Search
Family
Adversary Effects
ID | Family | Requirement |
---|---|---|
3.1.1e | Access Control | Employ dual authorization to execute critical or sensitive system and organizational |
3.1.2e | Access Control | Restrict access to systems and system components to only those information resources that are owned, provisioned, or issued by the organization. |
3.1.3e | Access Control | Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems. |
3.2.1e | Awareness and Training | Provide awareness training [Assignment: organization-defined frequency] focused on recognizing and responding to threats from social engineering, advanced persistent threat actors, breaches, and suspicious behaviors; update the training [Assignment: organization-defined frequency] or when there are significant changes to the threat. |
3.2.2e | Awareness and Training | Include practical exercises in awareness training for [Assignment: organization-defined roles] that are aligned with current threat scenarios and provide feedback to individuals involved in the training and their supervisors. |
3.4.1e | Configuration Management | Establish and maintain an authoritative source and repository to provide a trusted source and accountability for approved and implemented system components. |
3.4.2e | Configuration Management | Employ automated mechanisms to detect misconfigured or unauthorized system components; after detection, [Selection (one or more): remove the components; place the components in a quarantine or remediation network] to facilitate patching, re-configuration, or other mitigations. |
3.4.3e | Configuration Management | Employ automated discovery and management tools to maintain an up-to-date, complete, accurate, and readily available inventory of system components. |
3.5.1e | Identification and Authentication | Identify and authenticate [Assignment: organization-defined systems and system components] before establishing a network connection using bidirectional authentication that is cryptographically based and replay resistant. |
3.5.2e | Identification and Authentication | Employ automated mechanisms for the generation, protection, rotation, and management of passwords for systems and system components that do not support multifactor authentication or complex account management. |
3.5.3e | Identification and Authentication | Employ automated or manual/procedural mechanisms to prohibit system components from connecting to organizational systems unless the components are known, authenticated, in a properly configured state, or in a trust profile. |
3.6.1e | Incident Response | Establish and maintain a security operations center capability that operates [Assignment: organization-defined time period]. |
3.6.2e | Incident Response | Establish and maintain a cyber incident response team that can be deployed by the organization within [Assignment: organization-defined time period]. |
3.9.1e | Personnel Security | Conduct [Assignment: organization-defined enhanced personnel screening] for individuals and reassess individual positions and access to CUI [Assignment: organization-defined frequency]. |
3.9.2e | Personnel Security | Ensure that organizational systems are protected if adverse information develops or is obtained about individuals with access to CUI. |
3.11.1e | Risk Assessment | Employ [Assignment: organization-defined sources of threat intelligence] as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities. |
3.11.2e | Risk Assessment | Conduct cyber threat hunting activities [Selection (one or more): [Assignment: organization-defined frequency]; [Assignment: organization-defined event]] to search for indicators of compromise in [Assignment: organization-defined systems] and detect, track, and disrupt threats that evade existing controls. |
3.11.3e | Risk Assessment | Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems, and system components. |
3.11.4e | Risk Assessment | Document or reference in the system security plan the security solution selected, the rationale for the security solution, and the risk determination. |
3.11.5e | Risk Assessment | Assess the effectiveness of security solutions [Assignment: organization-defined frequency] to address anticipated risk to organizational systems and the organization based on current and accumulated threat intelligence. |
3.11.6e | Risk Assessment | Assess, respond to, and monitor supply chain risks associated with organizational systems and system components. |
3.11.7e | Risk Assessment | Develop a plan for managing supply chain risks associated with organizational systems and system components; update the plan [Assignment: organization-defined frequency]. |
3.12.1e | Security Assessment | Conduct penetration testing [Assignment: organization-defined frequency], leveraging automated scanning tools and ad hoc tests using subject matter experts. |
3.13.1e | System and Communications Protection | Create diversity in [Assignment: organization-defined system components] to reduce the extent of malicious code propagation. |
3.13.2e | System and Communications Protection | Implement the following changes to organizational systems and system components to introduce a degree of unpredictability into operations: [Assignment: organization-defined changes and frequency of changes by system and system component]. |
3.13.3e | System and Communications Protection | Employ [Assignment: organization-defined technical and procedural means] to confuse and mislead adversaries. |
3.13.4e | System and Communications Protection | Employ [Selection: (one or more): [Assignment: organization-defined physical isolation techniques]; [Assignment: organization-defined logical isolation techniques]] in organizational systems and system components. |
3.13.5e | System and Communications Protection | Distribute and relocate the following system functions or resources [Assignment: organization-defined frequency]: [Assignment: organization-defined system functions or resources]. |
3.14.1e | System and Information Integrity | Verify the integrity of [Assignment: organization-defined security critical or essential software] using root of trust mechanisms or cryptographic signatures. |
3.14.2e | System and Information Integrity | Monitor organizational systems and system components on an ongoing basis for anomalous or suspicious behavior. |
3.14.3e | System and Information Integrity | Ensure that [Assignment: organization-defined systems and system components] are included in the scope of the specified enhanced security requirements or are segregated in purpose-specific networks. |
3.14.4e | System and Information Integrity | Refresh [Assignment: organization-defined systems and system components] from a known, trusted state [Assignment: organization-defined frequency]. |
3.14.5e | System and Information Integrity | Conduct reviews of persistent organizational storage locations [Assignment: organization-defined frequency] and remove CUI that is no longer needed. |
3.14.6e | System and Information Integrity | Use threat indicator information and effective mitigations obtained from [Assignment: organization-defined external organizations] to guide and inform intrusion detection and threat hunting. |
3.14.7e | System and Information Integrity | Verify the correctness of [Assignment: organization-defined security critical or essential software, firmware, and hardware components] using [Assignment: organization-defined verification methods or techniques]. |