TOOLS COMING SOON: Difference between revisions

From GCA ACT
Jump to navigationJump to search
No edit summary
No edit summary
Line 4: Line 4:
<br><br>
<br><br>
'''''Want to get involved in other ways?''''' [[HELP_US_BUILD_ACT_-_GET_INVOLVED|Please see our support needs page.]]
'''''Want to get involved in other ways?''''' [[HELP_US_BUILD_ACT_-_GET_INVOLVED|Please see our support needs page.]]
[[Category:Account Authentication Data]]
[[Category:Accounts Payable]]
[[Category:Accounts Receivable]]
[[Category:Argentina]]
[[Category:Asset Collocation Risk Reduction Techniques]]
[[Category:BYOD Policy Implementation]]
[[Category:Bank Accounts]]
[[Category:Being Cautious with Personal Information]]
[[Category:Brazil]]
[[Category:Built-In Internet Service Security]]
[[Category:Business Accounts with Suppliers]]
[[Category:CIS - 1.1 - Identify - Devices - Establish and Maintain Detailed Enterprise Asset Inventory]]
[[Category:CIS - 1.2 - Respond - Devices - Address Unauthorized Assets]]
[[Category:CIS - 1.3 - Detect - Devices - Utilize an Active Discovery Tool]]
[[Category:CIS - 1.4 - Identify - Devices - Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory]]
[[Category:CIS - 1.5 - Detect - Devices - Use a Passive Asset Discovery Tool]]
[[Category:CIS - 10.1 - Protect - Devices - Deploy and Maintain Anti-Malware Software]]
[[Category:CIS - 10.2 - Protect - Devices - Configure Automatic Anti-Malware Signature Updates]]
[[Category:CIS - 10.3 - Protect - Devices - Disable Autorun and Autoplay for Removable Media]]
[[Category:CIS - 10.4 - Detect - Devices - Configure Automatic Anti-Malware Scanning of Removable Media]]
[[Category:CIS - 10.5 - Protect - Devices - Enable Anti-Exploitation Features]]
[[Category:CIS - 10.6 - Protect - Devices - Centrally Manage Anti-Malware Software]]
[[Category:CIS - 10.7 - Detect - Devices - Use Behavior-Based Anti-Malware Software]]
[[Category:CIS - 11.1 - Recover - Data - Establish and Maintain a Data Recovery Process]]
[[Category:CIS - 11.2 - Recover - Data - Perform Automated Backups]]
[[Category:CIS - 11.3 - Protect - Data - Protect Recovery Data]]
[[Category:CIS - 11.4 - Recover - Data - Establish and Maintain an Isolated Instance of Recovery Data]]
[[Category:CIS - 11.5 - Recover - Data - Test Data Recovery]]
[[Category:CIS - 12.1 - Protect - Network - Ensure Network Infrastructure is Up-to-Date]]
[[Category:CIS - 12.2 - Protect - Network - Establish and Maintain a Secure Network Architecture]]
[[Category:CIS - 12.3 - Protect - Network - Securely Manage Network Infrastructure]]
[[Category:CIS - 12.4 - Identify - Network - Establish and Maintain Architecture Diagram(s)]]
[[Category:CIS - 12.5 - Protect - Network - Centralize Network Authentication, Authorization, and Auditing (AAA)]]
[[Category:CIS - 12.6 - Protect - Network - Use of Secure Network Management and Communication Protocols]]
[[Category:CIS - 12.7 - Protect - Devices - Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure]]
[[Category:CIS - 12.8 - Protect - Devices - Establish and Maintain Dedicated Computing Resources for All Administrative Work]]
[[Category:CIS - 13.11 - Detect - Network - Tune Security Event Alerting Thresholds]]
[[Category:CIS - 13.1 - Detect - Network - Centralize Security Event Alerting]]
[[Category:CIS - 13.1 - Protect - Network - Perform Application Layer Filtering]]
[[Category:CIS - 13.2 - Detect - Devices - Deploy a Host-Based Intrusion Detection Solution]]
[[Category:CIS - 13.3 - Detect - Network - Deploy a Network Intrusion Detection Solution]]
[[Category:CIS - 13.4 - Protect - Network - Perform Traffic Filtering Between Network Segments]]
[[Category:CIS - 13.5 - Protect - Devices - Manage Access Control for Remote Assets]]
[[Category:CIS - 13.6 - Detect - Network - Collect Network Traffic Flow Logs]]
[[Category:CIS - 13.7 - Protect - Devices - Deploy a Host-Based Intrusion Prevention Solution]]
[[Category:CIS - 13.8 - Protect - Network - Deploy a Network Intrusion Prevention Solution]]
[[Category:CIS - 13.9 - Protect - Devices - Deploy Port-Level Access Control]]
