TOOLS COMING SOON
From GCA ACT
Jump to navigationJump to search
Tool Providers: Want to include your tool? Use this form.
End Users: Want to suggest a tool? Send us a note.
Want to get involved in other ways? Please see our support needs page.
Categories:
- Account Authentication Data
- Accounts Payable
- Accounts Receivable
- Asset Collocation Risk Reduction Techniques
- BYOD Policy Implementation
- Bank Accounts
- Being Cautious with Personal Information
- Built-In Internet Service Security
- Business Accounts with Suppliers
- CIS - 1.1 - Identify - Devices - Establish and Maintain Detailed Enterprise Asset Inventory
- CIS - 1.2 - Respond - Devices - Address Unauthorized Assets
- CIS - 1.3 - Detect - Devices - Utilize an Active Discovery Tool
- CIS - 1.4 - Identify - Devices - Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory
- CIS - 1.5 - Detect - Devices - Use a Passive Asset Discovery Tool
- CIS - 10.1 - Protect - Devices - Deploy and Maintain Anti-Malware Software
- CIS - 10.2 - Protect - Devices - Configure Automatic Anti-Malware Signature Updates
- CIS - 10.3 - Protect - Devices - Disable Autorun and Autoplay for Removable Media
- CIS - 10.4 - Detect - Devices - Configure Automatic Anti-Malware Scanning of Removable Media
- CIS - 10.5 - Protect - Devices - Enable Anti-Exploitation Features
- CIS - 10.6 - Protect - Devices - Centrally Manage Anti-Malware Software
- CIS - 10.7 - Detect - Devices - Use Behavior-Based Anti-Malware Software
- CIS - 11.1 - Recover - Data - Establish and Maintain a Data Recovery Process
- CIS - 11.2 - Recover - Data - Perform Automated Backups
- CIS - 11.3 - Protect - Data - Protect Recovery Data
- CIS - 11.4 - Recover - Data - Establish and Maintain an Isolated Instance of Recovery Data
- CIS - 11.5 - Recover - Data - Test Data Recovery
- CIS - 12.1 - Protect - Network - Ensure Network Infrastructure is Up-to-Date
- CIS - 12.2 - Protect - Network - Establish and Maintain a Secure Network Architecture
- CIS - 12.3 - Protect - Network - Securely Manage Network Infrastructure
- CIS - 12.4 - Identify - Network - Establish and Maintain Architecture Diagram(s)
- CIS - 12.5 - Protect - Network - Centralize Network Authentication, Authorization, and Auditing (AAA)
- CIS - 12.6 - Protect - Network - Use of Secure Network Management and Communication Protocols
- CIS - 12.7 - Protect - Devices - Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure
- CIS - 12.8 - Protect - Devices - Establish and Maintain Dedicated Computing Resources for All Administrative Work
- CIS - 13.11 - Detect - Network - Tune Security Event Alerting Thresholds
- CIS - 13.1 - Detect - Network - Centralize Security Event Alerting
- CIS - 13.1 - Protect - Network - Perform Application Layer Filtering
- CIS - 13.2 - Detect - Devices - Deploy a Host-Based Intrusion Detection Solution
- CIS - 13.3 - Detect - Network - Deploy a Network Intrusion Detection Solution
- CIS - 13.4 - Protect - Network - Perform Traffic Filtering Between Network Segments
- CIS - 13.5 - Protect - Devices - Manage Access Control for Remote Assets
- CIS - 13.6 - Detect - Network - Collect Network Traffic Flow Logs
- CIS - 13.7 - Protect - Devices - Deploy a Host-Based Intrusion Prevention Solution
- CIS - 13.8 - Protect - Network - Deploy a Network Intrusion Prevention Solution
- CIS - 13.9 - Protect - Devices - Deploy Port-Level Access Control
- CIS - 14.1 - Protect - Establish and Maintain a Security Awareness Program
- CIS - 14.2 - Protect - Train Workforce Members to Recognize Social Engineering Attacks
- CIS - 14.3 - Protect - Train Workforce Members on Authentication Best Practices
- CIS - 14.4 - Protect - Train Workforce on Data Handling Best Practices
- CIS - 14.5 - Protect - Train Workforce Members on Causes of Unintentional Data Exposure
- CIS - 14.6 - Protect - Train Workforce Members on Recognizing and Reporting Security Incidents
- CIS - 14.7 - Protect - Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates
- CIS - 14.8 - Protect - Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
- CIS - 14.9 - Protect - Conduct Role-Specific Security Awareness and Skills Training
- CIS - 15.1 - Identify - Establish and Maintain an Inventory of Service Providers
- CIS - 15.2 - Identify - Establish and Maintain a Service Provider Management Policy
