn off the advertising ID" to organizational standards. CC ID 15348 Configuration Preventive
    Configure "Allow Windows Ink Workspace" to organizational standards. CC ID 15346 Configuration Preventive
    Configure "Allow a Windows app to share application data between users" to organizational standards. CC ID 15345 Configuration Preventive
    Configure "Turn off handwriting personalization data sharing" to organizational standards. CC ID 15339 Configuration Preventive
    Configure the "Devices: Prevent users from installing printer drivers" to organizational standards. CC ID 07600 Configuration Preventive
    Configure the "Log on as a service" to organizational standards. CC ID 07609 Configuration Preventive
    Configure "Restore files and directories" to organizational standards. CC ID 07610 Configuration Preventive
    Configure the "Back up files and directories" to organizational standards. CC ID 07629 Configuration Preventive
    Configure the "Change the system time" to organizational standards. CC ID 07633 Configuration Preventive
    Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" to organizational standards. CC ID 07635 Configuration Preventive
    Configure the "Perform volume maintenance tasks" to organizational standards. CC ID 07653 Configuration Preventive
    Configure the "Create global objects" to organizational standards. CC ID 07659 Configuration Preventive
    Configure the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" to organizational standards. CC ID 07660 Configuration Preventive
    Configure the "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07671 Configuration Preventive
    Configure the "Network access: Named Pipes that can be accessed anonymously" to organizational standards. CC ID 07676 Configuration Preventive
    Configure the "Change the time zone" to organizational standards. CC ID 07677 Configuration Preventive
    Configure the "Adjust memory quotas for a process" to organizational standards. CC ID 07685 Configuration Preventive
    Configure the "Add workstations to domain" to organizational standards. CC ID 07689 Configuration Preventive
    Configure the "Take ownership of files or other objects" to organizational standards. CC ID 07691 Configuration Preventive
    Configure the "Access this computer from the network" to organizational standards. CC ID 07706 Configuration Preventive
    Configure the "MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)" to organizational standards. CC ID 07710 Configuration Preventive
    Configure the "Shutdown: Allow system to be shut down without having to log on" to organizational standards. CC ID 07717 Configuration Preventive
    Configure the "System objects: Require case insensitivity for non-Windows subsystems" to organizational standards. CC ID 07718 Configuration Preventive
    Configure the "Domain controller: Allow server operators to schedule tasks" to organizational standards. CC ID 07722 Configuration Preventive
    Configure the "Debug programs" to organizational standards. CC ID 07729 Configuration Preventive
    Configure the "Increase scheduling priority" to organizational standards. CC ID 07739 Configuration Preventive
    Configure the "Load and unload device drivers" to organizational standards. CC ID 07745 Configuration Preventive
    Configure the "Modify an object label" to organizational standards. CC ID 07755
    [Protective marking tools do not allow users replying to or forwarding an email to select a protective marking that is lower than previously used for the email. Security Control: 1089; Revision: 4]
    Configuration Preventive
    Configure the "Deny log on as a service" to organizational standards. CC ID 07762 Configuration Preventive
    Configure the "Recovery console: Allow automatic administrative logon" to organizational standards. CC ID 07770 Configuration Preventive
    Configure the "Create a token object" to organizational standards. CC ID 07774 Configuration Preventive
    Configure the "Create symbolic links" to organizational standards. CC ID 07778 Configuration Preventive
    Configure the "Deny access to this computer from the network" to organizational standards. CC ID 07779 Configuration Preventive
    Configure the "Deny log on locally" to organizational standards. CC ID 07781 Configuration Preventive
    Configure the "Manage auditing and security log" to organizational standards. CC ID 07783 Configuration Preventive
    Configure the "Lock pages in memory" to organizational standards. CC ID 07784 Configuration Preventive
    Configure the "Shutdown: Clear virtual memory pagefile" to organizational standards. CC ID 07787 Configuration Preventive
    Configure the "Increase a process working set" to organizational standards. CC ID 07788 Configuration Preventive
    Configure the "Generate security audits" to organizational standards. CC ID 07796 Configuration Preventive
    Configure the "Remove computer from docking station" to organizational standards. CC ID 07802 Configuration Preventive
    Configure the "System settings: Optional subsystems" to organizational standards. CC ID 07804 Configuration Preventive
    Configure the "Shut down the system" to organizational standards. CC ID 07808 Configuration Preventive
    Configure the "Bypass traverse checking" to organizational standards. CC ID 07809 Configuration Preventive
    Configure the "Always install with elevated privileges" to organizational standards. CC ID 07811 Configuration Preventive
    Configure the "Allow log on through Remote Desktop Services" to organizational standards. CC ID 07813 Configuration Preventive
    Configure the "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" to organizational standards. CC ID 07814 Configuration Preventive
    Configure the "Create permanent shared objects" to organizational standards. CC ID 07818 Configuration Preventive
    Configure the "Devices: Allow undock without having to log on" to organizational standards. CC ID 07821 Configuration Preventive
    Configure the "Devices: Restrict floppy access to locally logged-on user only" to organizational standards. CC ID 07823 Configuration Preventive
    Configure the "Log on as a batch job" to organizational standards. CC ID 07838 Configuration Preventive
    Configure the "MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 07841 Configuration Preventive
    Configure the "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07842 Configuration Preventive
    Configure the "Replace a process level token" to organizational standards. CC ID 07845 Configuration Preventive
    Configure the "Modify firmware environment values" to organizational standards. CC ID 07847 Configuration Preventive
    Configure the "Deny log on through Remote Desktop Services" to organizational standards. CC ID 07854 Configuration Preventive
    Configure the "Devices: Allowed to format and eject removable media" to organizational standards. CC ID 07862 Configuration Preventive
    Configure the "Profile single process" to organizational standards. CC ID 07866 Configuration Preventive
    Configure the "Turn off Autoplay" to organizational standards. CC ID 07867 Configuration Preventive
    Configure the "Devices: Restrict CD-ROM access to locally logged-on user only" to organizational standards. CC ID 07871 Configuration Preventive
    Configure the "Deny log on as a batch job" to organizational standards. CC ID 07876 Configuration Preventive
    Configure the "Create a pagefile" to organizational standards. CC ID 07878 Configuration Preventive
    Configure the "Profile system performance" to organizational standards. CC ID 07879 Configuration Preventive
    Configure the "Impersonate a client after authentication" to organizational standards. CC ID 07882 Configuration Preventive
    Configure the "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" to organizational standards. CC ID 07886 Configuration Preventive
    Configure the "Force shutdown from a remote system" to organizational standards. CC ID 07889 Configuration Preventive
    Configure the "Act as part of the operating system" to organizational standards. CC ID 07891 Configuration Preventive
    Configure the "Allow log on locally" to organizational standards. CC ID 07894 Configuration Preventive
    Configure the "Synchronize directory service data" to organizational standards. CC ID 07897 Configuration Preventive
    Configure the "Access Credential Manager as a trusted caller" to organizational standards. CC ID 07898 Configuration Preventive
