● Implemented: 7
● In Progress: 1
● Not Started: 138
● N/A: 0
4.5%
Overall Implementation| Control | Name | Type | Function | Frameworks | Status | Docs | |
|---|---|---|---|---|---|---|---|
ACCESS-001 |
Account Inventory Establish and maintain an inventory of all accounts managed in the organization.... |
Administrative | Identify | CAN_CYBER, CIS_8_1, CPA_CYBER, NIST_CSF | Implemented | ||
ACCESS-002 |
Unused Account Removal Delete or disable any unmanaged or inactive accounts after a period of 45 days o... |
Administrative | Protect | CIS_8_1, CMMC | Implemented | ||
ACCESS-003 |
Strong Password Policy Ensure all accounts have complex, unique passwords that meet minimum requirement... |
Technical | Protect | CAN_CYBER, CIS_8_1, CMMC, CPA_CYBER | Implemented | ||
ACCESS-004 |
Multi-Factor Authentication Use multi-factor authentication (MFA) for externally-exposed applications and re... |
Technical | Protect | CAN_CYBER, CCCS, CIS_8_1, NIST_CSF | In Progress | ||
ACCESS-005 |
Privileged Access Management Restrict administrator privileges to dedicated administrator accounts on enterpr... |
Technical | Protect | CAN_CYBER, CIS_8_1, CPA_CYBER | Implemented | ||
ACCESS-006 |
Role-Based Access Control Implement role-based access control (RBAC) to authorize access based on job func... |
Administrative | Protect | CIS_8_1, NIST_CSF | Implemented | ||
ACCESS-007 |
Centralized Access Control Centralize access control for all enterprise assets through a directory service.... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Implemented | ||
ACCESS-008 |
Secure Remote Access Securely manage enterprise assets remotely using encrypted connections.... |
Technical | Protect | CCCS, CIS_8_1, NIST_CSF, PCI_SAQ_B_IP | Implemented | ||
ACCESS-009 |
Account Lockout Policy Configure account lockout policies to protect against brute-force attacks.... |
Technical | Protect | CMMC, CPA_CYBER | Pending Review | ||
ACCESS-010 |
Access Review Process Establish and maintain a process to review user access rights periodically.... |
Administrative | Govern | CMMC | Pending Review | ||
ACCESS-011 |
Service Account Management Manage service accounts with unique, complex passwords and restricted permission... |
Technical | Protect | CMMC | Pending Review | ||
ACCESS-013 |
Separation of Duties Enforce separation of duties to prevent any single individual from controlling a... |
Administrative | Protect | CMMC, NIST_CSF | Not Started | ||
ACCESS-014 |
System Use Notification Display an approved system-use notification (logon banner) before granting acces... |
Technical | Protect | CMMC | Not Started | ||
ACCESS-016 |
Dual Authorization Require two authorized individuals to approve and execute critical or high-risk ... |
Administrative | Protect | NIST_CSF | Not Started | ||
ACCT-001 |
Local Account Hardening Disable, rename, or strictly control local administrator and guest accounts on a... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Pending Review | ||
APPSEC-001 |
Secure Development Policy Establish secure development policies and procedures.... |
Administrative | Protect | CIS_8_1, NIST_CSF | Not Started | ||
APPSEC-002 |
Code Review Perform security code reviews for custom applications.... |
Technical | Detect | CIS_8_1 | Not Started | ||
APPSEC-003 |
Application Testing Perform security testing of applications before deployment.... |
Technical | Detect | CIS_8_1 | Not Started | ||
APPSEC-004 |
Input Validation Implement input validation for all application inputs.... |
Technical | Protect | CIS_8_1 | Not Started | ||
APPSEC-006 |
Dependency Management Maintain an inventory of application dependencies and scan for vulnerabilities.... |
Technical | Detect | CIS_8_1 | Not Started | ||
ASSET-001 |
Enterprise Asset Inventory Establish and maintain an accurate, detailed, and up-to-date inventory of all en... |
Technical | Identify | CAN_CYBER, CIS_8_1, CPA_CYBER, NIST_CSF | Not Started | ||
ASSET-002 |