- CIS - 15.3 - Identify - Classify Service Providers
- CIS - 15.4 - Protect - Ensure Service Provider Contracts Include Security Requirements
- CIS - 15.5 - Identify - Assess Service Providers
- CIS - 15.6 - Detect - Data - Monitor Service Providers
- CIS - 15.7 - Protect - Data - Securely Decommission Service Providers
- CIS - 16.11 - Protect - Applications - Leverage Vetted Modules or Services for Application Security Components
- CIS - 16.12 - Protect - Applications - Implement Code-Level Security Checks
- CIS - 16.13 - Protect - Applications - Conduct Application Penetration Testing
- CIS - 16.14 - Protect - Applications - Conduct Threat Modeling
- CIS - 16.1 - Protect - Applications - Apply Secure Design Principles in Application Architectures
- CIS - 16.1 - Protect - Applications - Establish and Maintain a Secure Application Development Process
- CIS - 16.2 - Protect - Applications - Establish and Maintain a Process to Accept and Address Software Vulnerabilities
- CIS - 16.3 - Protect - Applications - Perform Root Cause Analysis on Security Vulnerabilities
- CIS - 16.4 - Protect - Applications - Establish and Manage an Inventory of Third-Party Software Components
- CIS - 16.5 - Protect - Applications - Use Up-to-Date and Trusted Third-Party Software Components
- CIS - 16.6 - Protect - Applications - Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities
- CIS - 16.7 - Protect - Applications - Use Standard Hardening Configuration Templates for Application Infrastructure
- CIS - 16.8 - Protect - Applications - Separate Production and Non-Production Systems
- CIS - 16.9 - Protect - Applications - Train Developers in Application Security Concepts and Secure Coding
- CIS - 17.1 - Respond - Designate Personnel to Manage Incident Handling
- CIS - 17.2 - Respond - Establish and Maintain Contact Information for Reporting Security Incidents
- CIS - 17.3 - Respond - Establish and Maintain an Enterprise Process for Reporting Incidents
- CIS - 17.4 - Respond - Establish and Maintain an Incident Response Process
- CIS - 17.5 - Respond - Assign Key Roles and Responsibilities
- CIS - 17.6 - Respond - Define Mechanisms for Communicating During Incident Response
- CIS - 17.7 - Recover - Conduct Routine Incident Response Exercises
- CIS - 17.8 - Recover - Conduct Post-Incident Reviews
- CIS - 17.9 - Recover - Establish and Maintain Security Incident Thresholds
- CIS - 18.1 - Identify - Establish and Maintain a Penetration Testing Program
- CIS - 18.2 - Identify - Network - Perform Periodic External Penetration Tests
- CIS - 18.3 - Protect - Network - Remediate Penetration Test Findings
- CIS - 18.4 - Protect - Network - Validate Security Measures
- CIS - 18.5 - Identify - Perform Periodic Internal Penetration Tests
- CIS - 2.1 - Identify - Applications - Establish and Maintain a Software Inventory
- CIS - 2.2 - Identify - Applications - Ensure Authorized Software is Currently Supported
- CIS - 2.3 - Respond - Applications - Address Unauthorized Software
- CIS - 2.4 - Detect - Applications - Utilize Automated Software Inventory Tools
- CIS - 2.5 - Protect - Applications - Allowlist Authorized Software
- CIS - 2.6 - Protect - Applications - Allowlist Authorized Libraries
- CIS - 2.7 - Protect - Applications - Allowlist Authorized Scripts
- CIS - 3.11 - Protect - Data - Encrypt Sensitive Data at Rest
- CIS - 3.12 - Protect - Network - Segment Data Processing and Storage Based on Sensitivity
- CIS - 3.13 - Protect - Data - Deploy a Data Loss Prevention Solution
- CIS - 3.14 - Detect - Data - Log Sensitive Data Access
- CIS - 3.1 - Identify - Data - Establish and Maintain a Data Management Process
- CIS - 3.1 - Protect - Data - Encrypt Sensitive Data in Transit
- CIS - 3.2 - Identify - Data - Establish and Maintain a Data Inventory
- CIS - 3.3 - Protect - Data - Configure Data Access Control Lists
- CIS - 3.4 - Protect - Data - Enforce Data Retention
- CIS - 3.5 - Protect - Data - Securely Dispose of Data
- CIS - 3.6 - Protect - Devices - Encrypt Data on End-User Devices
- CIS - 3.7 - Identify - Data - Establish and Maintain a Data Classification Scheme
- CIS - 3.8 - Identify - Data - Document Data Flows
- CIS - 3.9 - Protect - Data - Encrypt Data on Removable Media
