Top Viewed Controls (Last 30 Days)
The organization develops, disseminates, and reviews/updates [Assignment: organization-defined frequency]:
a. A formal, documented access control policy that addresses purpose, scope, roles,...
System libraries are managed and maintained to protect privileged programs and to prevent or minimize the introduction of unauthorized code.
The organization:
a. Monitors events on the information system in accordance with [Assignment: organization-defined monitoring objectives] and detects information system attacks;
b. Identifies...
The organization restricts the capability to input information to the information system to authorized personnel.
The organization:
a. Employs malicious code protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and...
The organization:
a. Employs spam protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and take action...
The organization develops, disseminates, and reviews/updates [Assignment: organization-defined frequency]:
a. A formal, documented system and information integrity policy that addresses purpose,...
The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.
The organization:
a. Authorizes connections from the information system to other information systems outside of the authorization boundary through the use of Interconnection Security Agreements;
b....
The organization:
a. Separates duties of individuals as necessary, to prevent malevolent activity without collusion;
b. Documents separation of duties; and
c. Implements separation of duties...
Internal security labels that are an integral part of the electronic data or media.
The information system separates user functionality (including user interface services) from information system management functionality.
Wireless computing and networking capabilities from workstations, laptops, personal digital assistants (PDAs), handheld computers, cellular phones, or other portable electronic devices are...
The organization:
a. Categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance;
b....
The information system verifies the correct operation of security functions [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with...