    Configure the "Enable computer and user accounts to be trusted for delegation" to organizational standards. CC ID 07900 Configuration Preventive
    Configure the "Recovery console: Allow floppy copy and access to all drives and all folders" to organizational standards. CC ID 07901 Configuration Preventive
    Configure the "Software channel permissions" to organizational standards. CC ID 07910 Configuration Preventive
    Configure the "Allow drag and drop or copy and paste files" to organizational standards. CC ID 07915 Configuration Preventive
    Configure the "Disable Per-User Installation of ActiveX Controls" to organizational standards. CC ID 07918 Configuration Preventive
    Configure the "Download signed ActiveX controls" to organizational standards. CC ID 07921 Configuration Preventive
    Configure the "Disable "Configuring History"" to organizational standards. CC ID 07922 Configuration Preventive
    Configure the "Turn off ActiveX opt-in prompt" to organizational standards. CC ID 07928 Configuration Preventive
    Configure the "Allow installation of desktop items" to organizational standards. CC ID 07931 Configuration Preventive
    Configure the "Only allow approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 07936 Configuration Preventive
    Configure the "Initialize and script ActiveX controls not marked as safe" to organizational standards. CC ID 07945 Configuration Preventive
    Configure the "Allow file downloads" to organizational standards. CC ID 07960 Configuration Preventive
    Configure the "Turn off the Security Settings Check feature" to organizational standards. CC ID 07979 Configuration Preventive
    Configure the "Disable the Advanced page" to organizational standards. CC ID 07981 Configuration Preventive
    Configure the "Intranet Sites: Include all network paths (UNCs)" to organizational standards. CC ID 07986 Configuration Preventive
    Configure the "Disable changing Automatic Configuration settings" to organizational standards. CC ID 07992 Configuration Preventive
    Configure the "Turn off "Delete Browsing History" functionality" to organizational standards. CC ID 07993 Configuration Preventive
    Configure the "Allow META REFRESH" to organizational standards. CC ID 07998 Configuration Preventive
    Configure the "Prevent Deleting Temporary Internet Files" to organizational standards. CC ID 08000 Configuration Preventive
    Configure the "Security Zones: Do not allow users to change policies" to organizational standards. CC ID 08001 Configuration Preventive
    Configure the "Only use the ActiveX Installer Service for installation of ActiveX Controls" to organizational standards. CC ID 08003 Configuration Preventive
    Configure the "Prevent "Fix settings" functionality" to organizational standards. CC ID 08010 Configuration Preventive
    Configure the "XAML browser applications" to organizational standards. CC ID 08011 Configuration Preventive
    Configure the "Run .NET Framework-reliant components signed with Authenticode" to organizational standards CC ID 08014 Configuration Preventive
    Configure the "Access data sources across domains" to organizational standards. CC ID 08018 Configuration Preventive
    Configure the "Allow script-initiated windows without size or position constraints" to organizational standards. CC ID 08020 Configuration Preventive
    Configure the "Disable Save this program to disk option" to organizational standards. CC ID 08021 Configuration Preventive
    Configure the "Security Zones: Do not allow users to add/delete sites" to organizational standards. CC ID 08061 Configuration Preventive
    Configure the "Script ActiveX controls marked safe for scripting" to organizational standards. CC ID 08067 Configuration Preventive
    Configure the "Prevent Deleting Cookies" to organizational standards. CC ID 08069 Configuration Preventive
    Configure the "Allow binary and script behaviors" to organizational standards. CC ID 08070 Configuration Preventive
    Configure the "Launching applications and files in an IFRAME" to organizational standards. CC ID 08078 Configuration Preventive
    Configure the "Allow status bar updates via script" to organizational standards. CC ID 08081 Configuration Preventive
    Configure the "Turn off Crash Detection" to organizational standards. CC ID 08085 Configuration Preventive
    Configure the "Security Zones: Use only machine settings" to organizational standards. CC ID 08088 Configuration Preventive
    Configure the "Web sites in less privileged Web content zones can navigate into this zone" to organizational standards. CC ID 08089 Configuration Preventive
    Configure the "Disable the Security page" to organizational standards. CC ID 08090 Configuration Preventive
    Configure the "Automatically check for Internet Explorer updates" to organizational standards. CC ID 08094 Configuration Preventive
    Configure the "Navigate windows and frames across different domains" to organizational standards. CC ID 08107 Configuration Preventive
    Configure the "Allow active scripting" setting to organizational standards. CC ID 08115
    [Standard users are prevented from running script execution engines in Microsoft Windows, including: Windows Script Host (cscript.exe and wscript.exe) Security Control: 1491; Revision: 1; Bullet 1
    Standard users are prevented from running script execution engines in Microsoft Windows, including: Windows Management Instrumentation (wmic.exe) Security Control: 1491; Revision: 1; Bullet 4
    Standard users are prevented from running script execution engines in Microsoft Windows, including: Security Control: 1491; Revision: 1
    Standard users are prevented from running script execution engines in Microsoft Windows, including: Command Prompt (cmd.exe) Security Control: 1491; Revision: 1; Bullet 3
    Standard users are prevented from running script execution engines in Microsoft Windows, including: PowerShell (powershell.exe, powershell_ise.exe and pwsh.exe) Security Control: 1491; Revision: 1; Bullet 2
    Standard users are prevented from running script execution engines in Microsoft Windows, including: Microsoft HTML Application Host (mshta.exe). Security Control: 1491; Revision: 1; Bullet 5]
    Configuration Preventive
    Configure the "Allow font downloads" to organizational standards. CC ID 08116 Configuration Preventive
    Configure the "Disable changing proxy settings" to organizational standards. CC ID 08126 Configuration Preventive
    Configure the "Disable changing connection settings" to organizational standards. CC ID 08129 Configuration Preventive
    Configure the "Run .NET Framework-reliant components not signed with Authenticode" to organizational standards CC ID 08130 Configuration Preventive
    Configure the "Turn off printing over HTTP" to organizational standards. CC ID 08162 Configuration Preventive
    Configure the "Registry policy processing" to organizational standards. CC ID 08169 Configuration Preventive
    Configure the "Disable remote Desktop Sharing" to organizational standards. CC ID 08186 Configuration Preventive
    Configure the "Report operating system errors" to organizational standards. CC ID 08187 Configuration Preventive
    Configure the "Enumerate administrator accounts on elevation" to organizational standards. CC ID 08190 Configuration Preventive
    Configure the "Turn off Windows Update device driver searching" to organizational standards. CC ID 08193 Configuration Preventive
    Configure the "Do not allow drive redirection" to organizational standards. CC ID 08199 Configuration Preventive
    Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" to organizational standards. CC ID 08204 Configuration Preventive
    Configure the "Turn off downloading of print drivers over HTTP" to organizational standards. CC ID 08218 Configuration Preventive
    Configure the "Do not process the run once list" to organizational standards. CC ID 08219 Configuration Preventive
    Configure the "Deny log on through Terminal Services" to organizational standards. CC ID 08220 Configuration Preventive
    Configure the "Offer Remote Assistance" to organizational standards. CC ID 08222 Configuration Preventive
    Configure the "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" to organizational standards. CC ID 08228 Configuration Preventive
    Configure the "Allow users to connect remotely using Remote Desktop Services" to organizational standards. CC ID 08234 Configuration Preventive
    Configure the "MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 08247 Configuration Preventive