- CIS - 4.11 - Protect - Devices - Enforce Remote Wipe Capability on Portable End-User Devices
- CIS - 4.12 - Protect - Devices - Separate Enterprise Workspaces on Mobile End-User Devices
- CIS - 4.1 - Protect - Applications - Establish and Maintain a Secure Configuration Process
- CIS - 4.1 - Respond - Devices - Enforce Automatic Device Lockout on Portable End-User Devices
- CIS - 4.2 - Protect - Network - Establish and Maintain a Secure Configuration Process for Network Infrastructure
- CIS - 4.3 - Protect - Users - Configure Automatic Session Locking on Enterprise Assets
- CIS - 4.4 - Protect - Devices - Implement and Manage a Firewall on Servers
- CIS - 4.5 - Protect - Devices - Implement and Manage a Firewall on End-User Devices
- CIS - 4.6 - Protect - Network - Securely Manage Enterprise Assets and Software
- CIS - 4.7 - Protect - Users - Manage Default Accounts on Enterprise Assets and Software
- CIS - 4.8 - Protect - Devices - Uninstall or Disable Unnecessary Services on Enterprise Assets and Software
- CIS - 4.9 - Protect - Devices - Configure Trusted DNS Servers on Enterprise Assets
- CIS - 5.1 - Identify - Users - Establish and Maintain an Inventory of Accounts
- CIS - 5.2 - Protect - Users - Use Unique Passwords
- CIS - 5.3 - Respond - Users - Disable Dormant Accounts
- CIS - 5.4 - Protect - Users - Restrict Administrator Privileges to Dedicated Administrator Accounts
- CIS - 5.5 - Identify - Users - Establish and Maintain an Inventory of Service Accounts
- CIS - 5.6 - Protect - Users - Centralize Account Management
- CIS - 6.1 - Protect - Users - Establish an Access Granting Process
- CIS - 6.2 - Protect - Users - Establish an Access Revoking Process
- CIS - 6.3 - Protect - Users - Require MFA for Externally-Exposed Applications
- CIS - 6.4 - Protect - Users - Require MFA for Remote Network Access
- CIS - 6.5 - Protect - Users - Require MFA for Administrative Access
- CIS - 6.6 - Identify - Users - Establish and Maintain an Inventory of Authentication and Authorization Systems
- CIS - 6.7 - Protect - Users - Centralize Access Control
- CIS - 6.8 - Protect - Data - Define and Maintain Role-Based Access Control
- CIS - 7.1 - Protect - Applications - Establish and Maintain a Vulnerability Management Process
- CIS - 7.2 - Respond - Applications - Establish and Maintain a Remediation Process
- CIS - 7.3 - Protect - Applications - Perform Automated Operating System Patch Management
- CIS - 7.4 - Protect - Applications - Perform Automated Application Patch Management
- CIS - 7.5 - Identify - Applications - Perform Automated Vulnerability Scans of Internal Enterprise Assets
- CIS - 7.6 - Identify - Applications - Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets
- CIS - 7.7 - Respond - Applications - Remediate Detected Vulnerabilities
- CIS - 8.11 - Detect - Network - Conduct Audit Log Reviews
- CIS - 8.12 - Detect - Data - Collect Service Provider Logs
- CIS - 8.1 - Protect - Network - Establish and Maintain an Audit Log Management Process
- CIS - 8.1 - Protect - Network - Retain Audit Logs
- CIS - 8.2 - Detect - Network - Collect Audit Logs
- CIS - 8.3 - Protect - Network - Ensure Adequate Audit Log Storage
- CIS - 8.4 - Protect - Network - Standardize Time Synchronization
- CIS - 8.5 - Detect - Network - Collect Detailed Audit Logs
- CIS - 8.6 - Detect - Network - Collect DNS Query Audit Logs
- CIS - 8.7 - Detect - Network - Collect URL Request Audit Logs
- CIS - 8.8 - Detect - Devices - Collect Command-Line Audit Logs
- CIS - 8.9 - Detect - Network - Centralize Audit Logs
- CIS - 9.1 - Protect - Applications - Ensure Use of Only Fully Supported Browsers and Email Clients
- CIS - 9.2 - Protect - Network - Use DNS Filtering Services
- CIS - 9.3 - Protect - Network - Maintain and Enforce Network-Based URL Filters
- CIS - 9.4 - Protect - Applications - Restrict Unnecessary or Unauthorized Browser and Email Client Extensions
- CIS - 9.5 - Protect - Network - Implement DMARC
- CIS - 9.6 - Protect - Network - Block Unnecessary File Types
- CIS - 9.7 - Protect - Network - Deploy and Maintain Email Server Anti-Malware Protections
- Cable Modems
- Cash Registers
- Centralized Exchange Account Recovery
- Centralized Exchange Withdrawal Policies
- Chaining Wallets for NFTs
- Change Management
- ChromeOS
