Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...James W. De Rienzo
This document maps the controls from the Council on CyberSecurity's Critical Security Controls version 5.0 to controls in the US National Institute of Standards and Technology Special Publication 800-53 Revision 4. It contains 203 entries that map a CSC control to the corresponding NIST SP 800-53 control. The purpose is to help organizations understand how the CSC framework maps to the NIST cybersecurity framework.
The document discusses IPv6 network monitoring using SNMP and MIBs. It describes setting up an IPv6 network including enabling routing, DNS, and DHCP. It then covers SNMP/MIBs for IPv6, identifying relevant MIBs like IP-MIB and IPv6-MIB and the traffic parameters they contain. Finally, it shows examples of retrieving IPv6 traffic statistics from Cisco routers using various MIBs.
Compare cisco asa 5505, asa 5512 x and asa 5515-xIT Tech
The document compares the Cisco ASA 5505, ASA 5512-X, and ASA 5515-X firewall appliances. It provides a detailed feature comparison table listing the specifications of each appliance, including throughput, VPN and user support, interfaces, memory, and other hardware specifications. The ASA 5512-X and 5515-X models support more users, connections, VPN peers and have higher throughput compared to the 5505 as they are designed for small offices and branch locations. The document aims to help users choose between the ASA 5500 Series and next-generation ASA 5500-X models.
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxstilliegeorgiana
Project #3: IT Security Controls Baseline for Red Clay Renovations
To ensure compatibility with existing policy and documentation, Red Clay Renovations’ IT Security policies, plans, and procedures will continue to use the following security control classes (management, operational, technical), as defined in NIST SP 800-53 rev 3 (p. 6).
Security Controls Baseline
Red Clay Renovations Security Controls Baseline shall include the security controls listed below. Security control definitions and implementation guidance shall be obtained from the most recent version of NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations.
1. AC: Access Controls (Technical Controls Category)
AC-1
Access Control Policy and Procedures
AC-1
AC-2
Account Management
AC-2 (1) (2) (3) (4)
AC-3
Access Enforcement
AC-3
AC-4
Information Flow Enforcement
AC-4
AC-5
Separation of Duties
AC-5
AC-6
Least Privilege
AC-6 (1) (2) (5) (9) (10)
AC-7
Unsuccessful Logon Attempts
AC-7
AC-8
System Use Notification
AC-8
AC-11
Session Lock
AC-11 (1)
AC-12
Session Termination
AC-12
AC-14
Permitted Actions without Identification or Authentication
AC-14
AC-17
Remote Access
AC-17 (1) (2) (3) (4)
AC-18
Wireless Access
AC-18 (1)
AC-19
Access Control for Mobile Devices
AC-19 (5)
AC-20
Use of External Information Systems
AC-20 (1) (2)
AC-21
Information Sharing
AC-21
AC-22
Publicly Accessible Content
AC-22
2. AT: Awareness and Training (Operational Controls Category)
AT-1
Security Awareness and Training Policy and Procedures
AT-1
AT-2
Security Awareness Training
AT-2 (2)
AT-3
Role-Based Security Training
AT-3
AT-4
Security Training Records
AT-4
3. AU: Audit and Accountability (Technical Controls Category)
AU-1
Audit and Accountability Policy and Procedures
AU-1
AU-2
Audit Events
AU-2 (3)
AU-3
Content of Audit Records
AU-3 (1)
AU-4
Audit Storage Capacity
AU-4
AU-5
Response to Audit Processing Failures
AU-5
AU-6
Audit Review, Analysis, and Reporting
AU-6 (1) (3)
AU-7
Audit Reduction and Report Generation
AU-7 (1)
AU-8
Time Stamps
AU-8 (1)
AU-9
Protection of Audit Information
AU-9 (4)
AU-10
Non-repudiation
Not Selected
AU-11
Audit Record Retention
AU-11
AU-12
Audit Generation
AU-12
4. CA: Security Assessment and Authorization (Management Controls Category)
CA-1
Security Assessment and Authorization Policies and Procedures
CA-1
CA-2
Security Assessments
CA-2 (1)
CA-3
System Interconnections
CA-3 (5)
CA-5
Plan of Action and Milestones
CA-5
CA-6
Security Authorization
CA-6
CA-7
Continuous Monitoring
CA-7 (1)
CA-9
Internal System Connections
CA-9
5. CM: Configuration Management (Operational Controls Category)
CM-1
Configuration Management Policy and Procedures
CM-1
CM-2
Baseline Configuration
CM-2 (1) (3) (7)
CM-3
Configuration Change Control
CM-3 (2)
CM-4
Security Impact Analysis
CM-4
CM-5
Access Restrictions fo ...
