Eleos | Home

Application and Interface Security (AIS)

Automated Application Security Testing

Level N/A

Implement a testing strategy, including criteria for acceptance of new information systems, upgrades and new versions, which provides application security assurance and maintains compliance while enabling organizational speed of delivery goals. Automate when applicable and possible.

Parent

Compliance Framework

CCM v4.0.10

Control Number

AIS-05

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

16.12

16.13

8.25

8.32

SA-11

SA-11(1)

SA-11(2)

SA-11(3)

SA-11(4)

SA-11(5)

SA-11(6)

SA-11(7)

SA-11(8)

SA-11(9)

SI-6

SI-6(2)

SI-6(3)

SI-10

SI-10(1)

SI-10(2)

SI-10(3)

SI-10(4)

SI-10(5)

SI-10(6)

PR.IP-2

PR.PT-3

PR.IP-12

DE.CM-8

IAO-02.2

TDA-09

TDA-09.5

Solutions
Community

Application and Interface Security (AIS)

Automated Secure Application Deployment

Level N/A

Establish and implement strategies and capabilities for secure, standardized, and compliant application deployment. Automate where possible.

Parent

Compliance Framework

CCM v4.0.10

Control Number

AIS-06

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

8.32

SA-3

SA-3(2)

SA-3(3)

SA-4

SA-4(3)

SA-8

SA-8(31)

SA-16

SR-9

SR-9(1)

PR.DS-6

PR.DS-7

PR.IP-1

PR.IP-2

PR.IP-3

TDA-07

TDA-08

Solutions
Community

Application and Interface Security (AIS)

Application Vulnerability Remediation

Level N/A

Define and implement a process to remediate application security vulnerabilities, automating remediation when possible.

Parent

Compliance Framework

CCM v4.0.10

Control Number

AIS-07

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

16.2

16.6

5.26

SI-2

SI-2(2)

SI-2(3)

SI-2(4)

SI-2(5)

SI-2(6)

SA-11

SA-11(2)

SA-15

SA-15(1)

SA-15(2)

SA-15(3)

SA-15(5)

SA-15(6)

SA-15(7)

SA-15(8)

SA-15(10)

SA-15(11)

SA-15(12)

PR.IP-2

PR.IP-12

DE.CM-8

RS.AN-5

RS.MI-3

PR.DS-6

VPM-01

VPM-02

VPM-04

VPM-05.1

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Business Continuity Management Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-01

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.29

CP-1

CP-2

PL-2

ID.GV-1

ID.GV-2

ID.GV-3

ID.BE-3

ID.BE-5

RC.RP-1

RC.IM-1

RC.IM-2

GOV-02

GOV-03

BCD-01

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Risk Assessment and Impact Analysis

Level N/A

Determine the impact of business disruptions and risks to establish criteria for developing business continuity and operational resilience strategies and capabilities.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-02

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.29

CP-2

PM-8

PM-9

ID.RA-4

ID.RA-5

ID.BE-5

RSK-02

RSK-02.1

RSK-05

RSK-08

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Business Continuity Strategy

Level N/A

Establish strategies to reduce the impact of, withstand, and recover from business disruptions within risk appetite.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-03

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.29

CP-1

CP-2

CP-2(1)

CP-2(2)

CP-2(5)

CP-2(7)

ID.RM-2

ID.RM-3

ID.BE-5

BCD-01

BCD-02.1

BCD-02.2

BCD-02.3

BCD-10.3

BCD-11.7

BCD-12.2

BCD-12.4

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Business Continuity Planning

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan based on the results of the operational resilience strategies and capabilities.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-04

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.29

CP-2

CP-4

PM-8

PR.IP-9

PR.IP-10

BCD-01

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Documentation

Level N/A

Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-05

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number