- Commercially Available Monitoring Software
- Constituent Authentication
- Constituent Information
- Credit Cards
- Credit Lines
- Crypto Compliance Training
- Cryptocurrency
- Cryptocurrency Attack Blast Radius Risk Management Techniques
- Cryptocurrency Courses and Workshops
- Cryptocurrency Insurance
- Cryptocurrency Investigation Training
- Cryptocurrency News Sources
- Cryptocurrency Technical Support Scam
- Customer Authentication
- Customer Information
- Cyber-Related Fraud, Criminal, or Data Breach Activity
- Cyberbullying Prevention
- DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
- DE.AE-2: Detected events are analyzed to understand attack targets and methods
- DE.AE-3: Event data are collected and correlated from multiple sources and sensors
- DE.AE-4: Impact of events is determined
- DE.AE-5: Incident alert thresholds are established
- DE.CM-1: The network is monitored to detect potential cybersecurity events
- DE.CM-2: The physical environment is monitored to detect potential cybersecurity events
- DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events
- DE.CM-4: Malicious code is detected
- DE.CM-5: Unauthorized mobile code is detected
- DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events
- DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed
- DE.CM-8: Vulnerability scans are performed
- DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability
- DE.DP-2: Detection activities comply with all applicable requirements
- DE.DP-3: Detection processes are tested
- DE.DP-4: Event detection information is communicated
- DE.DP-5: Detection processes are continuously improved
- DEX Best Practices
- Data Minimization
- Debit Cards
- Decentralized Exchange Account Recovery
- Decentralized Exchange Withdrawal Policies
- Different Types of Digital Currency
- Digital Currency Online Forums and Communities
- Digital Currency Security Blogs and Updates
- Donation Card Dip Stations
- Donations
- Donor Authentication
- Donor Information
- Donor Relationships
- Dummy Wallets
- Educating Students on Online Safety
- Employee Identity Verification & Background Checks
- Employee Information
- Encryption Keys
- Ethernet
- Financial Data
- GEN - Vulnerability Management
- Gaming Consoles
- General Ledger
- Geolocation
- Hard Token Passcode Generators
- Hardware Wallet Use
- How to Spot Non-Reputable NFT Projects
- Hubs
- ID.AM-1: Physical devices and systems within the organization are inventoried
- ID.AM-2: Software platforms and applications within the organization are inventoried
- ID.AM-3: Organizational communication and data flows are mapped
- ID.AM-4: External information systems are catalogued
- ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value
- ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
- ID.BE-1: The organization’s role in the supply chain is identified and communicated
- ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated
- ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated
- ID.BE-4: Dependencies and critical functions for delivery of critical services are established
- ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress or attack, during recovery, normal operations)
- ID.GV-1: Organizational cybersecurity policy is established and communicated
- ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
- ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
- ID.GV-4: Governance and risk management processes address cybersecurity risks
- ID.RA-1: Asset vulnerabilities are identified and documented
- ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources
- ID.RA-3: Threats, both internal and external, are identified and documented
- ID.RA-4: Potential business impacts and likelihoods are identified
- ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
- ID.RA-6: Risk responses are identified and prioritized
- ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders
- ID.RM-2: Organizational risk tolerance is determined and clearly expressed
- ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
- ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders
- ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process
- ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.
- ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.
- ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers
- IOS
- Identity as a Service (IDaaS)
- Infrastructure as a Service (IaaS)
- Insider Threat Mitigation
- Insurance & Recovering Losses
- Insurance & Recovering Your Losses
- Intellectual Property
- Intrusion Detection & Prevention Systems (IDPS)
- Kenya
- Laptops & Desktops
- Legal Considerations in Incident Response
- Linux
- Location-based Apps
- Malicious Tokens
- Mobile-Friendly Applications
- Mobile Application Management
- Monitoring
- Monitoring Software
- Monitoring Your Child’s Digital Activities
- Mortgage Accounts
- Multi-Signature Wallet Use
- Online Reputation Management
- Open-Source Monitoring Software
- Open-Source Parental Control Software
- Order Taking Devices
- PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
- PR.AC-2: Physical access to assets is managed and protected
- PR.AC-3: Remote access is managed
- PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
- PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation)
- PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions
- PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)
- PR.AT-1: All users are informed and trained
- PR.AT-2: Privileged users understand their roles and responsibilities
- PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities
- PR.AT-4: Senior executives understand their roles and responsibilities
- PR.AT-5: Physical and cybersecurity personnel understand their roles and responsibilities
- PR.DS-1: Data-at-rest is protected
- PR.DS-2: Data-in-transit is protected
- PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition
- PR.DS-4: Adequate capacity to ensure availability is maintained
- PR.DS-5: Protections against data leaks are implemented
- PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity
- PR.DS-7: The development and testing environment(s) are separate from the production environment
- PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity
- PR.IP-10: Response and recovery plans are tested
- PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
- PR.IP-12: A vulnerability management plan is developed and implemented
- PR.IP-1: A baseline configuration of information technology or industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)
- PR.IP-2: A System Development Life Cycle to manage systems is implemented
- PR.IP-3: Configuration change control processes are in place
- PR.IP-4: Backups of information are conducted, maintained, and tested
- PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met
- PR.IP-6: Data is destroyed according to policy
- PR.IP-7: Protection processes are improved
- PR.IP-8: Effectiveness of protection technologies is shared
- PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
- PR.MA-1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools
- PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access
- PR.PT-1: Audit or log records are determined, documented, implemented, and reviewed in accordance with policy
- PR.PT-2: Removable media is protected and its use restricted according to policy
- PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities
- PR.PT-4: Communications and control networks are protected
- PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations
- Partner Authentication
- Partner Information
- Partner Relationships
- Payment Processors
- Payroll
- Periodic “Know Your Users” Reviews
- Phishing- or Malware-enabled Private Key Harvesting
- Physical Device Security
- Platform as a Service (PaaS)
- Podcasts
- Point-of-Sale (POS) Terminals
- Ponzi Projects
- Procurement Cards
- Protecting Sensitive Student Information
- Protecting You & Your Child's Personal Information
- RC.CO-1: Public relations are managed
- RC.CO-2: Reputation is repaired after an incident
- RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
- RC.IM-1: Recovery plans incorporate lessons learned
- RC.IM-2: Recovery strategies are updated
- RC.RP-1: Recovery plan is executed during or after a cybersecurity incident
- RS.AN-1: Notifications from detection systems are investigated
- RS.AN-2: The impact of the incident is understood
- RS.AN-3: Forensics are performed
- RS.AN-4: Incidents are categorized consistent with response plans
- RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)
- RS.CO-1: Personnel know their roles and order of operations when a response is needed
- RS.CO-2: Incidents are reported consistent with established criteria
- RS.CO-3: Information is shared consistent with response plans
- RS.CO-4: Coordination with stakeholders occurs consistent with response plans
- RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness
- RS.IM-1: Response plans incorporate lessons learned
- RS.IM-2: Response strategies are updated
- RS.MI-1: Incidents are contained
- RS.MI-2: Incidents are mitigated
- RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
- RS.RP-1: Response plan is executed during or after an incident
- Regular Software Updates
- Removing Data from the Internet
- Reporting
- Reporting Cyber-Related Fraud, Criminal, and Data Breach Activity
- Resetting Wallets
- Responsible Online Behavior
- Responsible Social Media Use
- Resynchronizing Wallets
- Role-Based Access Control
- SMS or Text Messaging to Receive Codes
- Safeguarding Online Reputation
- Search Engines & Browsers
- Secure Transaction Best Practices
- Secured Loans
- Securing Digital Curriculum Materials
- Security Awareness Testing
- Security Cameras
- Security Patch Application
- Security Questions
- Send me your (JSON File - Private Key - Mnemonic Passphrase)
- Service Providers
- Smart Contract Wallet Use
- Smart TVs
- Social Media & Applications
- Software Passcode Generators
- Software as a Service (SaaS)
- South Africa
- Supplier Authentication
- Supplier Information
- Supplier Relationships
- USB Flash Drives
- Unsecured Loans
- Utilities
- Volunteer Authentication
- Volunteer Information
- Volunteer Relationships
- Wallet Mnemonic Seed Phrase Protection (Storage - Retrieval - Use)
- Wallet Private Key Protection (Storage - Retrieval - Use)
- Watch-Only Wallet
- What are Cryptocurrency Exchanges?
- What are Digital Wallets?
- What is Digital Currency?
- What is a Private Key?
- What is a Rug-Pull?
- CIS Controls - v8.0
- NIST CSF v1.1