Software Asset Inventory Establish and maintain a detailed inventory of all licensed software installed o... |
Technical | Identify | CAN_CYBER, CIS_8_1, NIST_CSF | Pending Review | ||
ASSET-003 |
Unauthorized Asset Discovery Ensure that unauthorized assets are either removed from the network, denied acce... |
Technical | Protect | CIS_8_1, CPA_CYBER | Pending Review | ||
ASSET-004 |
Unauthorized Software Prevention Ensure that unauthorized software is either removed or the inventory is updated ... |
Technical | Protect | CIS_8_1 | Not Started | ||
ASSET-005 |
Network Topology Documentation Maintain accurate and up-to-date network architecture diagrams and documentation... |
Administrative | Identify | CIS_8_1 | Pending Review | ||
ASSET-006 |
Mobile Device Management Manage enterprise assets remotely with the ability to wipe, lock, and configure ... |
Technical | Protect | CCCS, CIS_8_1 | Pending Review | ||
ASSET-007 |
Cloud Asset Inventory Maintain inventory of cloud-based assets including IaaS, PaaS, and SaaS resource... |
Technical | Identify | NIST_CSF | Pending Review | ||
AUTH-001 |
Password Policy Enforcement Enforce password policies across all systems including maximum age, minimum age,... |
Technical | Protect | CIS_8_1, CMMC | Not Started | ||
AWARE-001 |
Security Awareness Program Establish and maintain a security awareness program for all employees.... |
Administrative | Protect | CAN_CYBER, CCCS, CIS_8_1, CPA_CYBER, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
AWARE-002 |
Phishing Awareness Training Conduct phishing awareness training and testing.... |
Administrative | Protect | CMMC, CPA_CYBER | Not Started | ||
AWARE-003 |
Role-Based Security Training Provide role-specific security training for personnel with elevated access.... |
Administrative | Protect | CIS_8_1, CMMC, CPA_CYBER, NIST_CSF | Not Started | ||
AWARE-004 |
New Hire Security Training Include security awareness training in new employee onboarding.... |
Administrative | Protect | CIS_8_1 | Not Started | ||
BACKUP-001 |
Backup Policy Establish and maintain a backup policy defining backup scope, frequency, and ret... |
Administrative | Recover | CAN_CYBER, CIS_8_1, CPA_CYBER | Not Started | ||
BACKUP-002 |
Automated Backups Perform automated backups of in-scope enterprise assets.... |
Technical | Recover | CCCS, CIS_8_1, NIST_CSF | Pending Review | ||
BACKUP-003 |
Backup Testing Periodically test backup restoration to verify recoverability.... |
Operational | Recover | CIS_8_1, NIST_CSF | Not Started | ||
BACKUP-004 |
Offsite Backup Storage Store backups in a physically separate location or in the cloud.... |
Operational | Recover | CIS_8_1 | Not Started | ||
BACKUP-007 |
Disaster Recovery Plan Establish and maintain a disaster recovery plan for critical systems.... |
Administrative | Recover | CPA_CYBER, NIST_CSF | Not Started | ||
BACKUP-008 |
Business Continuity Plan Develop and maintain a business continuity plan.... |
Administrative | Recover | CPA_CYBER | Not Started | ||
CLOUD-001 |
Cloud Security Policy Establish policies for secure use of cloud services.... |
Administrative | Govern | CAN_CYBER | Not Started | ||
CLOUD-002 |
Cloud Identity Management Implement identity and access management for cloud services.... |
Technical | Protect | CCCS | Not Started | ||
CONFIG-001 |
Secure Configuration Standards Establish and maintain documented security configuration standards for all enter... |
Administrative | Protect | CAN_CYBER, CCCS, CIS_8_1, CPA_CYBER, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
CONFIG-002 |
Default Password Changes Change all default passwords before deploying any enterprise asset.... |
Operational | Protect | CAN_CYBER, CIS_8_1, PCI_SAQ_B_IP | Not Started | ||
CONFIG-003 |
Unnecessary Services Disabled Ensure that unnecessary services and protocols are disabled.... |
Technical | Protect | CIS_8_1, CMMC, PCI_SAQ_B_IP | Pending Review | ||
CONFIG-004 |
Network Device Hardening Securely configure network infrastructure devices such as firewalls, routers, an... |
