Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies.
family IA
framework nist-800-53
Accept only external authenticators that are NIST-compliant; and Document and maintain a list of accepted external authenticators.
family IA
framework nist-800-53
family IA
framework nist-800-53
Conform to the following profiles for identity management {{ insert: param, ia-08.04_odp }}.
family IA
framework nist-800-53
Accept and verify federated or PKI credentials that meet {{ insert: param, ia-08.05_odp }}.
family IA
framework nist-800-53
Implement the following measures to disassociate user attributes or identifier assertion relationships among individuals, credential service providers, and relying parties: {{ insert: param, ia-08.06_odp }}.
family IA
framework nist-800-53
Uniquely identify and authenticate {{ insert: param, ia-09_odp }} before establishing communications with devices, users, or other services or applications.
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
Develop, document, and disseminate to {{ insert: param, ir-1_prm_1 }}: {{ insert: param, ir-01_odp.03 }} incident response policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the incident response policy and the associated incident response controls; Designate an {{ insert: param, ir-01_odp.04 }} to manage the development, documentation, and dissemination of the incident response policy and procedures; and Review and update the current incident response: Policy {{ insert: param, ir-01_odp.05 }} and following {{ insert: param, ir-01_odp.06 }} ; and Procedures {{ insert: param, ir-01_odp.07 }} and following {{ insert: param, ir-01_odp.08 }}.
family IR
framework nist-800-53
family IR
framework nist-800-53
Provide incident response training to system users consistent with assigned roles and responsibilities: Within {{ insert: param, ir-02_odp.01 }} of assuming an incident response role or responsibility or acquiring system access; When required by system changes; and {{ insert: param, ir-02_odp.02 }} thereafter; and Review and update incident response training content {{ insert: param, ir-02_odp.03 }} and following {{ insert: param, ir-02_odp.04 }}.
family IR
framework nist-800-53
Incorporate simulated events into incident response training to facilitate the required response by personnel in crisis situations.
family IR
framework nist-800-53
Provide an incident response training environment using {{ insert: param, ir-02.02_odp }}.
family IR
framework nist-800-53
Provide incident response training on how to identify and respond to a breach, including the organization’s process for reporting a breach.
family IR
framework nist-800-53
Test the effectiveness of the incident response capability for the system {{ insert: param, ir-03_odp.01 }} using the following tests: {{ insert: param, ir-03_odp.02 }}.
family IR
framework nist-800-53
Test the incident response capability using {{ insert: param, ir-03.01_odp }}.
family IR
framework nist-800-53
Coordinate incident response testing with organizational elements responsible for related plans.
family IR
framework nist-800-53
Use qualitative and quantitative data from testing to: Determine the effectiveness of incident response processes; Continuously improve incident response processes; and Provide incident response measures and metrics that are accurate, consistent, and in a reproducible format.
family IR
framework nist-800-53
Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery; Coordinate incident handling activities with contingency planning activities; Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization.
family IR
framework nist-800-53
Support the incident handling process using {{ insert: param, ir-04.01_odp }}.
family IR
framework nist-800-53
Coordinate incident handling activities involving supply chain events with other organizations involved in the supply chain.
family IR
framework nist-800-53
Establish and maintain an integrated incident response team that can be deployed to any location identified by the organization in {{ insert: param, ir-04.11_odp }}.
family IR
framework nist-800-53
Analyze malicious code and/or other residual artifacts remaining in the system after the incident.
family IR
framework nist-800-53
Analyze anomalous or suspected adversarial behavior in or related to {{ insert: param, ir-04.13_odp }}.
family IR
framework nist-800-53
Establish and maintain a security operations center.
family IR
framework nist-800-53
Manage public relations associated with an incident; and Employ measures to repair the reputation of the organization.
family IR
framework nist-800-53
Include the following types of dynamic reconfiguration for {{ insert: param, ir-04.02_odp.02 }} as part of the incident response capability: {{ insert: param, ir-04.02_odp.01 }}.
family IR
framework nist-800-53
Identify {{ insert: param, ir-04.03_odp.01 }} and take the following actions in response to those incidents to ensure continuation of organizational mission and business functions: {{ insert: param, ir-04.03_odp.02 }}.
family IR
framework nist-800-53
Correlate incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response.
family IR
framework nist-800-53
Implement a configurable capability to automatically disable the system if {{ insert: param, ir-04.05_odp }} are detected.
family IR
framework nist-800-53
Implement an incident handling capability for incidents involving insider threats.
family IR
framework nist-800-53
Coordinate an incident handling capability for insider threats that includes the following organizational entities {{ insert: param, ir-04.07_odp }}.
family IR
framework nist-800-53
Coordinate with {{ insert: param, ir-04.08_odp.01 }} to correlate and share {{ insert: param, ir-04.08_odp.02 }} to achieve a cross-organization perspective on incident awareness and more effective incident responses.
