Security Awareness & Training
Mechanisms exist to incorporate vendor-specific security training in support of new technology initiatives.
Security Awareness & Training
Level N/A
Mechanisms exist to provide specific training for privileged users to ensure privileged users understand their unique roles and responsibilities
Security Awareness & Training
Level N/A
Mechanisms exist to provide role-based cybersecurity & data privacy awareness training that is specific to the cyber threats that the user might encounter the user's specific day-to-day business operations.
Security Awareness & Training
Mechanisms exist to ensure cybersecurity & data privacy personnel receive Continuing Professional Education (CPE) training to maintain currency and proficiency with industry-recognized secure practices that are pertinent to their assigned roles and responsibilities.
Security Awareness & Training
Mechanisms exist to ensure application development and operations (DevOps) personnel receive Continuing Professional Education (CPE) training on Secure Software Development Practices (SSDP) to appropriately address evolving threats.
Security Awareness & Training
Mechanisms exist to document, retain and monitor individual training activities, including basic cybersecurity & data privacy awareness training, ongoing awareness training and specific-system training.
Technology Development & Acquisition
Level N/A
Mechanisms exist to facilitate the implementation of tailored development and acquisition strategies, contract tools and procurement methods to meet unique business needs.
Technology Development & Acquisition
Level N/A
Mechanisms exist to design and implement product management processes to update products, including systems, software and services, to improve functionality and correct security deficiencies.
Technology Development & Acquisition
Mechanisms exist to utilize integrity validation mechanisms for security updates.
Technology Development & Acquisition
Level N/A
Mechanisms exist to utilize at least one (1) malware detection tool to identify if any known malware exists in the final binaries of the product or security update.