This document is a verification manual for STAAD.Pro V8i (SELECTseries 5). It contains 18 sections with over 150 verification examples of static and dynamic analysis of trusses, beams, frames, plates, solids, and steel/concrete design. Each example contains the modeling details, a comparison of results against hand calculations or other software, and the STAAD input/output files. The overall purpose is to demonstrate the accuracy of STAAD.Pro's solutions for various structural analysis and design scenarios.
The document describes a Cisco Live 2014 presentation on advanced troubleshooting of Cisco Nexus 7000 series switches. It includes an agenda that covers system, data plane, and control plane troubleshooting over 120 minutes. It also discusses strategies, tools, and techniques for troubleshooting these different areas. Some key tools highlighted include show commands, scripts like SystemCheck, packet capture with ELAME, and analyzing logs. The presentation provides guidance on approaches for each troubleshooting area and highlights the extensive logging capabilities of NX-OS.
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...James W. De Rienzo
This document maps the controls from the Council on CyberSecurity's Critical Security Controls version 5.0 to controls in the US National Institute of Standards and Technology Special Publication 800-53 Revision 4. It contains 203 entries that map a CSC control to the corresponding NIST SP 800-53 control. The purpose is to help organizations understand how the CSC framework maps to the NIST cybersecurity framework.
The document discusses IPv6 network monitoring using SNMP and MIBs. It describes setting up an IPv6 network including enabling routing, DNS, and DHCP. It then covers SNMP/MIBs for IPv6, identifying relevant MIBs like IP-MIB and IPv6-MIB and the traffic parameters they contain. Finally, it shows examples of retrieving IPv6 traffic statistics from Cisco routers using various MIBs.
Compare cisco asa 5505, asa 5512 x and asa 5515-xIT Tech
The document compares the Cisco ASA 5505, ASA 5512-X, and ASA 5515-X firewall appliances. It provides a detailed feature comparison table listing the specifications of each appliance, including throughput, VPN and user support, interfaces, memory, and other hardware specifications. The ASA 5512-X and 5515-X models support more users, connections, VPN peers and have higher throughput compared to the 5505 as they are designed for small offices and branch locations. The document aims to help users choose between the ASA 5500 Series and next-generation ASA 5500-X models.
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxstilliegeorgiana
Project #3: IT Security Controls Baseline for Red Clay Renovations
To ensure compatibility with existing policy and documentation, Red Clay Renovations’ IT Security policies, plans, and procedures will continue to use the following security control classes (management, operational, technical), as defined in NIST SP 800-53 rev 3 (p. 6).
Security Controls Baseline
Red Clay Renovations Security Controls Baseline shall include the security controls listed below. Security control definitions and implementation guidance shall be obtained from the most recent version of NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations.
