Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access
Audit/log records are determined, documented, implemented, and reviewed in accordance with policy
Removable media is protected and its use restricted according to policy
The principle of least functionality is incorporated by configuring systems to provide only essential capabilities
Communications and control networks are protected
Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations
Public relations are managed
Reputation is repaired after an incident
Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
Recovery plans incorporate lessons learned
Passcode