    Configure the "MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames" to organizational standards. CC ID 08253 Configuration Preventive
    Configure the "Solicited Remote Assistance" to organizational standards. CC ID 08265 Configuration Preventive
    Configure "Turn off the "Publish to Web" task for files and folders" to organizational standards. CC ID 08285 Configuration Preventive
    Configure the "Do not allow Windows Messenger to be run" to organizational standards. CC ID 08288 Configuration Preventive
    Configure the "Allow log on through Terminal Services" to organizational standards. CC ID 08291 Configuration Preventive
    Configure the "Require trusted path for credential entry." to organizational standards CC ID 08293 Configuration Preventive
    Configure the "Turn off Search Companion content file updates" to organizational standards. CC ID 08302 Configuration Preventive
    Configure the "Prevent access to registry editing tools" to organizational standards. CC ID 08331 Configuration Preventive
    Configure the "Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08347 Configuration Preventive
    Configure the "Turn on SmartScreen Filter scan" to organizational standards. CC ID 08357 Configuration Preventive
    Configure the "Disallow WinRM from storing RunAs credentials" to organizational standards. CC ID 08362 Configuration Preventive
    Configure the "Turn off URL Suggestions" to organizational standards. CC ID 08372 Configuration Preventive
    Configure the "Prevent users from bypassing SmartScreen Filter's application reputation warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08385 Configuration Preventive
    Configure the "Prevent access to Delete Browsing History" to organizational standards. CC ID 08387 Configuration Preventive
    Configure the "Turn off InPrivate Browsing" to organizational standards. CC ID 08421 Configuration Preventive
    Configure the "Turn off Windows Location Provider" to organizational standards. CC ID 08427 Configuration Preventive
    Configure the "Turn on Suggested Sites" to organizational standards. CC ID 08434 Configuration Preventive
    Configure the "Turn off access to the Store" to organizational standards. CC ID 08436 Configuration Preventive
    Configure the "Point and Print Restrictions" to organizational standards. CC ID 08441 Configuration Preventive
    Configure the "Prevent changing proxy settings" to organizational standards. CC ID 08447 Configuration Preventive
    Configure the "Allow deleting browsing history on exit" to organizational standards. CC ID 08456 Configuration Preventive
    Configure the "Allow scripting of Internet Explorer WebBrowser controls" to organizational standards. CC ID 08464 Configuration Preventive
    Configure the "Turn off Managing SmartScreen Filter for Internet Explorer 9" to organizational standards. CC ID 08472 Configuration Preventive
    Configure the "Check Administrator Group Membership" to organizational standards. CC ID 08473 Configuration Preventive
    Configure the "Check if AppLocker is Enabled" to organizational standards. CC ID 08475 Configuration Preventive
    Configure the "Prevent the computer from joining a homegroup" to organizational standards. CC ID 08486 Configuration Preventive
    Configure the "Disable Browser Geolocation" to organizational standards. CC ID 08491 Configuration Preventive
    Configure the "Allow Remote Shell Access" to organizational standards. CC ID 08496 Configuration Preventive
    Configure the "Turn Off the Display (Plugged In)" to organizational standards. CC ID 08502 Configuration Preventive
    Configure the "Do not enumerate connected users on domain-joined computers" to organizational standards. CC ID 08507 Configuration Preventive
    Configure the "Enable dragging of content from different domains across windows" to organizational standards. CC ID 08517 Configuration Preventive
    Configure the "Turn off first-run prompt" to organizational standards. CC ID 08521 Configuration Preventive
    Configure the "Allow Scriptlets" to organizational standards. CC ID 08523 Configuration Preventive
    Configure the "Turn on ActiveX Filtering" to organizational standards. CC ID 08524 Configuration Preventive
    Configure the "Userdata persistence" to organizational standards. CC ID 08533 Configuration Preventive
    Configure the "Enable dragging of content from different domains within a window" to organizational standards. CC ID 08535 Configuration Preventive
    Configure the "Turn off app notifications on the lock screen" to organizational standards. CC ID 08536 Configuration Preventive
    Configure the "Allow updates to status bar via script" to organizational standards. CC ID 08540 Configuration Preventive
    Configure the "Enumerate local users on domain-joined computers" to organizational standards. CC ID 08546 Configuration Preventive
    Configure the "Prevent deleting websites that the user has visited" to organizational standards. CC ID 08547 Configuration Preventive
    Configure the "Install new versions of Internet Explorer automatically" to organizational standards. CC ID 08551 Configuration Preventive
    Configure the "Make proxy settings per-machine (rather than per-user)" to organizational standards. CC ID 08553 Configuration Preventive
    Configure the "Disable external branding of Internet Explorer" to organizational standards. CC ID 08555 Configuration Preventive
    Configure the "Include local path when user is uploading files to a server" to organizational standards. CC ID 08557 Configuration Preventive
    Configure the "Configure Solicited Remote Assistance" to organizational standards. CC ID 08561 Configuration Preventive
    Configure the "Allow loading of XAML files" to organizational standards. CC ID 08562 Configuration Preventive
    Configure the "Do not display the password reveal button" to organizational standards. CC ID 08567 Configuration Preventive
    Configure the "Prevent running First Run wizard" to organizational standards. CC ID 08572 Configuration Preventive
    Configure the "Turn off location" to organizational standards. CC ID 08575 Configuration Preventive
    Configure the "Turn on Enhanced Protected Mode" to organizational standards. CC ID 08577 Configuration Preventive
    Configure the "Turn off browser geolocation" to organizational standards. CC ID 08580 Configuration Preventive
    Configure the "Do not display the reveal password button" to organizational standards. CC ID 08583 Configuration Preventive
    Configure the "Include updated website lists from Microsoft" to organizational standards. CC ID 08593 Configuration Preventive
    Configure the "Turn off Event Viewer "Events.asp" links" to organizational standards. CC ID 08604 Configuration Preventive
    Configure the "Configure Offer Remote Assistance" to organizational standards. CC ID 08605 Configuration Preventive
    Configure the "Prevent specifying the update check interval (in days)" to organizational standards. CC ID 08608 Configuration Preventive
    Configure the "Turn Off the Display (On Battery)" to organizational standards. CC ID 08609 Configuration Preventive
    Configure the "Prevent participation in the Customer Experience Improvement Program" to organizational standards. CC ID 08611 Configuration Preventive
    Configure the "Add a specific list of search providers to the user's search provider list" setting to organizational standards. CC ID 10420 Configuration Preventive
    Configure the "Admin-approved behaviors" setting to organizational standards. CC ID 10421 Configuration Preventive
    Configure the "Allow the display of image download placeholders" setting to organizational standards. CC ID 10422 Configuration Preventive
    Configure the "Allow the printing of background colors and images" setting to organizational standards. CC ID 10423 Configuration Preventive
    Configure the "Audio/Video Player" setting to organizational standards. CC ID 10424 Configuration Preventive
    Configure the "Auto-hide the Toolbars" setting to organizational standards. CC ID 10425 Configuration Preventive
    Configure the "Binary Behavior Security Restriction: All Processes" setting to organizational standards. CC ID 10426 Configuration Preventive
    Configure the "Binary Behavior Security Restriction: Internet Explorer Processes" setting to organizational standards. CC ID 10427 Configuration Preventive
    Configure the "Binary Behavior Security Restriction: Process List" setting to organizational standards. CC ID 10428 Configuration Preventive
