NIST Control

This category stores NIST related controls

Showing 5 random demo records from library Please login for full library access

NIST Control (1,213)



# Name Description
1 NIST-CSF-2.0_GV.RM-06: Standardized Cybersecurity Risk Assessment Control: NIST-CSF-2.0_GV.RM-06: Standardized Cybersecurity Risk Assessment Control Objective: To establish a consistent framework for identifying, documenting, and prioritizing cybersecurity risks. Description: This control mandates the implementation of a standardized method for calculating and categorizing cybersecurity risks, ensuring effective communication of these risks across the organization. Control Owners: Risk Manager (Risk Management Department) Control Impacts: *Enhanced Ris ...
2 NIST-SP_800-53r5_MP-8(3): Media Downgrading | Controlled Unclassified Information Control: Media Downgrade Compliance Control Control Objective: Ensure all media containing controlled unclassified information is properly downgraded before public dissemination. Description: Implement a systematic process to downgrade media with controlled unclassified information, utilizing approved tools and procedures, to meet compliance requirements. Control Owners: Compliance Officer (Compliance Department) Control Impacts: *Compliance Assurance* This control mitigates the risk of ...
3 NIST-SP_800-53r5_SC-12(6): Cryptographic Key Establishment and Management | Physical Control of Keys Control: Physical Control of Cryptographic Keys Control Objective: To ensure unauthorized access to cryptographic keys is prevented, thereby safeguarding stored encrypted information. Description: This control establishes protocols for the physical safeguarding of cryptographic keys utilized by external service providers, ensuring that keys are not susceptible to theft or unauthorized access. Control Owners: Chief Information Security Officer (Information Security Department) Control Impa ...
4 NIST-SP_800-53r5_CM-5(4): Access Restrictions for Change | Dual Authorization Control: Dual Authorization for System Changes Control Objective: To prevent unauthorized changes to system components by ensuring approval from two qualified individuals. Description: Implement a dual authorization process where two qualified individuals must approve and implement any changes to defined system components and system-level information. This process helps ensure accountability and correctness in change management. Control Owners: Change Management Officer (Risk Management De ...
5 NIST-SP_800-53r5_AC-9(2): Previous Logon Notification | Successful and Unsuccessful Logons Control: User Logon Notification Control Control Objective: To inform users about their logon activity, enhancing awareness and security. Description: This control notifies users of their successful and unsuccessful logon attempts within a specified period, allowing them to monitor potential unauthorized access. Control Owners: Information Security Officer (Security Department) Control Impacts: *Increased User Awareness* Users can recognize unusual logon activity and report suspicious a ...