Technical | Protect | CIS_8_1 | Not Started | ||
CONFIG-005 |
Server Hardening Securely configure servers following industry-standard hardening guidelines.... |
Technical | Protect | NIST_CSF | Not Started | ||
CONFIG-006 |
Workstation Hardening Securely configure end-user workstations following security standards.... |
Technical | Protect | CIS_8_1, NIST_CSF | Not Started | ||
CONFIG-007 |
Mobile Device Configuration Apply secure configurations to mobile devices including encryption and screen lo... |
Technical | Protect | CIS_8_1 | Not Started | ||
CONFIG-009 |
Configuration Change Management Establish a change management process for security-relevant configuration change... |
Administrative | Protect | CIS_8_1, CMMC | Not Started | ||
CONFIG-011 |
Change Impact Analysis Conduct impact analysis of changes to the information system before implementati... |
Administrative | Identify | CMMC, NIST_CSF | Not Started | ||
CONFIG-012 |
System Maintenance Policy Establish and maintain a system maintenance policy that schedules, performs, doc... |
Operational | Protect | CMMC, NIST_CSF | Not Started | ||
CONFIG-013 |
Maintenance Tools Control Control, monitor, and restrict the use of maintenance tools (diagnostic, testing... |
Operational | Protect | CMMC | Not Started | ||
CRIT-001 |
Critical Asset Identification Identify and categorize critical cyber assets.... |
Administrative | Identify | CMMC | Not Started | ||
DATA-001 |
Data Classification Policy Establish and maintain a data classification policy that defines sensitivity lev... |
Administrative | Identify | CIS_8_1, NIST_CSF | Not Started | ||
DATA-002 |
Sensitive Data Inventory Establish and maintain a data inventory based on the data classification policy.... |
Administrative | Identify | CIS_8_1, NIST_CSF | Not Started | ||
DATA-003 |
Data Retention Policy Retain data according to the organization's data management process and applicab... |
Administrative | Govern | CIS_8_1, PCI_SAQ_B_IP | Not Started | ||
DATA-004 |
Secure Data Disposal Securely dispose of data as outlined in the data management process.... |
Operational | Protect | CIS_8_1, CMMC, PCI_SAQ_B_IP | Not Started | ||
DATA-005 |
Data Encryption at Rest Encrypt sensitive data at rest using encryption that includes a secondary authen... |
Technical | Protect | CAN_CYBER, CCCS, CIS_8_1, CPA_CYBER, NIST_CSF | Not Started | ||
DATA-006 |
Data Encryption in Transit Encrypt data in transit using secure protocols.... |
Technical | Protect | CAN_CYBER, CIS_8_1, CMMC, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
DATA-007 |
Data Loss Prevention Implement data loss prevention (DLP) controls to detect and prevent unauthorized... |
Technical | Detect | CCCS, CIS_8_1 | Not Started | ||
DATA-008 |
Removable Media Controls Control the use of removable media devices on enterprise assets.... |
Technical | Protect | CMMC | Not Started | ||
DATA-009 |
Data Access Logging Log access to sensitive data, including any modifications or deletions.... |
Technical | Detect | CIS_8_1 | Not Started | ||
DATA-011 |
Cryptographic Module Authentication Authenticate cryptographic modules using approved methods before granting access... |
Technical | Protect | NIST_CSF | Not Started | ||
DATA-012 |
Media Marking and Labeling Mark and label information system media (physical and digital) indicating distri... |
Administrative | Protect | CMMC | Not Started | ||
DATA-013 |
Advanced Encryption Standards Implement enhanced cryptographic protections beyond baseline requirements includ... |
Technical | Protect | NIST_CSF | Not Started | ||
DOMAIN-001 |
Domain Registration Security Secure domain registrations with transfer locks, DNSSEC, and reputable registrar... |
Technical | Protect | CIS_8_1, NIST_CSF | Not Started | ||
DOMAIN-002 |
Web Application Firewall Deploy a Web Application Firewall (WAF) on all public-facing web applications to... |
Technical | Protect | CIS_8_1, NIST_CSF | Not Started | ||