    Configure the "Carpoint" setting to organizational standards. CC ID 10429 Configuration Preventive
    Configure the "Configure new tab page default behavior" setting to organizational standards. CC ID 10430 Configuration Preventive
    Configure the "Customize Command Labels" setting to organizational standards. CC ID 10431 Configuration Preventive
    Configure the "Customize User Agent String" setting to organizational standards. CC ID 10432 Configuration Preventive
    Configure the "Deploy default Accelerators" setting to organizational standards. CC ID 10433 Configuration Preventive
    Configure the "Deploy non-default Accelerators" setting to organizational standards. CC ID 10434 Configuration Preventive
    Configure the "DHTML Edit Control" setting to organizational standards. CC ID 10435 Configuration Preventive
    Configure the "Disable caching of Auto-Proxy scripts" setting to organizational standards. CC ID 10436 Configuration Preventive
    Configure the "Disable changing accessibility settings" setting to organizational standards. CC ID 10437 Configuration Preventive
    Configure the "Disable changing Calendar and Contact settings" setting to organizational standards. CC ID 10438 Configuration Preventive
    Configure the "Disable changing color settings" setting to organizational standards. CC ID 10439 Configuration Preventive
    Configure the "Disable changing default browser check" setting to organizational standards. CC ID 10440 Configuration Preventive
    Configure the "Disable changing font settings" setting to organizational standards. CC ID 10441 Configuration Preventive
    Configure the "Disable changing home page settings" setting to organizational standards. CC ID 10442 Configuration Preventive
    Configure the "Disable changing language settings" setting to organizational standards. CC ID 10443 Configuration Preventive
    Configure the "Disable changing link color settings" setting to organizational standards. CC ID 10444 Configuration Preventive
    Configure the "Disable changing Messaging settings" setting to organizational standards. CC ID 10445 Configuration Preventive
    Configure the "Disable changing ratings settings" setting to organizational standards. CC ID 10446 Configuration Preventive
    Configure the "Disable changing secondary home page settings" setting to organizational standards. CC ID 10447 Configuration Preventive
    Configure the "Disable changing Temporary Internet files settings" setting to organizational standards. CC ID 10448 Configuration Preventive
    Configure the "Disable Context menu" setting to organizational standards. CC ID 10449 Configuration Preventive
    Configure the "Disable customizing browser toolbar buttons" setting to organizational standards. CC ID 10450 Configuration Preventive
    Configure the "Disable customizing browser toolbars" setting to organizational standards. CC ID 10451 Configuration Preventive
    Configure the "Disable Import/Export Settings wizard" setting to organizational standards. CC ID 10452 Configuration Preventive
    Configure the "Disable Open in New Window menu option" setting to organizational standards. CC ID 10453 Configuration Preventive
    Configure the "Disable the Connections page" setting to organizational standards. CC ID 10454 Configuration Preventive
    Configure the "Disable the Content page" setting to organizational standards. CC ID 10455 Configuration Preventive
    Configure the "Disable the General page" setting to organizational standards. CC ID 10456 Configuration Preventive
    Configure the "Disable the Programs page" setting to organizational standards. CC ID 10457 Configuration Preventive
    Configure the "Disable toolbars and extensions when InPrivate Browsing starts" setting to organizational standards. CC ID 10458 Configuration Preventive
    Configure the "Display error message on proxy script download failure" setting to organizational standards. CC ID 10459 Configuration Preventive
    Configure the "Do not collect InPrivate Filtering data" setting to organizational standards. CC ID 10460 Configuration Preventive
    Configure the "Do not save encrypted pages to disk" setting to organizational standards. CC ID 10461 Configuration Preventive
    Configure the "Empty Temporary Internet Files folder when browser is closed" setting to organizational standards. CC ID 10462 Configuration Preventive
    Configure the "Enforce Full Screen Mode" setting to organizational standards. CC ID 10463 Configuration Preventive
    Configure the "File menu: Disable closing the browser and Explorer windows" setting to organizational standards. CC ID 10464 Configuration Preventive
    Configure the "File menu: Disable New menu option" setting to organizational standards. CC ID 10465 Configuration Preventive
    Configure the "File menu: Disable Open menu option" setting to organizational standards. CC ID 10466 Configuration Preventive
    Configure the "File menu: Disable Save As Web Page Complete" setting to organizational standards. CC ID 10467 Configuration Preventive
    Configure the "File menu: Disable Save As.. menu option" setting to organizational standards. CC ID 10468 Configuration Preventive
    Configure the "File size limits for Internet zone" setting to organizational standards. CC ID 10469 Configuration Preventive
    Configure the "File size limits for Intranet zone" setting to organizational standards. CC ID 10470 Configuration Preventive
    Configure the "File size limits for Local Machine zone" setting to organizational standards. CC ID 10471 Configuration Preventive
    Configure the "File size limits for Restricted Sites zone" setting to organizational standards. CC ID 10472 Configuration Preventive
    Configure the "File size limits for Trusted Sites zone" setting to organizational standards. CC ID 10473 Configuration Preventive
    Configure the "Help menu: Remove 'Send Feedback' menu option" setting to organizational standards. CC ID 10474 Configuration Preventive
    Configure the "Help menu: Remove 'Tour' menu option" setting to organizational standards. CC ID 10475 Configuration Preventive
    Configure the "Hide Favorites menu" setting to organizational standards. CC ID 10476 Configuration Preventive
    Configure the "Hide the Command Bar" setting to organizational standards. CC ID 10477 Configuration Preventive
    Configure the "Hide the Status Bar" setting to organizational standards. CC ID 10478 Configuration Preventive
    Configure the "InPrivate Filtering Threshold" setting to organizational standards. CC ID 10479 Configuration Preventive
    Configure the "Internet Zone Restricted Protocols" setting to organizational standards. CC ID 10480 Configuration Preventive
    Configure the "Internet Zone Template" setting to organizational standards. CC ID 10481 Configuration Preventive
    Configure the "Intranet Sites: Include all local (intranet) sites not listed in other zones" setting to organizational standards. CC ID 10482 Configuration Preventive
    Configure the "Intranet Sites: Include all sites that bypass the proxy server" setting to organizational standards. CC ID 10483 Configuration Preventive
    Configure the "Intranet Zone Restricted Protocols" setting to organizational standards. CC ID 10484 Configuration Preventive
    Configure the "Intranet Zone Template" setting to organizational standards. CC ID 10485 Configuration Preventive
    Configure the "Investor" setting to organizational standards. CC ID 10486 Configuration Preventive
    Configure the "Local Machine Zone Restricted Protocols" setting to organizational standards. CC ID 10487 Configuration Preventive
    Configure the "Local Machine Zone Template" setting to organizational standards. CC ID 10488 Configuration Preventive
    Configure the "Lock all Toolbars" setting to organizational standards. CC ID 10489 Configuration Preventive
    Configure the "Locked-Down Internet Zone Template" setting to organizational standards. CC ID 10490 Configuration Preventive
    Configure the "Locked-Down Intranet Zone Template" setting to organizational standards. CC ID 10491 Configuration Preventive
    Configure the "Locked-Down Local Machine Zone Template" setting to organizational standards. CC ID 10492 Configuration Preventive
    Configure the "Locked-Down Restricted Sites Zone Template" setting to organizational standards. CC ID 10493 Configuration Preventive
    Configure the "Locked-Down Trusted Sites Zone Template" setting to organizational standards. CC ID 10494 Configuration Preventive
