Search by property

This page provides a simple browsing interface for finding entities described by a property and a named value. Other available search interfaces include the page property search, and the ask query builder.

List of results

• Category:PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)  + (03:24:49, 23 October 2023)
• Category:ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders  + (03:24:50, 23 October 2023)
• Category:Response Planning (RS.RP)  + (03:24:50, 23 October 2023)
• Category:Improvements (RS.IM)  + (03:24:50, 23 October 2023)
• Category:ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process  + (03:24:50, 23 October 2023)
• Category:PR.AT-1: All users are informed and trained  + (03:24:50, 23 October 2023)
• Category:PR.IP-10: Response and recovery plans are tested  + (03:24:51, 23 October 2023)
• Category:PR.IP-8: Effectiveness of protection technologies is shared  + (03:24:51, 23 October 2023)
• Category:PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes  + (03:24:51, 23 October 2023)
• Category:PR.DS-2: Data-in-transit is protected  + (03:24:51, 23 October 2023)
• Category:RC.CO-2: Reputation is repaired after an incident  + (03:24:51, 23 October 2023)
• Category:ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders  + (03:24:52, 23 October 2023)
• Category:DE.DP-5: Detection processes are continuously improved  + (03:24:52, 23 October 2023)
• Category:PR.IP-3: Configuration change control processes are in place  + (03:24:52, 23 October 2023)
• Category:ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value  + (03:24:52, 23 October 2023)
• Category:DE.CM-8: Vulnerability scans are performed  + (03:24:52, 23 October 2023)
• Category:ID.RA-4: Potential business impacts and likelihoods are identified  + (03:24:53, 23 October 2023)
• Category:PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity  + (03:24:53, 23 October 2023)
• Category:RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness  + (03:24:53, 23 October 2023)
• Category:RECOVER (RC)  + (03:24:53, 23 October 2023)
• Category:Communications (RC.CO)  + (03:24:53, 23 October 2023)
• Category:Data Security (PR.DS)  + (03:24:54, 23 October 2023)
• Category:PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation)  + (03:24:54, 23 October 2023)
• Category:PR.IP-12: A vulnerability management plan is developed and implemented  + (03:24:54, 23 October 2023)
• Category:PR.AC-3: Remote access is managed  + (03:24:54, 23 October 2023)
• Category:Detection Processes (DE.DP)  + (03:24:54, 23 October 2023)
• Category:RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks  + (03:24:54, 23 October 2023)

• Category:Business Environment (ID.BE)  + (03:24:55, 23 October 2023)
• Category:ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.  + (03:24:55, 23 October 2023)
• Category:RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams  + (03:24:55, 23 October 2023)
• Category:RS.AN-1: Notifications from detection systems are investigated  + (03:24:55, 23 October 2023)
• Category:RS.MI-1: Incidents are contained  + (03:24:55, 23 October 2023)

• Category:RS.CO-4: Coordination with stakeholders occurs consistent with response plans  + (03:24:56, 23 October 2023)
• Category:ID.RA-1: Asset vulnerabilities are identified and documented  + (03:24:56, 23 October 2023)
• Category:PR.IP-4: Backups of information are conducted, maintained, and tested  + (03:24:56, 23 October 2023)
• Category:ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk  + (03:24:56, 23 October 2023)
• Category:RS.AN-3: Forensics are performed  + (03:24:56, 23 October 2023)
• Category:Communications (RS.CO)  + (03:24:57, 23 October 2023)
• Category:RS.CO-2: Incidents are reported consistent with established criteria  + (03:24:57, 23 October 2023)
• Category:DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed  + (03:24:57, 23 October 2023)
• Category:PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)  + (03:24:57, 23 October 2023)
• Category:PR.IP-6: Data is destroyed according to policy  + (03:24:57, 23 October 2023)
• Category:RESPOND (RS)  + (03:24:57, 23 October 2023)
• Category:PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition  + (03:24:58, 23 October 2023)
• Category:Risk Assessment (ID.RA)  + (03:24:58, 23 October 2023)
• Category:ID.GV-1: Organizational cybersecurity policy is established and communicated  + (03:24:58, 23 October 2023)
• Category:RS.IM-1: Response plans incorporate lessons learned  + (03:24:58, 23 October 2023)
• Category:ID.GV-4: Governance and risk management processes address cybersecurity risks  + (03:24:58, 23 October 2023)
• Category:Information Protection Processes and Procedures (PR.IP)  + (03:24:59, 23 October 2023)
• Category:ID.RA-6: Risk responses are identified and prioritized  + (03:24:59, 23 October 2023)
• Category:Improvements (RC.IM)  + (03:24:59, 23 October 2023)
• Category:DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability  + (03:24:59, 23 October 2023)
• Category:ID.AM-3: Organizational communication and data flows are mapped  + (03:24:59, 23 October 2023)
• Category:ID.RA-3: Threats, both internal and external, are identified and documented  + (03:25:00, 23 October 2023)
• Category:DE.DP-3: Detection processes are tested  + (03:25:00, 23 October 2023)