family IR
framework nist-800-53
Employ {{ insert: param, ir-04.09_odp }} to respond to incidents.
family IR
framework nist-800-53
Track and document incidents.
family IR
framework nist-800-53
Track incidents and collect and analyze incident information using {{ insert: param, ir-5.1_prm_1 }}.
family IR
framework nist-800-53
Require personnel to report suspected incidents to the organizational incident response capability within {{ insert: param, ir-06_odp.01 }} ; and Report incident information to {{ insert: param, ir-06_odp.02 }}.
family IR
framework nist-800-53
Report incidents using {{ insert: param, ir-06.01_odp }}.
family IR
framework nist-800-53
Report system vulnerabilities associated with reported incidents to {{ insert: param, ir-06.02_odp }}.
family IR
framework nist-800-53
Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident.
family IR
framework nist-800-53
Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents.
family IR
framework nist-800-53
Increase the availability of incident response information and support using {{ insert: param, ir-07.01_odp }}.
family IR
framework nist-800-53
Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and Identify organizational incident response team members to the external providers.
family IR
framework nist-800-53
Develop an incident response plan that: Provides the organization with a roadmap for implementing its incident response capability; Describes the structure and organization of the incident response capability; Provides a high-level approach for how the incident response capability fits into the overall organization; Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; Defines reportable incidents; Provides metrics for measuring the incident response capability within the organization; Defines the resources and management support needed to effectively maintain and mature an incident response capability; Addresses the sharing of incident information; Is reviewed and approved by {{ insert: param, ir-08_odp.01 }} {{ insert: param, ir-08_odp.02 }} ; and Explicitly designates responsibility for incident response to {{ insert: param, ir-08_odp.03 }}. Distribute copies of the incident response plan to {{ insert: param, ir-08_odp.04 }}; Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing; Communicate incident response plan changes to {{ insert: param, ir-8_prm_5 }} ; and Protect the incident response plan from unauthorized disclosure and modification.
family IR
framework nist-800-53
Include the following in the Incident Response Plan for breaches involving personally identifiable information: A process to determine if notice to individuals or other organizations, including oversight organizations, is needed; An assessment process to determine the extent of the harm, embarrassment, inconvenience, or unfairness to affected individuals and any mechanisms to mitigate such harms; and Identification of applicable privacy requirements.
family IR
framework nist-800-53
Respond to information spills by: Assigning {{ insert: param, ir-09_odp.01 }} with responsibility for responding to information spills; Identifying the specific information involved in the system contamination; Alerting {{ insert: param, ir-09_odp.02 }} of the information spill using a method of communication not associated with the spill; Isolating the contaminated system or system component; Eradicating the information from the contaminated system or component; Identifying other systems or system components that may have been subsequently contaminated; and Performing the following additional actions: {{ insert: param, ir-09_odp.03 }}.
family IR
framework nist-800-53
family IR
framework nist-800-53
Provide information spillage response training {{ insert: param, ir-09.02_odp }}.
family IR
framework nist-800-53
Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: {{ insert: param, ir-09.03_odp }}.
family IR
framework nist-800-53
Employ the following controls for personnel exposed to information not within assigned access authorizations: {{ insert: param, ir-09.04_odp }}.
family IR
framework nist-800-53
Develop, document, and disseminate to {{ insert: param, ma-1_prm_1 }}: {{ insert: param, ma-01_odp.03 }} maintenance policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the maintenance policy and the associated maintenance controls; Designate an {{ insert: param, ma-01_odp.04 }} to manage the development, documentation, and dissemination of the maintenance policy and procedures; and Review and update the current maintenance: Policy {{ insert: param, ma-01_odp.05 }} and following {{ insert: param, ma-01_odp.06 }} ; and Procedures {{ insert: param, ma-01_odp.07 }} and following {{ insert: param, ma-01_odp.08 }}.
family MA
framework nist-800-53
Schedule, document, and review records of maintenance, repair, and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements; Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location; Require that {{ insert: param, ma-02_odp.01 }} explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement; Sanitize equipment to remove the following information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement: {{ insert: param, ma-02_odp.02 }}; Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; and Include the following information in organizational maintenance records: {{ insert: param, ma-02_odp.03 }}.
family MA
framework nist-800-53
family MA
framework nist-800-53
Schedule, conduct, and document maintenance, repair, and replacement actions for the system using {{ insert: param, ma-2.2_prm_1 }} ; and Produce up-to date, accurate, and complete records of all maintenance, repair, and replacement actions requested, scheduled, in process, and completed.
family MA
framework nist-800-53
Approve, control, and monitor the use of system maintenance tools; and Review previously approved system maintenance tools {{ insert: param, ma-03_odp }}.
family MA
framework nist-800-53
Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications.