    Configure the "Maximum number of connections per server (HTTP 1.0)" setting to organizational standards. CC ID 10495 Configuration Preventive
    Configure the "Maximum number of connections per server (HTTP 1.1)" setting to organizational standards. CC ID 10496 Configuration Preventive
    Configure the "Menu Controls" setting to organizational standards. CC ID 10497 Configuration Preventive
    Configure the "Microsoft Agent" setting to organizational standards. CC ID 10498 Configuration Preventive
    Configure the "Microsoft Chat" setting to organizational standards. CC ID 10499 Configuration Preventive
    Configure the "Microsoft Scriptlet Component" setting to organizational standards. CC ID 10500 Configuration Preventive
    Configure the "Microsoft Survey Control" setting to organizational standards. CC ID 10501 Configuration Preventive
    Configure the "Moving the menu bar above the navigation bar" setting to organizational standards. CC ID 10502 Configuration Preventive
    Configure the "MSNBC" setting to organizational standards. CC ID 10503 Configuration Preventive
    Configure the "NetShow File Transfer Control" setting to organizational standards. CC ID 10504 Configuration Preventive
    Configure the "Network Protocol Lockdown: All Processes" setting to organizational standards. CC ID 10505 Configuration Preventive
    Configure the "Network Protocol Lockdown: Internet Explorer Processes" setting to organizational standards. CC ID 10506 Configuration Preventive
    Configure the "Network Protocol Lockdown: Process List" setting to organizational standards. CC ID 10507 Configuration Preventive
    Configure the "Play animations in web pages" setting to organizational standards. CC ID 10508 Configuration Preventive
    Configure the "Play sounds in web pages" setting to organizational standards. CC ID 10509 Configuration Preventive
    Configure the "Pop-up allow list" setting to organizational standards. CC ID 10510 Configuration Preventive
    Configure the "Prevent configuration of search from the Address bar" setting to organizational standards. CC ID 10511 Configuration Preventive
    Configure the "Prevent Deleting Favorites Site Data" setting to organizational standards. CC ID 10512 Configuration Preventive
    Configure the "Prevent Deleting Form Data" setting to organizational standards. CC ID 10513 Configuration Preventive
    Configure the "Prevent Deleting InPrivate Filtering data" setting to organizational standards. CC ID 10514 Configuration Preventive
    Configure the "Prevent Deleting Passwords" setting to organizational standards. CC ID 10515 Configuration Preventive
    Configure the "Prevent Internet Explorer Search box from displaying" setting to organizational standards. CC ID 10516 Configuration Preventive
    Configure the "Prevent setting of the code download path for each machine" setting to organizational standards. CC ID 10517 Configuration Preventive
    Configure the "Prevent the configuration of cipher strength update information URLs" setting to organizational standards. CC ID 10518 Configuration Preventive
    Configure the "Prevent the use of Windows colors" setting to organizational standards. CC ID 10519 Configuration Preventive
    Configure the "Prevent users from choosing default text size" setting to organizational standards. CC ID 10520 Configuration Preventive
    Configure the "Prevent users from configuring background color" setting to organizational standards. CC ID 10521 Configuration Preventive
    Configure the "Prevent users from configuring text color" setting to organizational standards. CC ID 10522 Configuration Preventive
    Configure the "Prevent users from configuring the color of links that have already been clicked" setting to organizational standards. CC ID 10523 Configuration Preventive
    Configure the "Prevent users from configuring the color of links that have not yet been clicked" setting to organizational standards. CC ID 10524 Configuration Preventive
    Configure the "Prevent users from configuring the hover color" setting to organizational standards. CC ID 10525 Configuration Preventive
    Configure the "Restrict changing the default search provider" setting to organizational standards. CC ID 10526 Configuration Preventive
    Configure the "Restrict search providers to a specific list of providers" setting to organizational standards. CC ID 10527 Configuration Preventive
    Configure the "Restricted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10528 Configuration Preventive
    Configure the "Restricted Sites Zone Template" setting to organizational standards. CC ID 10529 Configuration Preventive
    Configure the "Send internationalized domain names" setting to organizational standards. CC ID 10530 Configuration Preventive
    Configure the "Set location of Stop and Refresh buttons" setting to organizational standards. CC ID 10531 Configuration Preventive
    Configure the "Set tab process growth" setting to organizational standards. CC ID 10532 Configuration Preventive
    Configure the "Flash" setting to organizational standards. CC ID 10533
    [Microsoft Office is configured to disable support for Flash content. Security Control: 1541; Revision: 0]
    Configuration Preventive
    Configure the "Tools menu: Disable Internet Options.. menu option" setting to organizational standards. CC ID 10534 Configuration Preventive
    Configure the "Trusted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10535 Configuration Preventive
    Configure the "Trusted Sites Zone Template" setting to organizational standards. CC ID 10536 Configuration Preventive
    Configure the "Turn off Accelerators" setting to organizational standards. CC ID 10537 Configuration Preventive
    Configure the "Turn off Automatic Crash Recovery Prompt" setting to organizational standards. CC ID 10538 Configuration Preventive
    Configure the "Turn off automatic image resizing" setting to organizational standards. CC ID 10539 Configuration Preventive
    Configure the "Turn off ClearType" setting to organizational standards. CC ID 10540 Configuration Preventive
    Configure the "Turn off Compatibility View button" setting to organizational standards. CC ID 10541 Configuration Preventive
    Configure the "Turn off Compatibility View" setting to organizational standards. CC ID 10542 Configuration Preventive
    Configure the "Turn off configuration of default behavior of new tab creation" setting to organizational standards. CC ID 10543 Configuration Preventive
    Configure the "Turn off configuration of tabbed browsing pop-up behavior" setting to organizational standards. CC ID 10544 Configuration Preventive
    Configure the "Turn off configuration of window reuse" setting to organizational standards. CC ID 10545 Configuration Preventive
    Configure the "Turn off configuring underline links" setting to organizational standards. CC ID 10546 Configuration Preventive
    Configure the "Turn off Cross Document Messaging" setting to organizational standards. CC ID 10547 Configuration Preventive
    Configure the "Turn off Data URI Support" setting to organizational standards. CC ID 10548 Configuration Preventive
    Configure the "Turn off Developer Tools" setting to organizational standards. CC ID 10549 Configuration Preventive
    Configure the "Turn off displaying the Internet Explorer Help Menu" setting to organizational standards. CC ID 10550 Configuration Preventive
    Configure the "Turn off Favorites bar" setting to organizational standards. CC ID 10551 Configuration Preventive
    Configure the "Turn off friendly http error messages" setting to organizational standards. CC ID 10552 Configuration Preventive
    Configure the "Turn off InPrivate Filtering" setting to organizational standards. CC ID 10553 Configuration Preventive
    Configure the "Turn off Managing Pop-up Allow list" setting to organizational standards. CC ID 10554 Configuration Preventive
    Configure the "Turn off managing Pop-up filter level" setting to organizational standards. CC ID 10555 Configuration Preventive
    Configure the "Turn off page zooming functionality" setting to organizational standards. CC ID 10556 Configuration Preventive
    Configure the "Turn off picture display" setting to organizational standards. CC ID 10557 Configuration Preventive
    Configure the "Turn off pop-up management" setting to organizational standards. CC ID 10558 Configuration Preventive
    Configure the "Turn off Print Menu" setting to organizational standards. CC ID 10559 Configuration Preventive
    Configure the "Turn off Quick Tabs functionality" setting to organizational standards. CC ID 10560 Configuration Preventive