EDR-001 |
Endpoint Detection and Response Deploy and maintain an Endpoint Detection and Response (EDR) solution with activ... |
Technical | Detect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
EMAIL-001 |
Email Authentication Standards Configure and enforce SPF, DKIM, and DMARC records for all organizational domain... |
Technical | Protect | CIS_8_1, NIST_CSF | Not Started | ||
EMAIL-002 |
Email Protocol Security Disable insecure legacy email protocols including basic authentication, POP3, IM... |
Technical | Protect | CIS_8_1 | Not Started | ||
EXEC-001 |
Script Execution Controls Configure and enforce script execution policies including PowerShell execution p... |
Technical | Protect | CIS_8_1 | Not Started | ||
EXPOSE-001 |
External Attack Surface Management Monitor and minimize the external attack surface by identifying and restricting ... |
Technical | Detect | CIS_8_1, NIST_CSF | Not Started | ||
FW-001 |
Host-Based Firewall Enable and configure host-based firewalls on all endpoints including Windows Fir... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
GOV-001 |
Information Security Policy Establish and maintain an information security policy.... |
Administrative | Govern | CAN_CYBER, CCCS, CMMC, CPA_CYBER, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
GOV-002 |
Risk Management Program Establish a risk management program to identify and address risks.... |
Administrative | Govern | CAN_CYBER, CPA_CYBER, NIST_CSF | Not Started | ||
GOV-003 |
Security Roles and Responsibilities Define and document security roles and responsibilities.... |
Administrative | Govern | CMMC, CPA_CYBER, NIST_CSF | Not Started | ||
GOV-004 |
Policy Review Process Review and update security policies on a regular basis.... |
Administrative | Govern | CPA_CYBER, NIST_CSF | Not Started | ||
GOV-005 |
Compliance Monitoring Monitor compliance with security policies and applicable regulations.... |
Administrative | Govern | CMMC, CPA_CYBER, NIST_CSF | Not Started | ||
GOV-006 |
Security Metrics Establish security metrics and report to management.... |
Administrative | Govern | CPA_CYBER | Not Started | ||
GOV-007 |
Acceptable Use Policy Establish an acceptable use policy for enterprise assets.... |
Administrative | Govern | CPA_CYBER | Not Started | ||
GOV-010 |
System Security Plan Develop, document, and maintain a system security plan (SSP) for each major info... |
Administrative | Identify | NIST_CSF | Not Started | ||
GOV-011 |
Security Architecture Review Conduct periodic reviews of the organizational security architecture to ensure a... |
Administrative | Identify | NIST_CSF | Not Started | ||
GOV-012 |
Threat Modelling Perform systematic threat modelling for critical systems and applications to ide... |
Administrative | Identify | NIST_CSF | Not Started | ||
GOV-013 |
Insider Threat Program Establish and maintain an insider threat program to detect, deter, and mitigate ... |
Administrative | Detect | NIST_CSF | Not Started | ||
GW-001 |
Google Workspace Security Monitoring Monitor Google Workspace security posture including 2-Step Verification enforcem... |
Technical | Detect | CIS_8_1 | Not Started | ||
HEALTH-001 |
Hardware Health Monitoring Continuously monitor hardware health indicators including drive reliability (SMA... |
Technical | Detect | CIS_8_1, NIST_CSF | Not Started | ||
HR-001 |
Personnel Screening Conduct background screening for individuals prior to authorizing access to orga... |
Administrative | Identify | CMMC, NIST_CSF | Not Started | ||
HR-002 |
Personnel Termination and Transfer Implement procedures for timely revocation of access upon personnel termination ... |
Administrative | Protect | CMMC, NIST_CSF | Not Started | ||
HR-003 |
External Personnel Security Apply appropriate security controls to external personnel (contractors, consulta... |
Administrative | Protect | NIST_CSF | Not Started | ||
INTEG-001 |
