[csf.tools Note: Subcategories do not have detailed descriptions.]
NIST Special Publication 800-53 Revision 5
Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [Assignment: organization-defined information flow control policies].
Approve and manage the exchange of information between the system and other systems using [Assignment (one or more): interconnection security agreements, information exchange security agreements, memoranda of understanding or agreement, service level agreements, user agreements, nondisclosure agreements, [Assignment: organization-defined type of agreement] ]; Document, as part of each exchange agreement, the interface characteristics, security and…
Develop, document, and maintain under configuration control, a current baseline configuration of the system; and Review and update the baseline configuration of the system: [Assignment: organization-defined frequency]; When required due to [Assignment: organization-defined circumstances]; and When system components are installed or upgraded.
Associate [Assignment: organization-defined security and privacy attributes] with information exchanged between systems and between system components.
1. Strategically within the system to collect organization-determined essential information; and 1. At ad hoc locations within the system to track specific types of transactions of interest to the organization; Monitor the system to detect: Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [Assignment: organization-defined monitoring objectives]; and Unauthorized local,…
Cloud Controls Matrix v3.0.1
Policies and procedures shall be established, and supporting business processes and technical measures implemented, to inventory, document, and maintain data flows for data that is resident (permanently or temporarily) within the service’s geographically distributed (physical and virtual) applications and infrastructure network and systems components and/or shared with other third parties to ascertain any regulatory, statutory,…
Critical Security Controls Version 8
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
NIST Special Publication 800-53 Revision 4
The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies].
The organization: Authorizes connections from the information system to other information systems through the use of Interconnection Security Agreements; Documents, for each interconnection, the interface characteristics, security requirements, and the nature of the information communicated; and Reviews and updates Interconnection Security Agreements [Assignment: organization-defined frequency].
The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system.
The organization: Monitors the information system to detect: Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and Unauthorized local, network, and remote connections; Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods]; Deploys monitoring devices: Strategically within the information system to collect organization-determined essential information; and…
Critical Security Controls Version 7.1
Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.