[[Category:CIS - 14.1 - Protect - Establish and Maintain a Security Awareness Program]]
[[Category:CIS - 14.2 - Protect - Train Workforce Members to Recognize Social Engineering Attacks]]
[[Category:CIS - 14.3 - Protect - Train Workforce Members on Authentication Best Practices]]
[[Category:CIS - 14.4 - Protect - Train Workforce on Data Handling Best Practices]]
[[Category:CIS - 14.5 - Protect - Train Workforce Members on Causes of Unintentional Data Exposure]]
[[Category:CIS - 14.6 - Protect - Train Workforce Members on Recognizing and Reporting Security Incidents]]
[[Category:CIS - 14.7 - Protect - Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates]]
[[Category:CIS - 14.8 - Protect - Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks]]
[[Category:CIS - 14.9 - Protect - Conduct Role-Specific Security Awareness and Skills Training]]
[[Category:CIS - 15.1 - Identify - Establish and Maintain an Inventory of Service Providers]]
[[Category:CIS - 15.2 - Identify - Establish and Maintain a Service Provider Management Policy]]
[[Category:CIS - 15.3 - Identify - Classify Service Providers]]
[[Category:CIS - 15.4 - Protect - Ensure Service Provider Contracts Include Security Requirements]]
[[Category:CIS - 15.5 - Identify - Assess Service Providers]]
[[Category:CIS - 15.6 - Detect - Data - Monitor Service Providers]]
[[Category:CIS - 15.7 - Protect - Data - Securely Decommission Service Providers]]
[[Category:CIS - 16.11 - Protect - Applications - Leverage Vetted Modules or Services for Application Security Components]]
[[Category:CIS - 16.12 - Protect - Applications - Implement Code-Level Security Checks]]
[[Category:CIS - 16.13 - Protect - Applications - Conduct Application Penetration Testing]]
[[Category:CIS - 16.14 - Protect - Applications - Conduct Threat Modeling]]
[[Category:CIS - 16.1 - Protect - Applications - Apply Secure Design Principles in Application Architectures]]
[[Category:CIS - 16.1 - Protect - Applications - Establish and Maintain a Secure Application Development Process]]
[[Category:CIS - 16.2 - Protect - Applications - Establish and Maintain a Process to Accept and Address Software Vulnerabilities]]
[[Category:CIS - 16.3 - Protect - Applications - Perform Root Cause Analysis on Security Vulnerabilities]]
[[Category:CIS - 16.4 - Protect - Applications - Establish and Manage an Inventory of Third-Party Software Components]]
[[Category:CIS - 16.5 - Protect - Applications - Use Up-to-Date and Trusted Third-Party Software Components]]
[[Category:CIS - 16.6 - Protect - Applications - Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities]]
[[Category:CIS - 16.7 - Protect - Applications - Use Standard Hardening Configuration Templates for Application Infrastructure]]
[[Category:CIS - 16.8 - Protect - Applications - Separate Production and Non-Production Systems]]
[[Category:CIS - 16.9 - Protect - Applications - Train Developers in Application Security Concepts and Secure Coding]]
[[Category:CIS - 17.1 - Respond - Designate Personnel to Manage Incident Handling]]
[[Category:CIS - 17.2 - Respond - Establish and Maintain Contact Information for Reporting Security Incidents]]
[[Category:CIS - 17.3 - Respond - Establish and Maintain an Enterprise Process for Reporting Incidents]]
[[Category:CIS - 17.4 - Respond - Establish and Maintain an Incident Response Process]]
[[Category:CIS - 17.5 - Respond - Assign Key Roles and Responsibilities]]
[[Category:CIS - 17.6 - Respond - Define Mechanisms for Communicating During Incident Response]]
[[Category:CIS - 17.7 - Recover - Conduct Routine Incident Response Exercises]]
[[Category:CIS - 17.8 - Recover - Conduct Post-Incident Reviews]]
[[Category:CIS - 17.9 - Recover - Establish and Maintain Security Incident Thresholds]]
[[Category:CIS - 18.1 - Identify - Establish and Maintain a Penetration Testing Program]]
[[Category:CIS - 18.2 - Identify - Network - Perform Periodic External Penetration Tests]]
[[Category:CIS - 18.3 - Protect - Network - Remediate Penetration Test Findings]]
