Monitor, encrypt and restrict communications between environments to only authenticated and authorized connections, as justified by the business. Review these configurations at least annually, and support them by a documented justification of all allowed services, protocols, ports, and compensating controls.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Harden host and guest OS, hypervisor or infrastructure control plane according to their respective best practices, and supported by technical controls, as part of a security baseline.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Separate production and non-production environments.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Design, develop, deploy and configure applications and infrastructures such that CSP and CSC (tenant) user access and intra-tenant access is appropriately segmented and segregated, monitored and restricted from other tenants.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Identify and document high-risk environments.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Passcode