Filter

Risk Assessment (RA)

Develop a plan for managing supply chain risks associated with organizational systems and system components; update the plan at least annually, and upon receipt of relevant cyber threat information, or in response to a relevant cyber incident.


Login

Security Assessment (CA)

Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.


Login

Security Assessment (CA)

Level 2

Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.


Login

Security Assessment (CA)

Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.


Login

Security Assessment (CA)

Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.


Login

Security Assessment (CA)

Conduct penetration testing at least annually or when significant security changes are made to the system, leveraging automated scanning tools and ad hoc tests using subject matter experts.


Login

System and Communications Protection (SC)

Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.


Login

System and Communications Protection (SC)

Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.


Login

System and Communications Protection (SC)

Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.


Login

System and Communications Protection (SC)

Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.


Login