[[Category:CIS - 18.4 - Protect - Network - Validate Security Measures]]
[[Category:CIS - 18.5 - Identify - Perform Periodic Internal Penetration Tests]]
[[Category:CIS - 2.1 - Identify - Applications - Establish and Maintain a Software Inventory]]
[[Category:CIS - 2.2 - Identify - Applications - Ensure Authorized Software is Currently Supported]]
[[Category:CIS - 2.3 - Respond - Applications - Address Unauthorized Software]]
[[Category:CIS - 2.4 - Detect - Applications - Utilize Automated Software Inventory Tools]]
[[Category:CIS - 2.5 - Protect - Applications - Allowlist Authorized Software]]
[[Category:CIS - 2.6 - Protect - Applications - Allowlist Authorized Libraries]]
[[Category:CIS - 2.7 - Protect - Applications - Allowlist Authorized Scripts]]
[[Category:CIS - 3.11 - Protect - Data - Encrypt Sensitive Data at Rest]]
[[Category:CIS - 3.12 - Protect - Network - Segment Data Processing and Storage Based on Sensitivity]]
[[Category:CIS - 3.13 - Protect - Data - Deploy a Data Loss Prevention Solution]]
[[Category:CIS - 3.14 - Detect - Data - Log Sensitive Data Access]]
[[Category:CIS - 3.1 - Identify - Data - Establish and Maintain a Data Management Process]]
[[Category:CIS - 3.1 - Protect - Data - Encrypt Sensitive Data in Transit]]
[[Category:CIS - 3.2 - Identify - Data - Establish and Maintain a Data Inventory]]
[[Category:CIS - 3.3 - Protect - Data - Configure Data Access Control Lists]]
[[Category:CIS - 3.4 - Protect - Data - Enforce Data Retention]]
[[Category:CIS - 3.5 - Protect - Data - Securely Dispose of Data]]
[[Category:CIS - 3.6 - Protect - Devices - Encrypt Data on End-User Devices]]
[[Category:CIS - 3.7 - Identify - Data - Establish and Maintain a Data Classification Scheme]]
[[Category:CIS - 3.8 - Identify - Data - Document Data Flows]]
[[Category:CIS - 3.9 - Protect - Data - Encrypt Data on Removable Media]]
[[Category:CIS - 4.11 - Protect - Devices - Enforce Remote Wipe Capability on Portable End-User Devices]]
[[Category:CIS - 4.12 - Protect - Devices - Separate Enterprise Workspaces on Mobile End-User Devices]]
[[Category:CIS - 4.1 - Protect - Applications - Establish and Maintain a Secure Configuration Process]]
[[Category:CIS - 4.1 - Respond - Devices - Enforce Automatic Device Lockout on Portable End-User Devices]]
[[Category:CIS - 4.2 - Protect - Network - Establish and Maintain a Secure Configuration Process for Network Infrastructure]]
[[Category:CIS - 4.3 - Protect - Users - Configure Automatic Session Locking on Enterprise Assets]]
[[Category:CIS - 4.4 - Protect - Devices - Implement and Manage a Firewall on Servers]]
[[Category:CIS - 4.5 - Protect - Devices - Implement and Manage a Firewall on End-User Devices]]
[[Category:CIS - 4.6 - Protect - Network - Securely Manage Enterprise Assets and Software]]
[[Category:CIS - 4.7 - Protect - Users - Manage Default Accounts on Enterprise Assets and Software]]
[[Category:CIS - 4.8 - Protect - Devices - Uninstall or Disable Unnecessary Services on Enterprise Assets and Software]]
[[Category:CIS - 4.9 - Protect - Devices - Configure Trusted DNS Servers on Enterprise Assets]]
[[Category:CIS - 5.1 - Identify - Users - Establish and Maintain an Inventory of Accounts]]
[[Category:CIS - 5.2 - Protect - Users - Use Unique Passwords]]
[[Category:CIS - 5.3 - Respond - Users - Disable Dormant Accounts]]
[[Category:CIS - 5.4 - Protect - Users - Restrict Administrator Privileges to Dedicated Administrator Accounts]]
[[Category:CIS - 5.5 - Identify - Users - Establish and Maintain an Inventory of Service Accounts]]
[[Category:CIS - 5.6 - Protect - Users - Centralize Account Management]]
[[Category:CIS - 6.1 - Protect - Users - Establish an Access Granting Process]]
[[Category:CIS - 6.2 - Protect - Users - Establish an Access Revoking Process]]
[[Category:CIS - 6.3 - Protect - Users - Require MFA for Externally-Exposed Applications]]
[[Category:CIS - 6.4 - Protect - Users - Require MFA for Remote Network Access]]
[[Category:CIS - 6.5 - Protect - Users - Require MFA for Administrative Access]]
