Text search:
Control Families:
3.1: Access Control 3.2: Awareness and Training 3.3: Audit and Accountability 3.4: Configuration Management 3.5: Identification and Authentication 3.6: Incident Response 3.7: Maintenance 3.8: Media Protection 3.9: Personnel Security 3.10: Physical Protection 3.11: Risk Assessment 3.12: Security Assessment 3.13: System and Communications Protection 3.14: System and Information Integrity
Framework Relationships:
ID.AM-1: Physical devices and systems within the organization are inventoried ID.AM-2: Software platforms and applications within the organization are inventoried ID.AM-3: Organizational communication and data flows are mapped ID.AM-4: External information systems are catalogued ID.RA-1: Asset vulnerabilities are identified and documented ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources ID.RA-3: Threats, both internal and external, are identified and documented ID.RA-4: Potential business impacts and likelihoods are identified ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes PR.AC-2: Physical access to assets is managed and protected PR.AC-3: Remote access is managed PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation) PR.AT-1: All users are informed and trained PR.AT-2: Privileged users understand their roles and responsibilities PR.AT-4: Senior executives understand their roles and responsibilities PR.AT-5: Physical and cybersecurity personnel understand their roles and responsibilities PR.DS-1: Data-at-rest is protected PR.DS-2: Data-in-transit is protected PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition PR.DS-5: Protections against data leaks are implemented PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality) PR.IP-3: Configuration change control processes are in place PR.IP-6: Data is destroyed according to policy PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed PR.IP-10: Response and recovery plans are tested PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) PR.IP-12: A vulnerability management plan is developed and implemented PR.MA-1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy PR.PT-2: Removable media is protected and its use restricted according to policy PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities PR.PT-4: Communications and control networks are protected DE.AE-2: Detected events are analyzed to understand attack targets and methods DE.AE-3: Event data are collected and correlated from multiple sources and sensors DE.AE-4: Impact of events is determined DE.AE-5: Incident alert thresholds are established DE.CM-1: The network is monitored to detect potential cybersecurity events DE.CM-2: The physical environment is monitored to detect potential cybersecurity events DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events DE.CM-4: Malicious code is detected DE.CM-5: Unauthorized mobile code is detected DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed DE.CM-8: Vulnerability scans are performed DE.DP-2: Detection activities comply with all applicable requirements DE.DP-3: Detection processes are tested RS.AN-1: Notifications from detection systems are investigated RS.AN-2: The impact of the incident is understood RS.AN-4: Incidents are categorized consistent with response plans RS.CO-1: Personnel know their roles and order of operations when a response is needed RS.CO-2: Incidents are reported consistent with established criteria RS.CO-4: Coordination with stakeholders occurs consistent with response plans RS.IM-1: Response plans incorporate lessons learned RS.IM-2: Response strategies are updated RS.MI-1: Incidents are contained RS.MI-2: Incidents are mitigated RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks RS.RP-1: Response plan is executed during or after an incident RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams RC.IM-1: Recovery plans incorporate lessons learned RC.IM-2: Recovery strategies are updated RC.RP-1: Recovery plan is executed during or after a cybersecurity incident 3.1: Access Control 3.2: Awareness and Training 3.3: Audit and Accountability 3.4: Configuration Management 3.5: Identification and Authentication 3.6: Incident Response 3.7: Maintenance 3.8: Media Protection 3.9: Personnel Security 3.10: Physical Protection 3.11: Risk Assessment 3.12: Security Assessment 3.13: System and Communications Protection 3.14: System and Information Integrity
Apply Clear Cancel