System Integrity Verification Verify and enforce hardware-based system integrity including Secure Boot, UEFI, ... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
INTEG-002 |
File Integrity Monitoring Monitor critical system files, configuration files, and application files for un... |
Technical | Detect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
IR-001 |
Incident Response Plan Establish and maintain an incident response plan that addresses roles, responsib... |
Administrative | Respond | CAN_CYBER, CIS_8_1, CPA_CYBER, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
IR-002 |
Incident Response Team Designate personnel responsible for handling incidents.... |
Administrative | Respond | CIS_8_1, CMMC, CPA_CYBER | Not Started | ||
IR-003 |
Incident Response Testing Perform periodic incident response exercises to test the incident response plan.... |
Operational | Respond | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
IR-004 |
Incident Documentation Document incidents as they occur with detailed notes and timeline.... |
Operational | Respond | CPA_CYBER, NIST_CSF | Not Started | ||
IR-005 |
Incident Communication Establish communication procedures for internal and external incident notificati... |
Administrative | Respond | CIS_8_1, NIST_CSF | Not Started | ||
IR-006 |
Forensic Capabilities Maintain forensic collection and analysis capabilities.... |
Operational | Respond | CPA_CYBER, NIST_CSF | Not Started | ||
IR-007 |
Post-Incident Review Conduct post-incident reviews to identify improvements.... |
Administrative | Recover | CIS_8_1 | Not Started | ||
IR-008 |
Information Spillage Response Establish procedures for responding to information spillage (unauthorized disclo... |
Administrative | Respond | NIST_CSF | Not Started | ||
IR-009 |
Security Operations Centre Establish or contract a Security Operations Centre (SOC) providing continuous se... |
Operational | Detect | NIST_CSF | Not Started | ||
LIFECYCLE-001 |
Hardware Lifecycle Management Track hardware age and warranty status, ensuring timely replacement of aging equ... |
Operational | Identify | CIS_8_1, NIST_CSF | Not Started | ||
LOG-001 |
Centralized Log Collection Establish and maintain a centralized log collection infrastructure.... |
Technical | Detect | CIS_8_1, CPA_CYBER, NIST_CSF | Not Started | ||
LOG-002 |
Audit Log Configuration Ensure adequate audit logging is enabled on all enterprise assets.... |
Technical | Detect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
LOG-003 |
Log Retention Retain audit logs for a defined period consistent with regulatory requirements.... |
Administrative | Detect | CIS_8_1, CMMC, CPA_CYBER | Not Started | ||
LOG-004 |
Time Synchronization Ensure that time synchronization is configured on all enterprise assets.... |
Technical | Detect | CIS_8_1 | Not Started | ||
LOG-005 |
Security Event Alerting Configure automated alerting for security-relevant events.... |
Technical | Detect | CIS_8_1, CMMC, CPA_CYBER, NIST_CSF | Not Started | ||
LOG-006 |
Log Review Process Establish a process for reviewing logs and investigating alerts.... |
Operational | Detect | CIS_8_1, NIST_CSF | Not Started | ||
LOG-008 |
Network Traffic Monitoring Collect and analyze network traffic for anomalies and threats.... |
Technical | Detect | CIS_8_1, NIST_CSF | Not Started | ||
LOG-010 |
Advanced Audit Analytics Deploy advanced analytics capabilities including User and Entity Behavior Analyt... |
Technical | Detect | NIST_CSF | Not Started | ||
M365-001 |
Cloud Conditional Access Implement and enforce conditional access policies in Microsoft 365 or equivalent... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
M365-002 |
Cloud Email Protocol Security Disable legacy and insecure email protocols in Microsoft 365, Google Workspace, ... |
Technical | Protect | CIS_8_1 | Not Started | ||
M365-003 |
Microsoft 365 Security Posture Monitor and maintain Microsoft 365 security posture including Secure Score, iden... |
Technical | Detect | CIS_8_1 | Not Started | ||