[[Category:CIS - 6.6 - Identify - Users - Establish and Maintain an Inventory of Authentication and Authorization Systems]]
[[Category:CIS - 6.7 - Protect - Users - Centralize Access Control]]
[[Category:CIS - 6.8 - Protect - Data - Define and Maintain Role-Based Access Control]]
[[Category:CIS - 7.1 - Protect - Applications - Establish and Maintain a Vulnerability Management Process]]
[[Category:CIS - 7.2 - Respond - Applications - Establish and Maintain a Remediation Process]]
[[Category:CIS - 7.3 - Protect - Applications - Perform Automated Operating System Patch Management]]
[[Category:CIS - 7.4 - Protect - Applications - Perform Automated Application Patch Management]]
[[Category:CIS - 7.5 - Identify - Applications - Perform Automated Vulnerability Scans of Internal Enterprise Assets]]
[[Category:CIS - 7.6 - Identify - Applications - Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets]]
[[Category:CIS - 7.7 - Respond - Applications - Remediate Detected Vulnerabilities]]
[[Category:CIS - 8.11 - Detect - Network - Conduct Audit Log Reviews]]
[[Category:CIS - 8.12 - Detect - Data - Collect Service Provider Logs]]
[[Category:CIS - 8.1 - Protect - Network - Establish and Maintain an Audit Log Management Process]]
[[Category:CIS - 8.1 - Protect - Network - Retain Audit Logs]]
[[Category:CIS - 8.2 - Detect - Network - Collect Audit Logs]]
[[Category:CIS - 8.3 - Protect - Network - Ensure Adequate Audit Log Storage]]
[[Category:CIS - 8.4 - Protect - Network - Standardize Time Synchronization]]
[[Category:CIS - 8.5 - Detect - Network - Collect Detailed Audit Logs]]
[[Category:CIS - 8.6 - Detect - Network - Collect DNS Query Audit Logs]]
[[Category:CIS - 8.7 - Detect - Network - Collect URL Request Audit Logs]]
[[Category:CIS - 8.8 - Detect - Devices - Collect Command-Line Audit Logs]]
[[Category:CIS - 8.9 - Detect - Network - Centralize Audit Logs]]
[[Category:CIS - 9.1 - Protect - Applications - Ensure Use of Only Fully Supported Browsers and Email Clients]]
[[Category:CIS - 9.2 - Protect - Network - Use DNS Filtering Services]]
[[Category:CIS - 9.3 - Protect - Network - Maintain and Enforce Network-Based URL Filters]]
[[Category:CIS - 9.4 - Protect - Applications - Restrict Unnecessary or Unauthorized Browser and Email Client Extensions]]
[[Category:CIS - 9.5 - Protect - Network - Implement DMARC]]
[[Category:CIS - 9.6 - Protect - Network - Block Unnecessary File Types]]
[[Category:CIS - 9.7 - Protect - Network - Deploy and Maintain Email Server Anti-Malware Protections]]
[[Category:Cable Modems]]
[[Category:Cash Registers]]
[[Category:Centralized Exchange Account Recovery]]
[[Category:Centralized Exchange Withdrawal Policies]]
[[Category:Chaining Wallets for NFTs]]
[[Category:ChromeOS]]
[[Category:Commercially Available Monitoring Software]]
[[Category:Constituent Authentication]]
[[Category:Constituent Information]]
[[Category:Credit Cards]]
[[Category:Credit Lines]]
[[Category:Crypto Compliance Training]]
[[Category:Cryptocurrency]]
[[Category:Cryptocurrency Attack Blast Radius Risk Management Techniques]]
[[Category:Cryptocurrency Courses and Workshops]]
[[Category:Cryptocurrency Insurance]]
[[Category:Cryptocurrency Investigation Training]]
[[Category:Cryptocurrency News Sources]]
[[Category:Cryptocurrency Technical Support Scam]]
[[Category:Customer Authentication]]
[[Category:Customer Information]]
[[Category:Cyber-Related Fraud, Criminal, or Data Breach Activity]]
[[Category:Cyberbullying Prevention]]
[[Category:DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed]]
[[Category:DE.AE-2: Detected events are analyzed to understand attack targets and methods]]
[[Category:DE.AE-3: Event data are collected and correlated from multiple sources and sensors]]
[[Category:DE.AE-4: Impact of events is determined]]
[[Category:DE.AE-5: Incident alert thresholds are established]]
[[Category:DE.CM-1: The network is monitored to detect potential cybersecurity events]]
[[Category:DE.CM-2: The physical environment is monitored to detect potential cybersecurity events]]