    Configure the "Turn off Reopen Last Browsing Session" setting to organizational standards. CC ID 10561 Configuration Preventive
    Configure the "Turn off sending URLs as UTF-8 (requires restart)" setting to organizational standards. CC ID 10562 Configuration Preventive
    Configure the "Turn off smart image dithering" setting to organizational standards. CC ID 10563 Configuration Preventive
    Configure the "Turn off smooth scrolling" setting to organizational standards. CC ID 10564 Configuration Preventive
    Configure the "Turn off suggestions for all user-installed providers" setting to organizational standards. CC ID 10565 Configuration Preventive
    Configure the "Turn off Tab Grouping" setting to organizational standards. CC ID 10566 Configuration Preventive
    Configure the "Turn off tabbed browsing" setting to organizational standards. CC ID 10567 Configuration Preventive
    Configure the "Turn off the activation of the quick pick menu" setting to organizational standards. CC ID 10568 Configuration Preventive
    Configure the "Turn off the auto-complete feature for web addresses" setting to organizational standards. CC ID 10569 Configuration Preventive
    Configure the "Turn off the XDomainRequest Object" setting to organizational standards. CC ID 10570 Configuration Preventive
    Configure the "Turn off toolbar upgrade tool" setting to organizational standards. CC ID 10571 Configuration Preventive
    Configure the "Turn off Windows Search AutoComplete" setting to organizational standards. CC ID 10572 Configuration Preventive
    Configure the "Turn on automatic detection of the intranet" setting to organizational standards. CC ID 10573 Configuration Preventive
    Configure the "Turn on Automatic Signup" setting to organizational standards. CC ID 10574 Configuration Preventive
    Configure the "Turn on Caret Browsing support" setting to organizational standards. CC ID 10575 Configuration Preventive
    Configure the "Turn on Compatibility Logging" setting to organizational standards. CC ID 10576 Configuration Preventive
    Configure the "Turn on Information bar notification for intranet content" setting to organizational standards. CC ID 10577 Configuration Preventive
    Configure the "Turn on inline AutoComplete for Web addresses" setting to organizational standards. CC ID 10578 Configuration Preventive
    Configure the "Turn on Internet Explorer 7 Standards Mode" setting to organizational standards. CC ID 10579 Configuration Preventive
    Configure the "Turn on Internet Explorer Standards Mode for Local Intranet" setting to organizational standards. CC ID 10580 Configuration Preventive
    Configure the "Turn on menu bar by default" setting to organizational standards. CC ID 10581 Configuration Preventive
    Configure the "Turn on the display of a notification about every script error" setting to organizational standards. CC ID 10582 Configuration Preventive
    Configure the "Turn on the hover color option" setting to organizational standards. CC ID 10583 Configuration Preventive
    Configure the "Use Automatic Detection for dial-up connections" setting to organizational standards. CC ID 10584 Configuration Preventive
    Configure the "Use HTTP 1.1 through proxy connections" setting to organizational standards. CC ID 10585 Configuration Preventive
    Configure the "Use HTTP 1.1" setting to organizational standards. CC ID 10586 Configuration Preventive
    Configure the "Use large Icons for Command Buttons" setting to organizational standards. CC ID 10587 Configuration Preventive
    Configure the "Use Policy Accelerators" setting to organizational standards. CC ID 10588 Configuration Preventive
    Configure the "Use Policy List of Internet Explorer 7 sites" setting to organizational standards. CC ID 10589 Configuration Preventive
    Configure the "Use UTF-8 for mailto links" setting to organizational standards. CC ID 10590 Configuration Preventive
    Configure the "View menu: Disable Full Screen menu option" setting to organizational standards. CC ID 10591 Configuration Preventive
    Configure the "View menu: Disable Source menu option" setting to organizational standards. CC ID 10592 Configuration Preventive
    Configure the "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting to organizational standards. CC ID 10607 Configuration Preventive
    Configure the "AutoRun" setting to organizational standards. CC ID 10608 Configuration Preventive
    Implement hardware-based write-protect for system firmware components. CC ID 10659 Technical Security Preventive
    Implement procedures to manually disable hardware-based write-protect to change computer firmware. CC ID 10660 Technical Security Preventive
    Configure the "Disable binding directly to IPropertySetStorage without intermediate layers." setting to organizational standards. CC ID 10861 Configuration Preventive
    Configure the "Disable delete notifications on all volumes" setting to organizational standards. CC ID 10862 Configuration Preventive
    Configure the "Disable IE security prompt for Windows Installer scripts" setting to organizational standards. CC ID 10863 Configuration Preventive
    Configure the "Disable or enable software Secure Attention Sequence" setting to organizational standards. CC ID 10865 Configuration Preventive
    Configure the "Disable text prediction" setting to organizational standards. CC ID 10867 Configuration Preventive
    Configure the "Disable Windows Error Reporting" machine setting should be configured correctly. to organizational standards. CC ID 10868 Configuration Preventive
    Configure the "Disable Windows Installer" setting to organizational standards. CC ID 10869 Configuration Preventive
    Configure the "Display a custom message when installation is prevented by a policy setting" setting to organizational standards. CC ID 10886 Configuration Preventive
    Configure the "Enable/Disable PerfTrack" setting to organizational standards. CC ID 10953 Configuration Preventive
    Configure the "Enforce disk quota limit" setting to organizational standards. CC ID 10956 Configuration Preventive
    Configure the "Limit audio playback quality" setting to organizational standards. CC ID 11006 Configuration Preventive
    Configure the "Limit disk space used by offline files" setting to organizational standards. CC ID 11007 Configuration Preventive
    Configure the "Limit maximum color depth" setting to organizational standards. CC ID 11008 Configuration Preventive
    Configure the "Limit maximum display resolution" setting to organizational standards. CC ID 11009 Configuration Preventive
    Configure the "Limit maximum number of monitors" setting to organizational standards. CC ID 11010 Configuration Preventive
    Configure the "Limit outstanding packets" setting to organizational standards. CC ID 11012 Configuration Preventive
    Configure the "Limit reservable bandwidth" setting to organizational standards. CC ID 11013 Configuration Preventive
    Configure the "Limit the age of files in the BITS Peercache" setting to organizational standards. CC ID 11014 Configuration Preventive
    Configure the "Limit the BITS Peercache size" setting to organizational standards. CC ID 11015 Configuration Preventive
    Configure the "Limit the maximum BITS job download time" setting to organizational standards. CC ID 11016 Configuration Preventive
    Configure the "Limit the maximum number of BITS jobs for each user" setting to organizational standards. CC ID 11018 Configuration Preventive
    Configure the "Limit the maximum number of BITS jobs for this computer" setting to organizational standards. CC ID 11019 Configuration Preventive
    Configure the "Limit the maximum number of ranges that can be added to the file in a BITS job" setting to organizational standards. CC ID 11021 Configuration Preventive
    Configure the "Limit the size of the entire roaming user profile cache" setting to organizational standards. CC ID 11022 Configuration Preventive
    Configure the "Microsoft Support Diagnostic Tool: Restrict tool download" setting to organizational standards. CC ID 11044 Configuration Preventive
    Configure the "Prevent access to 16-bit applications" setting to organizational standards. CC ID 11066 Configuration Preventive
    Configure the "Prevent Automatic Updates" setting to organizational standards. CC ID 11067 Configuration Preventive
    Configure the "Prevent Back-ESC mapping" setting to organizational standards. CC ID 11068 Configuration Preventive
