User contributions for Globalcyberalliance

23 October 2023

• 03:2503:25, 23 October 2023 diff hist +32‎ N Category:PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access ‎ Created via script current
• 03:2503:25, 23 October 2023 diff hist +42‎ N Category:PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities ‎ Created via script current
• 03:2503:25, 23 October 2023 diff hist +26‎ N Category:Asset Management (ID.AM) ‎ Created via script current
• 03:2503:25, 23 October 2023 diff hist +25‎ N Category:Recovery Planning (RC.RP) ‎ Created via script current
• 03:2503:25, 23 October 2023 diff hist +34‎ N Category:PR.DS-1: Data-at-rest is protected ‎ Created via script current
• 03:2503:25, 23 October 2023 diff hist +51‎ N Category:DE.CM-5: Unauthorized mobile code is detected ‎ Created via script current
• 03:2503:25, 23 October 2023 diff hist +40‎ N Category:DE.DP-3: Detection processes are tested ‎ Created via script current
• 03:2503:25, 23 October 2023 diff hist +36‎ N Category:ID.RA-3: Threats, both internal and external, are identified and documented ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +37‎ N Category:ID.AM-3: Organizational communication and data flows are mapped ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +40‎ N Category:DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Improvements (RC.IM) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +36‎ N Category:ID.RA-6: Risk responses are identified and prioritized ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Information Protection Processes and Procedures (PR.IP) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +31‎ N Category:ID.GV-4: Governance and risk management processes address cybersecurity risks ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +33‎ N Category:RS.IM-1: Response plans incorporate lessons learned ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +31‎ N Category:ID.GV-1: Organizational cybersecurity policy is established and communicated ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:Risk Assessment (ID.RA) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +34‎ N Category:PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:RESPOND (RS) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-6: Data is destroyed according to policy ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +75‎ N Category:PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +41‎ N Category:DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +35‎ N Category:RS.CO-2: Incidents are reported consistent with established criteria ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Communications (RS.CO) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +29‎ N Category:RS.AN-3: Forensics are performed ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +36‎ N Category:ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-4: Backups of information are conducted, maintained, and tested ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +36‎ N Category:ID.RA-1: Asset vulnerabilities are identified and documented ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +35‎ N Category:RS.CO-4: Coordination with stakeholders occurs consistent with response plans ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +29‎ N Category:RS.AN-1: Notifications from detection systems are investigated ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +31‎ N Category:RS.MI-1: Incidents are contained ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:Business Environment (ID.BE) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +35‎ N Category:RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +49‎ N Category:ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan. ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +31‎ N Category:RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +24‎ N Category:Detection Processes (DE.DP) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +75‎ N Category:PR.AC-3: Remote access is managed ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-12: A vulnerability management plan is developed and implemented ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +75‎ N Category:PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Data Security (PR.DS) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +25‎ N Category:Communications (RC.CO) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +26‎ N Category:RECOVER (RC) ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +35‎ N Category:RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +34‎ N Category:PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +36‎ N Category:ID.RA-4: Potential business impacts and likelihoods are identified ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +51‎ N Category:DE.CM-8: Vulnerability scans are performed ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +37‎ N Category:ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +68‎ N Category:PR.IP-3: Configuration change control processes are in place ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +40‎ N Category:DE.DP-5: Detection processes are continuously improved ‎ Created via script current
• 03:2403:24, 23 October 2023 diff hist +49‎ N Category:ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders ‎ Created via script current