[[Category:DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events]]
[[Category:DE.CM-4: Malicious code is detected]]
[[Category:DE.CM-5: Unauthorized mobile code is detected]]
[[Category:DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events]]
[[Category:DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed]]
[[Category:DE.CM-8: Vulnerability scans are performed]]
[[Category:DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability]]
[[Category:DE.DP-2: Detection activities comply with all applicable requirements]]
[[Category:DE.DP-3: Detection processes are tested]]
[[Category:DE.DP-4: Event detection information is communicated]]
[[Category:DE.DP-5: Detection processes are continuously improved]]
[[Category:DEX Best Practices]]
[[Category:Data Minimization]]
[[Category:Debit Cards]]
[[Category:Decentralized Exchange Account Recovery]]
[[Category:Decentralized Exchange Withdrawal Policies]]
[[Category:Different Types of Digital Currency]]
[[Category:Digital Currency Online Forums and Communities]]
[[Category:Digital Currency Security Blogs and Updates]]
[[Category:Donation Card Dip Stations]]
[[Category:Donations]]
[[Category:Donor Authentication]]
[[Category:Donor Information]]
[[Category:Donor Relationships]]
[[Category:Dummy Wallets]]
[[Category:Educating Students on Online Safety]]
[[Category:Employee Identity Verification & Background Checks]]
[[Category:Employee Information]]
[[Category:Encryption Keys]]
[[Category:Ethernet]]
[[Category:Financial Data]]
[[Category:GEN - Vulnerability Management]]
[[Category:Gaming Consoles]]
[[Category:General Ledger]]
[[Category:Geolocation]]
[[Category:Hard Token Passcode Generators]]
[[Category:Hardware Wallet Use]]
[[Category:How to Spot Non-Reputable NFT Projects]]
[[Category:Hubs]]
[[Category:ID.AM-1: Physical devices and systems within the organization are inventoried]]
[[Category:ID.AM-2: Software platforms and applications within the organization are inventoried]]
[[Category:ID.AM-3: Organizational communication and data flows are mapped]]
[[Category:ID.AM-4: External information systems are catalogued]]
[[Category:ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value]]
[[Category:ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established]]
[[Category:ID.BE-1: The organization’s role in the supply chain is identified and communicated]]
[[Category:ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated]]
[[Category:ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated]]
[[Category:ID.BE-4: Dependencies and critical functions for delivery of critical services are established]]
[[Category:ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress or attack, during recovery, normal operations)]]
[[Category:ID.GV-1: Organizational cybersecurity policy is established and communicated]]
[[Category:ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners]]
[[Category:ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed]]
[[Category:ID.GV-4: Governance and risk management processes address cybersecurity risks]]
[[Category:ID.RA-1: Asset vulnerabilities are identified and documented]]
[[Category:ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources]]
[[Category:ID.RA-3: Threats, both internal and external, are identified and documented]]
[[Category:ID.RA-4: Potential business impacts and likelihoods are identified]]
[[Category:ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk]]
[[Category:ID.RA-6: Risk responses are identified and prioritized]]
[[Category:ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders]]
[[Category:ID.RM-2: Organizational risk tolerance is determined and clearly expressed]]
[[Category:ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis]]
[[Category:ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders]]
[[Category:ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process]]
[[Category:ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.]]
[[Category:ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.]]
