User contributions for Globalcyberalliance

23 October 2023

• 03:2403:24, 23 October 2023 diff hist +35‎ N Category:RC.CO-2: Reputation is repaired after an incident ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +34‎ N Category:PR.DS-2: Data-in-transit is protected ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +75‎ N Category:PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-8: Effectiveness of protection technologies is shared ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-10: Response and recovery plans are tested ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +39‎ N Category:PR.AT-1: All users are informed and trained ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +49‎ N Category:ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Improvements (RS.IM) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Response Planning (RS.RP) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +45‎ N Category:ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +35‎ N Category:RS.CO-3: Information is shared consistent with response plans ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +34‎ N Category:PR.DS-4: Adequate capacity to ensure availability is maintained ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +40‎ N Category:DE.DP-2: Detection activities comply with all applicable requirements ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +45‎ N Category:ID.RM-2: Organizational risk tolerance is determined and clearly expressed ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +29‎ N Category:RS.AN-2: The impact of the incident is understood ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +37‎ N Category:ID.AM-2: Software platforms and applications within the organization are inventoried ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Awareness Training (PR.AT) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +41‎ N Category:ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress or attack, during recovery, normal operations) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +41‎ N Category:DE.AE-2: Detected events are analyzed to understand attack targets and methods ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +29‎ N Category:RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +33‎ N Category:RS.IM-2: Response strategies are updated ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist 0‎ N Category:NIST CSF v1.1 ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +40‎ N Category:DE.DP-4: Event detection information is communicated ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:IDENTIFY (ID) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:Supply Chain Risk Management (ID.SC) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +32‎ N Category:PR.MA-1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:Governance (ID.GV) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +39‎ N Category:PR.AT-4: Senior executives understand their roles and responsibilities ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +29‎ N Category:RS.AN-4: Incidents are categorized consistent with response plans ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +49‎ N Category:ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations. ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +34‎ N Category:PR.DS-7: The development and testing environment(s) are separate from the production environment ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:Risk Management Strategy (ID.RM) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +39‎ N Category:PR.AT-2: Privileged users understand their roles and responsibilities ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +31‎ N Category:ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Analysis (RS.AN) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-2: A System Development Life Cycle to manage systems is implemented ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +41‎ N Category:DE.AE-4: Impact of events is determined ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +37‎ N Category:ID.AM-4: External information systems are catalogued ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +36‎ N Category:ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +38‎ N Category:RC.RP-1: Recovery plan is executed during or after a cybersecurity incident ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +75‎ N Category:PR.AC-2: Physical access to assets is managed and protected ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:DETECT (DE) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +31‎ N Category:RS.MI-2: Incidents are mitigated ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Mitigation (RS.MI) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +34‎ N Category:PR.DS-5: Protections against data leaks are implemented ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +41‎ N Category:DE.AE-5: Incident alert thresholds are established ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +45‎ N Category:ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-1: A baseline configuration of information technology or industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality) ‎ Created via script current