Eleos | Home

'Implement a procedure for the management of exceptions, including emergencies, in the change and configuration process. Align the procedure with the requirements of GRC-04: Policy Exception Process.'

Parent

Compliance Framework

CCM v4.0.10

Control Number

CCC-08

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

5.1

5.37

CM-3

CM-3(1)

CFG-02.2

CFG-02.7

Solutions
Community

Change Control and Configuration Management (CCC)

Change Restoration

Level N/A

Define and implement a process to proactively roll back changes to a previous known good state in case of errors or security concerns.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CCC-09

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

8.19

8.32

CM-2

CM-2(3)

CM-3

CM-3(3)

CM-3(7)

SA-8

SA-8(24)

PR.IP-2

PR.IP-3

CHG-02.4

CHG-04.1

CFG-02.8

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Encryption and Key Management Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Cryptography, Encryption and Key Management. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-01

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

8.24

SC-1

SA-9

SA-9(6)

SC-12

SC-12(2)

SC-12(3)

ID.GV-1

PR.DS-1

PR.DS-2

PR.AC-1

GOV-02

GOV-03

CRY-01

Solutions
Community

Cryptography Encryption and Key Management (CEK)

CEK Roles and Responsibilities

Level N/A

Define and implement cryptographic, encryption and key management roles and responsibilities.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-02

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

8.24

IA-7

IA-8

IA-8(5)

SA-9

SA-9(1)

SA-9(6)

SC-12

SC-12(6)

SC-13

ID.AM-6

ID.GV-2

PR.AT-2

PR.AT-5

CRY-01

CRY-08

CRY-09

HRS-03

HRS-12

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Data Encryption

Level N/A

Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-03

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

CIS v8.0

Control Number

3.1

3.11

11.3

16.11

8.24

AC-19

AC-19(5)

SC-8

SC-8(1)

SC-8(3)

SC-8(4)

SC-12

SC-12(2)

SC-12(3)

SC-28

SC-28(1)

SC-28(2)

SC-28(3)

SI-4

SI-4(10)

SI-7

SI-7(6)

PR.DS-1

PR.DS-2

CRY-01

CRY-03

CRY-05

3.1

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Encryption Algorithm

Level N/A

Use encryption algorithms that are appropriate for data protection, considering the classification of data, associated risks, and usability of the encryption technology.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-04

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

16.11

8.24

SC-12

SC-12(2)

SC-12(3)

SC-28

SC-28(1)

PR.DS-1

PR.DS-2

ID.AM-5

CRY-01

CRY-02

DCH-01

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Encryption Change Management

Level N/A

Establish a standard change management procedure, to accommodate changes from internal and external sources, for review, approval, implementation and communication of cryptographic, encryption and key management technology changes.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-05

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CM-3

CM-3(6)

SI-7

SI-7(6)

PR.IP-3

CHG-02

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Encryption Change Cost Benefit Analysis

Level N/A

Manage and adopt changes to cryptography-, encryption-, and key management-related systems (including policies and procedures) that fully account for downstream effects of proposed changes, including residual risk, cost, and benefits analysis.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-06

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CM-3

CM-3(6)

PL-2

PR.DS-1

PR.DS-2

ID.RA-4

ID.RA-6

PR.IP-3

PR.IP-7

CHG-01

CHG-05

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Encryption Risk Management

Level N/A

Establish and maintain an encryption and key management risk program that includes provisions for risk assessment, risk treatment, risk context, monitoring, and feedback.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-07

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CM-3