family MA
framework nist-800-53
Check media containing diagnostic and test programs for malicious code before the media are used in the system.
family MA
framework nist-800-53
Prevent the removal of maintenance equipment containing organizational information by: Verifying that there is no organizational information contained on the equipment; Sanitizing or destroying the equipment; Retaining the equipment within the facility; or Obtaining an exemption from {{ insert: param, ma-03.03_odp }} explicitly authorizing removal of the equipment from the facility.
family MA
framework nist-800-53
Restrict the use of maintenance tools to authorized personnel only.
family MA
framework nist-800-53
Monitor the use of maintenance tools that execute with increased privilege.
family MA
framework nist-800-53
Inspect maintenance tools to ensure the latest software updates and patches are installed.
family MA
framework nist-800-53
Approve and monitor nonlocal maintenance and diagnostic activities; Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system; Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions; Maintain records for nonlocal maintenance and diagnostic activities; and Terminate session and network connections when nonlocal maintenance is completed.
family MA
framework nist-800-53
Log {{ insert: param, ma-4.1_prm_1 }} for nonlocal maintenance and diagnostic sessions; and Review the audit records of the maintenance and diagnostic sessions to detect anomalous behavior.
family MA
framework nist-800-53
family MA
framework nist-800-53
Require that nonlocal maintenance and diagnostic services be performed from a system that implements a security capability comparable to the capability implemented on the system being serviced; or Remove the component to be serviced from the system prior to nonlocal maintenance or diagnostic services; sanitize the component (for organizational information); and after the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system.
family MA
framework nist-800-53
Protect nonlocal maintenance sessions by: Employing {{ insert: param, ma-04.04_odp }} ; and Separating the maintenance sessions from other network sessions with the system by either: Physically separated communications paths; or Logically separated communications paths.
family MA
framework nist-800-53
Require the approval of each nonlocal maintenance session by {{ insert: param, ma-04.05_odp.01 }} ; and Notify the following personnel or roles of the date and time of planned nonlocal maintenance: {{ insert: param, ma-04.05_odp.02 }}.
family MA
framework nist-800-53
Implement the following cryptographic mechanisms to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications: {{ insert: param, ma-04.06_odp }}.
family MA
framework nist-800-53
Verify session and network connection termination after the completion of nonlocal maintenance and diagnostic sessions.
family MA
framework nist-800-53
Establish a process for maintenance personnel authorization and maintain a list of authorized maintenance organizations or personnel; Verify that non-escorted personnel performing maintenance on the system possess the required access authorizations; and Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.
family MA
framework nist-800-53
Implement procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements: Maintenance personnel who do not have needed access authorizations, clearances, or formal access approvals are escorted and supervised during the performance of maintenance and diagnostic activities on the system by approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified; and Prior to initiating maintenance or diagnostic activities by personnel who do not have needed access authorizations, clearances or formal access approvals, all volatile information storage components within the system are sanitized and all nonvolatile storage media are removed or physically disconnected from the system and secured; and Develop and implement {{ insert: param, ma-05.01_odp }} in the event a system component cannot be sanitized, removed, or disconnected from the system.
family MA
framework nist-800-53
Verify that personnel performing maintenance and diagnostic activities on a system processing, storing, or transmitting classified information possess security clearances and formal access approvals for at least the highest classification level and for compartments of information on the system.
family MA
framework nist-800-53
Verify that personnel performing maintenance and diagnostic activities on a system processing, storing, or transmitting classified information are U.S. citizens.
family MA
framework nist-800-53
Ensure that: Foreign nationals with appropriate security clearances are used to conduct maintenance and diagnostic activities on classified systems only when the systems are jointly owned and operated by the United States and foreign allied governments, or owned and operated solely by foreign allied governments; and Approvals, consents, and detailed operational conditions regarding the use of foreign nationals to conduct maintenance and diagnostic activities on classified systems are fully documented within Memoranda of Agreements.
family MA
framework nist-800-53
Ensure that non-escorted personnel performing maintenance activities not directly associated with the system but in the physical proximity of the system, have required access authorizations.
family MA
framework nist-800-53
Obtain maintenance support and/or spare parts for {{ insert: param, ma-06_odp.01 }} within {{ insert: param, ma-06_odp.02 }} of failure.
family MA
framework nist-800-53
Perform preventive maintenance on {{ insert: param, ma-06.01_odp.01 }} at {{ insert: param, ma-06.01_odp.02 }}.
family MA
framework nist-800-53
Perform predictive maintenance on {{ insert: param, ma-06.02_odp.01 }} at {{ insert: param, ma-06.02_odp.02 }}.
family MA
framework nist-800-53
Transfer predictive maintenance data to a maintenance management system using {{ insert: param, ma-06.03_odp }}.
family MA
framework nist-800-53