[[Category:ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers]]
[[Category:IOS]]
[[Category:Identity as a Service (IDaaS)]]
[[Category:Infrastructure as a Service (IaaS)]]
[[Category:Insider Threat Mitigation]]
[[Category:Insurance & Recovering Losses]]
[[Category:Insurance & Recovering Your Losses]]
[[Category:Intellectual Property]]
[[Category:Kenya]]
[[Category:Laptops & Desktops]]
[[Category:Legal Considerations in Incident Response]]
[[Category:Linux]]
[[Category:Location-based Apps]]
[[Category:Malicious Tokens]]
[[Category:Mobile-Friendly Applications]]
[[Category:Mobile Application Management]]
[[Category:Monitoring]]
[[Category:Monitoring Software]]
[[Category:Monitoring Your Child’s Digital Activities]]
[[Category:Mortgage Accounts]]
[[Category:Multi-Signature Wallet Use]]
[[Category:Online Reputation Management]]
[[Category:Open-Source Monitoring Software]]
[[Category:Open-Source Parental Control Software]]
[[Category:Order Taking Devices]]
[[Category:PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes]]
[[Category:PR.AC-2: Physical access to assets is managed and protected]]
[[Category:PR.AC-3: Remote access is managed]]
[[Category:PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties]]
[[Category:PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation)]]
[[Category:PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions]]
[[Category:PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)]]
[[Category:PR.AT-1: All users are informed and trained]]
[[Category:PR.AT-2: Privileged users understand their roles and responsibilities]]
[[Category:PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities]]
[[Category:PR.AT-4: Senior executives understand their roles and responsibilities]]
[[Category:PR.AT-5: Physical and cybersecurity personnel understand their roles and responsibilities]]
[[Category:PR.DS-1: Data-at-rest is protected]]
[[Category:PR.DS-2: Data-in-transit is protected]]
[[Category:PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition]]
[[Category:PR.DS-4: Adequate capacity to ensure availability is maintained]]
[[Category:PR.DS-5: Protections against data leaks are implemented]]
[[Category:PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity]]
[[Category:PR.DS-7: The development and testing environment(s) are separate from the production environment]]
[[Category:PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity]]
[[Category:PR.IP-10: Response and recovery plans are tested]]
[[Category:PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)]]
[[Category:PR.IP-12: A vulnerability management plan is developed and implemented]]
[[Category:PR.IP-1: A baseline configuration of information technology or industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)]]
[[Category:PR.IP-2: A System Development Life Cycle to manage systems is implemented]]
[[Category:PR.IP-3: Configuration change control processes are in place]]
[[Category:PR.IP-4: Backups of information are conducted, maintained, and tested]]
[[Category:PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met]]
[[Category:PR.IP-6: Data is destroyed according to policy]]
[[Category:PR.IP-7: Protection processes are improved]]
[[Category:PR.IP-8: Effectiveness of protection technologies is shared]]
[[Category:PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed]]
[[Category:PR.MA-1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools]]
[[Category:PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access]]
[[Category:PR.PT-1: Audit or log records are determined, documented, implemented, and reviewed in accordance with policy]]
[[Category:PR.PT-2: Removable media is protected and its use restricted according to policy]]
[[Category:PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities]]
[[Category:PR.PT-4: Communications and control networks are protected]]
[[Category:PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations]]
[[Category:Partner Authentication]]
[[Category:Partner Information]]
[[Category:Partner Relationships]]
[[Category:Payment Processors]]
[[Category:Payroll]]
[[Category:Periodic “Know Your Users” Reviews]]
[[Category:Phishing- or Malware-enabled Private Key Harvesting]]
[[Category:Physical Device Security]]
[[Category:Platform as a Service (PaaS)]]
[[Category:Podcasts]]
[[Category:Point-of-Sale (POS) Terminals]]
[[Category:Ponzi Projects]]
[[Category:Procurement Cards]]
[[Category:Protecting Sensitive Student Information]]
[[Category:Protecting You & Your Child's Personal Information]]
