Access Control (AC) | C002 Control internal system access | AC.5.024 | Identify and mitigate risk associated with unidentified wireless access points connected to the network. |
Audit & Accountability (AU) | C008 Perform auditing | AU.5.055 | Identify assets not reporting audit logs and assure appropriate organizationally defined systems are logging. |
Configuration Management (CM) | C014 Perform configuration and change management | CM.5.074 | Verify the integrity and correctness of security critical or essential software as defined by the organization (e.g., roots of trust, formal verification or cryptographic signatures). |
Incident Response (IR) | C016 Plan incident response | IR.5.106 | In response to cyber incidents, utilize forensic data gathering across impacted systems, ensuring the secure transfer and protection of forensic data. |
C018 Develop and implement a response to a declared incident | IR.5.102 | Use a combination of manual and automated, real-time response to anomalous activities that match incident patterns. |
IR.5.108 | Establish and maintain a Cyber Incident Response Team (CIRT) that can investigate an issue physically or virtually at any location within 24 hours. |
C020 Test incident response | IR.5.110 | Perform unannounced operational exercises to demonstrate technical and procedural responses. |
Recovery (RE) | C030 Manage information security continuity | RE.5.140 | Ensure information processing facilities meet organizationally-defined information security continuity, redundancy and availability requirements. |
Risk Management (RM) | C032 Manage risk | RM.5.152 | Utilize an exception process for non-whitelisted software that includes mitigation techniques. |
RM.5.155 | Analyze the effectiveness of security solutions at least annually to address anticipated risk to the system and the organization based on current and accumulated threat intelligence. |
System & Communications Protection (SC) | C038 Define security requirements for systems and communications | SC.5.198 | Configure monitoring systems to record packets passing through the organization’s Internet network boundaries and other organizational-defined boundaries. |
SC.5.230 | Enforce port and protocol compliance. |
C039 Control communications at system boundaries | SC.5.208 | Employ organizationally-defined and tailored boundary protections in addition to commercially-available solutions. |
System & Information Integrity (SI) | C041 Identify malicious content | SI.5.222 | Analyze system behavior to detect and mitigate execution of normal system commands and scripts that indicate malicious actions. |
C042 Perform network and system monitoring | SI.5.223 | Monitor individuals and system components on an ongoing basis for anomalous or suspicious behavior. |