1. AC: Access Controls (Technical Controls Category)
AC-1
Access Control Policy and Procedures
AC-1
AC-2
Account Management
AC-2 (1) (2) (3) (4)
AC-3
Access Enforcement
AC-3
AC-4
Information Flow Enforcement
AC-4
AC-5
Separation of Duties
AC-5
AC-6
Least Privilege
AC-6 (1) (2) (5) (9) (10)
AC-7
Unsuccessful Logon Attempts
AC-7
AC-8
System Use Notification
AC-8
AC-11
Session Lock
AC-11 (1)
AC-12
Session Termination
AC-12
AC-14
Permitted Actions without Identification or Authentication
AC-14
AC-17
Remote Access
AC-17 (1) (2) (3) (4)
AC-18
Wireless Access
AC-18 (1)
AC-19
Access Control for Mobile Devices
AC-19 (5)
AC-20
Use of External Information Systems
AC-20 (1) (2)
AC-21
Information Sharing
AC-21
AC-22
Publicly Accessible Content
AC-22
2. AT: Awareness and Training (Operational Controls Category)
AT-1
Security Awareness and Training Policy and Procedures
AT-1
AT-2
Security Awareness Training
AT-2 (2)
AT-3
Role-Based Security Training
AT-3
AT-4
Security Training Records
AT-4
3. AU: Audit and Accountability (Technical Controls Category)
AU-1
Audit and Accountability Policy and Procedures
AU-1
AU-2
Audit Events
AU-2 (3)
AU-3
Content of Audit Records
AU-3 (1)
AU-4
Audit Storage Capacity
AU-4
AU-5
Response to Audit Processing Failures
AU-5
AU-6
Audit Review, Analysis, and Reporting
AU-6 (1) (3)
AU-7
Audit Reduction and Report Generation
AU-7 (1)
AU-8
Time Stamps
AU-8 (1)
AU-9
Protection of Audit Information
AU-9 (4)
AU-10
Non-repudiation
Not Selected
AU-11
Audit Record Retention
AU-11
AU-12
Audit Generation
AU-12
4. CA: Security Assessment and Authorization (Management Controls Category)
CA-1
Security Assessment and Authorization Policies and Procedures
CA-1
CA-2
Security Assessments
CA-2 (1)
CA-3
System Interconnections
CA-3 (5)
CA-5
Plan of Action and Milestones
CA-5
CA-6
Security Authorization
CA-6
CA-7
Continuous Monitoring
CA-7 (1)
CA-9
Internal System Connections
CA-9
5. CM: Configuration Management (Operational Controls Category)
CM-1
Configuration Management Policy and Procedures
CM-1
CM-2
Baseline Configuration
CM-2 (1) (3) (7)
CM-3
Configuration Change Control
CM-3 (2)
CM-4
Security Impact Analysis
CM-4
CM-5
Access Restrictions fo ...
This document is a verification manual for STAAD.Pro V8i (SELECTseries 5). It contains 18 sections with over 150 verification examples of static and dynamic analysis of trusses, beams, frames, plates, solids, and steel/concrete design. Each example contains the modeling details, a comparison of results against hand calculations or other software, and the STAAD input/output files. The overall purpose is to demonstrate the accuracy of STAAD.Pro's solutions for various structural analysis and design scenarios.
The document describes a Cisco Live 2014 presentation on advanced troubleshooting of Cisco Nexus 7000 series switches. It includes an agenda that covers system, data plane, and control plane troubleshooting over 120 minutes. It also discusses strategies, tools, and techniques for troubleshooting these different areas. Some key tools highlighted include show commands, scripts like SystemCheck, packet capture with ELAME, and analyzing logs. The presentation provides guidance on approaches for each troubleshooting area and highlights the extensive logging capabilities of NX-OS.
Abstract: Iterative stencils represent the core computational kernel of many applications belonging to different domains, from scientific computing to finance. Given the complex dependencies and the low computation to memory access ratio, this kernels represent a challenging acceleration target on every architecture. This is especially true for FPGAs, whose direct hardware execution offers the possibility for high performance and power efficiency, but where the non-fixed architecture can lead to very large solutions spaces to be explored.
In this work, we build upon an FPGA-based acceleration methodology for iterative stencil algorithms previously presented, where we provide a dataflow architectural template that implements optimal on-chip buffering and is able to increase almost linearly in performance using a scaling technique denoted as iterations queuing. In particular, we propose a set of design improvements and we elaborate an accurate analytical performance model that can be used to support the exploration of the design space. Experimental results obtained implementing a set of benchmarks from different application domains on a Xilinx VC707 board show an average performance and power efficiency increase over the previous work of respectively around 22x and 8x, and a prediction error that is on average less than 1%.