    Configure the "Prevent backing up to local disks" setting to organizational standards. CC ID 11069 Configuration Preventive
    Configure the "Prevent backing up to optical media (CD/DVD)" setting to organizational standards. CC ID 11071 Configuration Preventive
    Configure the "Prevent display of the user interface for critical errors" setting to organizational standards. CC ID 11074 Configuration Preventive
    Configure the "Prevent flicks" setting to organizational standards. CC ID 11075 Configuration Preventive
    Configure the "Prevent Flicks Learning Mode" setting to organizational standards. CC ID 11076 Configuration Preventive
    Configure the "Prevent Input Panel tab from appearing" setting to organizational standards. CC ID 11077 Configuration Preventive
    Configure the "Prevent launch an application" setting to organizational standards. CC ID 11081 Configuration Preventive
    Configure the "Prevent license upgrade" setting to organizational standards. CC ID 11082 Configuration Preventive
    Configure the "Prevent Media Sharing" setting to organizational standards. CC ID 11083 Configuration Preventive
    Configure the "Prevent plaintext PINs from being returned by Credential Manager" setting to organizational standards. CC ID 11084 Configuration Preventive
    Configure the "Prevent press and hold" setting to organizational standards. CC ID 11085 Configuration Preventive
    Configure the "Prevent Quick Launch Toolbar Shortcut Creation" setting to organizational standards. CC ID 11086 Configuration Preventive
    Configure the "Prevent restoring local previous versions" setting to organizational standards. CC ID 11087 Configuration Preventive
    Configure the "Prevent restoring previous versions from backups" setting to organizational standards. CC ID 11088 Configuration Preventive
    Configure the "Prevent Roaming Profile changes from propagating to the server" setting to organizational standards. CC ID 11090 Configuration Preventive
    Configure the "Prevent Video Smoothing" setting to organizational standards. CC ID 11091 Configuration Preventive
    Configure the "Prevent Windows Anytime Upgrade from running." setting to organizational standards. CC ID 11092 Configuration Preventive
    Configure the "Prohibit Access of the Windows Connect Now wizards" setting to organizational standards. CC ID 11100 Configuration Preventive
    Configure the "Prohibit Flyweight Patching" setting to organizational standards. CC ID 11101 Configuration Preventive
    Configure the "Prohibit installing or uninstalling color profiles" setting to organizational standards. CC ID 11103 Configuration Preventive
    Configure the "Prohibit patching" setting to organizational standards. CC ID 11104 Configuration Preventive
    Configure the "Prohibit removal of updates" setting to organizational standards. CC ID 11105 Configuration Preventive
    Configure the "Prohibit rollback" setting to organizational standards. CC ID 11106 Configuration Preventive
    Configure the "Prohibit Use of Restart Manager" setting to organizational standards. CC ID 11107 Configuration Preventive
    Configure the "Restrict Internet communication" setting to organizational standards. CC ID 11140 Configuration Preventive
    Configure the "Restrict potentially unsafe HTML Help functions to specified folders" setting to organizational standards. CC ID 11141 Configuration Preventive
    Configure the "Restrict system locales" setting to organizational standards. CC ID 11143 Configuration Preventive
    Configure the "Restrict these programs from being launched from Help" setting to organizational standards. CC ID 11144 Configuration Preventive
    Configure the "Restrict unpacking and installation of gadgets that are not digitally signed." setting to organizational standards. CC ID 11145 Configuration Preventive
    Configure the "Restrict user locales" setting to organizational standards. CC ID 11146 Configuration Preventive
    Configure the "Terminate session when time limits are reached" setting to organizational standards. CC ID 11241 Configuration Preventive
    Configure the "Turn off access to all Windows Update features" setting to organizational standards. CC ID 11254 Configuration Preventive
    Configure the "Turn off access to the OEM and Microsoft branding section" setting to organizational standards. CC ID 11255 Configuration Preventive
    Configure the "Turn off access to the performance center core section" setting to organizational standards. CC ID 11256 Configuration Preventive
    Configure the "Turn off access to the solutions to performance problems section" setting to organizational standards. CC ID 11257 Configuration Preventive
    Configure the "Turn off Active Help" setting to organizational standards. CC ID 11258 Configuration Preventive
    Configure the "Turn off Application Compatibility Engine" setting to organizational standards. CC ID 11261 Configuration Preventive
    Configure the "Turn off Application Telemetry" setting to organizational standards. CC ID 11262 Configuration Preventive
    Configure the "Turn off AutoComplete integration with Input Panel" setting to organizational standards. CC ID 11263 Configuration Preventive
    Configure the "Turn off automatic learning" setting to organizational standards. CC ID 11264 Configuration Preventive
    Configure the "Turn off Automatic Root Certificates Update" setting to organizational standards. CC ID 11265 Configuration Preventive
    Configure the "Turn off automatic termination of applications that block or cancel shutdown" setting to organizational standards. CC ID 11266 Configuration Preventive
    Configure the "Turn off automatic wake" setting to organizational standards. CC ID 11267 Configuration Preventive
    Configure the "Turn Off Boot and Resume Optimizations" setting to organizational standards. CC ID 11269 Configuration Preventive
    Configure the "Turn off Configuration" setting to organizational standards. CC ID 11271 Configuration Preventive
    Configure the "Turn off creation of System Restore Checkpoints" setting to organizational standards. CC ID 11273 Configuration Preventive
    Configure the "Turn off Data Execution Prevention for HTML Help Executible" setting to organizational standards. CC ID 11274 Configuration Preventive
    Configure the "Turn off downloading of game information" setting to organizational standards. CC ID 11276 Configuration Preventive
    Configure the "Turn off Fair Share CPU Scheduling" setting to organizational standards. CC ID 11277 Configuration Preventive
    Configure the "Turn off game updates" setting to organizational standards. CC ID 11279 Configuration Preventive
    Configure the "Turn off hardware buttons" setting to organizational standards. CC ID 11280 Configuration Preventive
    Configure the "Turn off location scripting" setting to organizational standards. CC ID 11287 Configuration Preventive
    Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Global" to organizational standards. CC ID 11290 Configuration Preventive
    Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Site Local" to organizational standards. CC ID 11292 Configuration Preventive
    Configure the "Turn off Multicast Name Resolution" setting to organizational standards. CC ID 11293 Configuration Preventive
    Configure the "Turn Off Non Volatile Cache Feature" setting to organizational standards. CC ID 11294 Configuration Preventive
    Configure the "Turn off numerical sorting in Windows Explorer" setting to organizational standards. CC ID 11295 Configuration Preventive
    Configure the "Turn off pen feedback" setting to organizational standards. CC ID 11297 Configuration Preventive
    Configure the "Turn off PNRP cloud creation" setting for "IPv6 Global" to organizational standards. CC ID 11298 Configuration Preventive
    Configure the "Turn off PNRP cloud creation" setting for "IPv6 Site Local" to organizational standards. CC ID 11300 Configuration Preventive
    Configure the "Turn off Problem Steps Recorder" setting to organizational standards. CC ID 11301 Configuration Preventive
    Configure the "Turn off Program Compatibility Assistant" setting to organizational standards. CC ID 11302 Configuration Preventive
    Configure the "Turn off Program Inventory" setting to organizational standards. CC ID 11303 Configuration Preventive
    Configure the "Turn off Real-Time Monitoring" setting to organizational standards. CC ID 11304 Configuration Preventive
    Configure the "Turn off restore functionality" setting to organizational standards. CC ID 11306 Configuration Preventive