MALWARE-001 |
Anti-Malware Deployment Deploy anti-malware software on all enterprise assets with automatic updates.... |
Technical | Protect | CAN_CYBER, CIS_8_1, CPA_CYBER, PCI_SAQ_B_IP | Not Started | ||
MALWARE-002 |
Anti-Malware Central Management Centrally manage anti-malware software with logging and alerting.... |
Technical | Detect | CIS_8_1, NIST_CSF | Not Started | ||
MALWARE-003 |
Email Security Enable email security features including anti-spam, anti-malware, and anti-phish... |
Technical | Protect | CIS_8_1, CMMC, PCI_SAQ_B_IP | Not Started | ||
MALWARE-004 |
Browser Security Configure web browsers to block malicious content and enable safe browsing featu... |
Technical | Protect | CIS_8_1 | Not Started | ||
MALWARE-005 |
DNS Filtering Use DNS filtering to block access to known malicious domains.... |
Technical | Protect | CIS_8_1, CMMC | Not Started | ||
MALWARE-006 |
Application Whitelisting Configure application whitelisting to allow only authorized applications to exec... |
Technical | Protect | CIS_8_1 | Not Started | ||
MALWARE-007 |
Macro Security Disable or restrict macro execution in productivity applications.... |
Technical | Protect | CIS_8_1 | Not Started | ||
MFA-002 |
Phishing-Resistant Authentication Implement phishing-resistant multi-factor authentication methods (FIDO2 security... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
NET-001 |
Network Segmentation Implement network segmentation based on data classification and business functio... |
Technical | Protect | CAN_CYBER, CIS_8_1, CMMC, CPA_CYBER, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
NET-002 |
Firewall Configuration Deploy and maintain properly configured firewalls at network boundaries.... |
Technical | Protect | CIS_8_1, CMMC, CPA_CYBER, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
NET-003 |
Intrusion Detection/Prevention Deploy intrusion detection and/or prevention systems.... |
Technical | Detect | CIS_8_1 | Not Started | ||
NET-006 |
Network Access Control Implement network access control to prevent unauthorized device connections.... |
Technical | Protect | CIS_8_1 | Not Started | ||
NET-008 |
Traffic Encryption Encrypt all sensitive network traffic.... |
Technical | Protect | CIS_8_1 | Not Started | ||
NET-009 |
Session Authenticity Protect the authenticity of communications sessions through techniques such as m... |
Technical | Protect | NIST_CSF | Not Started | ||
NET-011 |
Penetration-Resistant Architecture Design and implement system architectures that are inherently resistant to penet... |
Technical | Protect | NIST_CSF | Not Started | ||
NET-012 |
System and Network Isolation Isolate critical or high-value systems and network segments from general-purpose... |
Technical | Protect | NIST_CSF | Not Started | ||
PHYS-001 |
Physical Access Control Control physical access to facilities using access control systems.... |
Physical | Protect | CCCS, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
PHYS-002 |
Visitor Management Establish procedures for managing and logging visitor access.... |
Physical | Protect | CMMC | Not Started | ||
PHYS-003 |
Secure Areas Designate and secure areas containing sensitive systems or data.... |
Physical | Protect | PCI_SAQ_B_IP | Not Started | ||
PHYS-004 |
Media Protection Protect and securely dispose of media containing sensitive data.... |
Physical | Protect | CCCS, PCI_SAQ_B_IP | Not Started | ||
PHYS-005 |
Environmental Controls Implement environmental controls to protect equipment.... |
Physical | Protect | CMMC | Not Started | ||
PHYS-006 |
Surveillance Deploy video surveillance in areas with sensitive systems.... |
Physical | Detect | NIST_CSF | Not Started | ||
PHYS-008 |
Media Transport Protection Protect and control information system media during transport outside controlled... |
Physical | Protect | CMMC | Not Started | ||
PRINT-001 |
Printer and IoT Device Security Secure and monitor printers, network peripherals, and IoT devices including disc... |