[[Category:RC.CO-1: Public relations are managed]]
[[Category:RC.CO-2: Reputation is repaired after an incident]]
[[Category:RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams]]
[[Category:RC.IM-1: Recovery plans incorporate lessons learned]]
[[Category:RC.IM-2: Recovery strategies are updated]]
[[Category:RC.RP-1: Recovery plan is executed during or after a cybersecurity incident]]
[[Category:RS.AN-1: Notifications from detection systems are investigated]]
[[Category:RS.AN-2: The impact of the incident is understood]]
[[Category:RS.AN-3: Forensics are performed]]
[[Category:RS.AN-4: Incidents are categorized consistent with response plans]]
[[Category:RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)]]
[[Category:RS.CO-1: Personnel know their roles and order of operations when a response is needed]]
[[Category:RS.CO-2: Incidents are reported consistent with established criteria]]
[[Category:RS.CO-3: Information is shared consistent with response plans]]
[[Category:RS.CO-4: Coordination with stakeholders occurs consistent with response plans]]
[[Category:RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness]]
[[Category:RS.IM-1: Response plans incorporate lessons learned]]
[[Category:RS.IM-2: Response strategies are updated]]
[[Category:RS.MI-1: Incidents are contained]]
[[Category:RS.MI-2: Incidents are mitigated]]
[[Category:RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks]]
[[Category:RS.RP-1: Response plan is executed during or after an incident]]
[[Category:Regular Software Updates]]
[[Category:Removing Data from the Internet]]
[[Category:Reporting]]
[[Category:Reporting Cyber-Related Fraud, Criminal, and Data Breach Activity]]
[[Category:Resetting Wallets]]
[[Category:Responsible Online Behavior]]
[[Category:Responsible Social Media Use]]
[[Category:Resynchronizing Wallets]]
[[Category:Role-Based Access Control]]
[[Category:SMS or Text Messaging to Receive Codes]]
[[Category:Safeguarding Online Reputation]]
[[Category:Search Engines & Browsers]]
[[Category:Secure Transaction Best Practices]]
[[Category:Secured Loans]]
[[Category:Securing Digital Curriculum Materials]]
[[Category:Security Awareness Testing]]
[[Category:Security Cameras]]
[[Category:Security Patch Application]]
[[Category:Security Questions]]
[[Category:Send me your (JSON File - Private Key - Mnemonic Passphrase)]]
[[Category:Service Providers]]
[[Category:Smart Contract Wallet Use]]
[[Category:Smart TVs]]
[[Category:Social Media & Applications]]
[[Category:Software Passcode Generators]]
[[Category:Software as a Service (SaaS)]]
[[Category:South Africa]]
[[Category:Supplier Authentication]]
[[Category:Supplier Information]]
[[Category:Supplier Relationships]]
[[Category:USB Flash Drives]]
[[Category:Unsecured Loans]]
[[Category:Utilities]]
[[Category:Volunteer Authentication]]
[[Category:Volunteer Information]]
[[Category:Volunteer Relationships]]
[[Category:Wallet Mnemonic Seed Phrase Protection (Storage - Retrieval - Use)]]
[[Category:Wallet Private Key Protection (Storage - Retrieval - Use)]]
[[Category:Watch-Only Wallet]]
[[Category:What are Cryptocurrency Exchanges?]]
[[Category:What are Digital Wallets?]]
[[Category:What is Digital Currency?]]
[[Category:What is a Private Key?]]
[[Category:What is a Rug-Pull?]]
[[Category:CIS Controls - v8.0]]
[[Category:NIST CSF v1.1]]
[[Category:Supplier Authentication]]
[[Category:Supplier Information]]
[[Category:Supplier Relationships]]
[[Category:USB Flash Drives]]
[[Category:United Kingdom - CDPA]]
[[Category:United Kingdom - GDPR]]
[[Category:United States - COPA]]
[[Category:United States - COPPA]]
[[Category:United States - Find the Law for Your State]]
[[Category:Unsecured Loans]]
[[Category:Utilities]]
[[Category:Volunteer Authentication]]
[[Category:Volunteer Information]]
[[Category:Volunteer Relationships]]
[[Category:Wallet Mnemonic Seed Phrase Protection (Storage - Retrieval - Use)]]
[[Category:Wallet Private Key Protection (Storage - Retrieval - Use)]]
[[Category:Watch-Only Wallet]]
[[Category:What are Cryptocurrency Exchanges?]]
[[Category:What are Digital Wallets?]]
[[Category:What is Digital Currency?]]
[[Category:What is a Private Key?]]
[[Category:What is a Rug-Pull?]]
[[Category:CIS Controls - v8.0]]
[[Category:NIST CSF v1.1]]

Revision as of 22:38, 29 October 2023

Tool Providers: Want to include your tool? Use this form.

End Users: Want to suggest a tool? Send us a note.

Want to get involved in other ways? Please see our support needs page.