|Access Control (AC)
|C002 Control internal system access
|Identify and mitigate risk associated with unidentified wireless access points connected to the network.
|Audit & Accountability (AU)
|C008 Perform auditing
|Identify assets not reporting audit logs and assure appropriate organizationally defined systems are logging.
|Configuration Management (CM)
|C014 Perform configuration and change management
|Verify the integrity and correctness of security critical or essential software as defined by the organization (e.g., roots of trust, formal verification or cryptographic signatures).
|Incident Response (IR)
|C016 Plan incident response
|In response to cyber incidents, utilize forensic data gathering across impacted systems, ensuring the secure transfer and protection of forensic data.
|C018 Develop and implement a response to a declared incident
|Use a combination of manual and automated, real-time response to anomalous activities that match incident patterns.
|Establish and maintain a Cyber Incident Response Team (CIRT) that can investigate an issue physically or virtually at any location within 24 hours.
|C020 Test incident response
|Perform unannounced operational exercises to demonstrate technical and procedural responses.
|C030 Manage information security continuity
|Ensure information processing facilities meet organizationally-defined information security continuity, redundancy and availability requirements.
|Risk Management (RM)
|C032 Manage risk
|Utilize an exception process for non-whitelisted software that includes mitigation techniques.
|Analyze the effectiveness of security solutions at least annually to address anticipated risk to the system and the organization based on current and accumulated threat intelligence.
|System & Communications Protection (SC)
|C038 Define security requirements for systems and communications
|Configure monitoring systems to record packets passing through the organization’s Internet network boundaries and other organizational-defined boundaries.
|Enforce port and protocol compliance.
|C039 Control communications at system boundaries
|Employ organizationally-defined and tailored boundary protections in addition to commercially-available solutions.
|System & Information Integrity (SI)
|C041 Identify malicious content
|Analyze system behavior to detect and mitigate execution of normal system commands and scripts that indicate malicious actions.
|C042 Perform network and system monitoring
|Monitor individuals and system components on an ongoing basis for anomalous or suspicious behavior.