Technical | Protect | CIS_8_1 | Not Started | ||
PRIV-001 |
Privacy Impact Assessment Conduct privacy impact assessments for systems processing personal information.... |
Administrative | Identify | NIST_CSF | Not Started | ||
PROTO-001 |
Legacy Protocol Disablement Disable insecure legacy protocols including SMBv1, LLMNR, NetBIOS, NTLM v1, and ... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
PROTO-002 |
SMB Security Hardening Configure SMB (Server Message Block) protocol security including encryption, nul... |
Technical | Protect | CIS_8_1, NIST_CSF | Not Started | ||
REMOTE-001 |
Remote Management Security Control and secure remote management capabilities including Remote Desktop, SSH,... |
Technical | Protect | CIS_8_1 | Not Started | ||
SCREEN-001 |
Session Lock and Auto-Login Prevention Enforce screen lock timeouts and prevent automatic login to protect unattended s... |
Technical | Protect | CIS_8_1, CMMC | Not Started | ||
TIME-001 |
Time Synchronization Configure and verify NTP/time synchronization on all systems to ensure accurate ... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Not Started | ||
VENDOR-001 |
Vendor Risk Assessment Perform security risk assessments for vendors with access to sensitive data.... |
Administrative | Identify | CIS_8_1, CMMC, CPA_CYBER, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
VENDOR-002 |
Vendor Security Requirements Include security requirements in vendor contracts.... |
Administrative | Govern | CIS_8_1 | Not Started | ||
VENDOR-003 |
Vendor Access Control Control and monitor third-party access to organizational systems.... |
Technical | Protect | CPA_CYBER | Not Started | ||
VENDOR-004 |
Vendor Performance Monitoring Monitor vendor performance and security compliance.... |
Administrative | Detect | CIS_8_1 | Not Started | ||
VENDOR-005 |
Vendor Offboarding Establish procedures for securely terminating vendor relationships.... |
Operational | Protect | CIS_8_1 | Not Started | ||
VENDOR-006 |
Maintenance Personnel Authorization Establish authorization and verification requirements for maintenance personnel ... |
Administrative | Protect | CMMC | Not Started | ||
VENDOR-008 |
Supply Chain Risk Management Plan Develop and maintain a supply chain risk management (SCRM) plan identifying supp... |
Administrative | Identify | CMMC, NIST_CSF | Not Started | ||
VULN-001 |
Vulnerability Scanning Perform automated vulnerability scanning of enterprise assets on a regular sched... |
Technical | Detect | CAN_CYBER, CIS_8_1, CPA_CYBER, PCI_SAQ_B_IP | Not Started | ||
VULN-002 |
Vulnerability Remediation Remediate detected vulnerabilities in enterprise assets according to severity.... |
Operational | Respond | CAN_CYBER, CIS_8_1 | Not Started | ||
VULN-003 |
Patch Management Process Establish and maintain a process to manage patches for enterprise assets.... |
Operational | Protect | CIS_8_1, CMMC, NIST_CSF, PCI_SAQ_B_IP | Not Started | ||
VULN-004 |
Automated Patch Management Perform automated application and operating system patch management.... |
Technical | Protect | CCCS, CIS_8_1 | Not Started | ||
VULN-006 |
Penetration Testing Perform periodic external and internal penetration testing to identify vulnerabi... |
Technical | Detect | CIS_8_1 | Not Started | ||
VULN-007 |
Threat Intelligence Integration Integrate threat intelligence sources into vulnerability management.... |
Technical | Detect | CIS_8_1, NIST_CSF | Not Started | ||
WEB-001 |
Web Application Monitoring Monitor web applications and content management systems (WordPress, etc.) for ve... |
Technical | Detect | CIS_8_1 | Not Started | ||
WEB-002 |
Web Security Headers Configure HTTP security headers on all web applications including Content-Securi... |
Technical | Protect | CIS_8_1 | Not Started | ||
WEB-003 |
Transport Layer Encryption Ensure all public-facing services use TLS 1.2 or higher with strong cipher suite... |
Technical | Protect | CIS_8_1, CMMC, NIST_CSF | Not Started |