    Configure the "Turn off Routinely Taking Action" setting to organizational standards. CC ID 11308 Configuration Preventive
    Configure the "Turn off sensors" setting to organizational standards. CC ID 11309 Configuration Preventive
    Configure the "Turn Off Solid State Mode" setting to organizational standards. CC ID 11310 Configuration Preventive
    Configure the "Turn off SwitchBack Compatibility Engine" setting to organizational standards. CC ID 11311 Configuration Preventive
    Configure the "Turn off System Restore" setting to organizational standards. CC ID 11312 Configuration Preventive
    Configure the "Turn off Tablet PC touch input" setting to organizational standards. CC ID 11313 Configuration Preventive
    Configure the "Turn off the ability to back up data files" setting to organizational standards. CC ID 11315 Configuration Preventive
    Configure the "Turn off the ability to create a system image" setting to organizational standards. CC ID 11316 Configuration Preventive
    Configure the "Turn off the communities features" setting to organizational standards. CC ID 11317 Configuration Preventive
    Configure the "Turn off Touch Panning" setting to organizational standards. CC ID 11320 Configuration Preventive
    Configure the "Turn off tracking of last play time of games in the Games folder" setting to organizational standards. CC ID 11321 Configuration Preventive
    Configure the "Turn off Windows Customer Experience Improvement Program" setting to organizational standards. CC ID 11323 Configuration Preventive
    Configure the "Turn off Windows Defender" setting to organizational standards. CC ID 11324 Configuration Preventive
    Configure the "Turn off Windows HotStart" setting to organizational standards. CC ID 11325 Configuration Preventive
    Configure the "Turn off Windows Installer RDS Compatibility" setting to organizational standards. CC ID 11326 Configuration Preventive
    Configure the "Turn off Windows Mobility Center" setting to organizational standards. CC ID 11327 Configuration Preventive
    Configure the "Turn off Windows presentation settings" setting to organizational standards. CC ID 11329 Configuration Preventive
    Configure the "Turn off Windows SideShow" setting to organizational standards. CC ID 11330 Configuration Preventive
    Configure the "Turn off Windows Startup Sound" setting to organizational standards. CC ID 11331 Configuration Preventive
    Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418
    [{outside normal business hours} Outside of business hours, and after an appropriate period of inactivity, user sessions are terminated and workstations are rebooted. Security Control: 0853; Revision: 1]
    Configuration Preventive
    Refrain from using assertion lifetimes to limit each session. CC ID 13871 Technical Security Preventive
    Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 Configuration Preventive
    Invalidate unexpected session identifiers. CC ID 15307 Configuration Preventive
    Configure the "MaxStartups" settings to organizational standards. CC ID 15329 Configuration Preventive
    Reject session identifiers that are not valid. CC ID 15306 Configuration Preventive
    Configure the "MaxSessions" settings to organizational standards. CC ID 15330 Configuration Preventive
    Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 Configuration Preventive
    Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 Configuration Preventive
    Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738
    [{outside normal business hours} Outside of business hours, and after an appropriate period of inactivity, user sessions are terminated and workstations are rebooted. Security Control: 0853; Revision: 1]
    Configuration Preventive
    Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 Configuration Preventive
    Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 Configuration Preventive
    Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 Configuration Preventive
    Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 Configuration Preventive
    Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 Configuration Preventive
    Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 Configuration Preventive
    Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 Configuration Preventive
    Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 Configuration Preventive
    Install custom applications, only if they are trusted. CC ID 04822 Configuration Preventive
    Configure virtual networks in accordance with the information security policy. CC ID 13165
    [When accessing an organisation system via a VPN connection, split tunnelling is disabled. Security Control: 0705; Revision: 3]
    Configuration Preventive
    Configure Simple Network Management Protocol (SNMP) to organizational standards. CC ID 12423 Configuration Preventive
    Configure Simple Network Management Protocol to enable authentication and privacy. CC ID 12427 Configuration Preventive
    Change the default community string for Simple Network Management Protocol. CC ID 01872
    [All default SNMP community strings on network devices are changed and have write access disabled. Security Control: 1312; Revision: 2]
    Configuration Preventive
    Configure the system's storage media. CC ID 10618 Configuration Preventive
    Configure the system's electronic storage media's encryption settings. CC ID 11927
    [HACE is used if an organisation wishes to reduce the physical storage or handling requirements for ICT equipment or media that contains highly classified information. Security Control: 0460; Revision: 8]
    Configuration Preventive
    Prohibit the use of sanitization-resistant media in Information Systems. CC ID 10617 Configuration Preventive
    Configure Internet Browser security options according to organizational standards. CC ID 02166
    [Web browsers are configured to block or disable support for Flash content. Security Control: 1484; Revision: 1
    Web browsers are configured to block web advertisements. Security Control: 1485; Revision: 0
    Web browsers are configured to block Java from the internet. Security Control: 1486; Revision: 0]
    Configuration Preventive
    Configure the "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting. CC ID 04910 Configuration Preventive
    Configure the "Disable Internet Connection wizard" setting. CC ID 02242 Configuration Preventive
    Configure the "Disable Automatic Install of Internet Explorer components" setting. CC ID 04337 Configuration Preventive
    Configure the "Disable Periodic Check for Internet Explorer software updates" setting. CC ID 04338 Configuration Preventive
    Configure the "Do not allow users to enable or disable add-ons" setting in Internet Explorer properly. CC ID 04340 Configuration Preventive
    Configure the "Turn off Crash Detection" setting in Internet Explorer properly. CC ID 04345 Configuration Preventive
    Configure the "internet explorer processes (mk protocol)" setting. CC ID 04347 Configuration Preventive
    Configure the "internet explorer processes (consistent MIME handling)" setting. CC ID 04348 Configuration Preventive
    Configure the "internet explorer processes (MIME sniffing)" setting. CC ID 04349 Configuration Preventive
    Configure the "Internet Explorer Processes (Restrict ActiveX Install)" setting. CC ID 04352 Configuration Preventive
    Configure the "internet explorer processes (restrict file download)" setting. CC ID 04353 Configuration Preventive
    Configure the "Deny all add-ons unless specifically allowed in the Add-on List" setting. CC ID 04354 Configuration Preventive
    Configure the "Disable Save this program to disk option" setting in limited functionality environments properly. CC ID 04366 Configuration Preventive
    Configure the "Disable the Advanced Page" setting in limited functionality environments. CC ID 04367 Configuration Preventive
    Configure the "Disable the Security Page" setting in limited functionality environments properly. CC ID 04368 Configuration Preventive
    Configure the "Disable adding channels" setting in Internet Explorer properly. CC ID 04369 Configuration Preventive
    Configure the "Disable adding schedules for offline pages" setting. CC ID 04370 Configuration Preventive
    Configure the "Disable all scheduled offline pages" setting. CC ID 04371 Configuration Preventive
    Configure the "Disable channel user interface completely" setting. CC ID 04372</