Incident Response
Mechanisms exist to incorporate lessons learned from analyzing and resolving cybersecurity & data privacy incidents to reduce the likelihood or impact of future incidents.
Incident Response
Level N/A
Mechanisms exist to maintain incident response contacts with applicable regulatory and law enforcement agencies.
Incident Response
Level N/A
Mechanisms exist to utilize a detonation chamber capability to detect and/or block potentially-malicious files and email attachments.
Incident Response
Level N/A
Mechanisms exist to proactively manage public relations associated with incidents and employ appropriate measures to prevent further reputational damage and develop plans to repair any damage to the organization's reputation.
Information Assurance
Level N/A
Mechanisms exist to facilitate the implementation of cybersecurity & data privacy assessment and authorization controls.
Information Assurance
Level N/A
Mechanisms exist to establish the scope of assessments by defining the assessment boundary, according to people, processes and technology that directly or indirectly impact the confidentiality, integrity, availability and safety of the data and systems under review.
Information Assurance
Level N/A
Mechanisms exist to formally assess the cybersecurity & data privacy controls in systems, applications and services through Information Assurance Program (IAP) activities to determine the extent to which the controls are implemented correctly, operating as intended and producing the desired outcome with respect to meeting expected requirements.
Information Assurance
Level N/A
Mechanisms exist to ensure assessors or assessment teams have the appropriate independence to conduct cybersecurity & data privacy control assessments.
Information Assurance
Level N/A
Mechanisms exist to conduct specialized assessments for: â–ª Statutory, regulatory and contractual compliance obligations; â–ª Monitoring capabilities; â–ª Mobile devices; â–ª Databases; â–ª Application security; â–ª Embedded technologies (e.g., IoT, OT, etc.); â–ª Vulnerability management; â–ª Malicious code; â–ª Insider threats and â–ª Performance/load testing.
Information Assurance
Level N/A
Mechanisms exist to accept and respond to the results of external assessments that are performed by impartial, external organizations.