NIST NVD REV 4 Security Controls Online Database AnalysisJames W. De Rienzo
This document provides an analysis of NIST NVD 800 Rev4 data across 256 security controls. It shows the distribution of controls by priority level, with over 47% rated P1. It also includes counts of controls, enhancements, and control families. For each control, it lists the identifier, priority, baseline requirements, and enhanced requirements with associated enhancement identifiers.
IRJET- UART Testing under Built-In-Self-Test(BIST) using Verilog on FPGAIRJET Journal
This document discusses testing of a UART (Universal Asynchronous Receiver/Transmitter) chip using Built-In Self-Test (BIST) and implemented with Verilog on an FPGA. It proposes a BIST-enabled UART architecture that uses a linear feedback shift register (LFSR) as the test pattern generator and a multiple input shift register (MISR) as the response analyzer. The goal is to provide high test coverage with low hardware overhead. Key aspects of BIST and how it can test chips through embedded self-testing circuits like LFSRs and MISRs are described. The paper also discusses implementing and testing the proposed BIST-enabled UART design using Verilog on an FPGA to
This document is a cover sheet and block diagram for the Gigabyte Z390 DESIGNARE motherboard. It includes the document title, number, revision, and date. The block diagram shows the main components and connections of the motherboard, including the Intel LGA1151 CPU, Intel Z390 PCH chipset, DDR4 memory channels, M.2 slots, SATA ports, PCIe slots, front panel I/O, and audio circuitry. Revisions to the board design and components are also documented.
Mechanical Design and Analysis of Star SensorIRJET Journal
This document discusses the mechanical design and analysis of a star sensor. It begins with an introduction to star sensors and their basic working principle. It then describes the CAD model created for the star sensor assembly in NX 8.5 based on design specifications. A finite element model is developed and modal, static, and dynamic analyses are performed to evaluate the sensor's response to loading conditions and ensure it meets performance requirements. The analyses show the assembly has sufficient strength and stiffness under expected launch loads and vibrations.
Prepared for U.S.-Japan Health IT Expert Meeting at the American Chamber of Commerce in Japan: Speakers including Doug Fridsma (Chief Science Officer and Director, Office of Science and Technology, Office of the National Coordinator for HIT, HHS, USG), Eiji Sasahara (Board Member, Cloud Security Alliance - Japan Chapter), Steven Yeo (General Manager, HIMSS Analytics Asia Pacific & Middle East, Vice President & Executive Director, HIMSS Asia Pacific), Theresa Cullen (Acting Deputy Director, Department of Defense / Veterans Affairs Interagency Program Office, USG)
The document discusses the draft USG IPv6 V1.0 Profile, which provides requirements for IPv6-capable systems in the US government. It addresses topics like the profile's scope and relationship to other efforts. It also identifies several issues that may be of interest to the SAAG group, such as IPsec algorithms and requirements, privacy addresses, and developing a testing program. Stakeholders are encouraged to provide comments on the draft profile.
Weka Hertz Clock Based Weka Bits Per Second P.R.B.S Data Array Encryption A.S...theijes
The Aim is to Implementation of Weka Hertz Clock P.R.B.S Data Frame Array Encryption Soft H.D.L A.S.I.C I.P Core Architecture Design using Serial to Parallel Data Array Encoder for Parallel Distributed Array Data Computing System based Ultra High Speed Wireless System Software Applications and Products – A.S.I.C Data Serializer-De-Serializer, cloud, cluster, grid, WI-FI,GI-FI Internet computing, 3G,4G,5G Wireless System Software Products and Applications. This Design Architecture contains P.R.B.S Data Frame Registers of 32/64 bit Length, 8 Serial to Parallel Data Encoder Arrays and Weka Clock Frequency Baud Rate Generator /Oscillator and Coding Done by V.H.D.L and Verilog H.D.L Software. Design Implementation Done by Xilinx ISE 9.2i Software I.D.E and Altera Quartus II MODELSIM Simulation Tool. Programming and Debugging Done by Xilinx F.P.G.A Development Kit Xilinx XC 3S 200 TQ 144 F.P.G.A Chip. Design Implementation done through SPARTAN III F.P.G.A.
Delivering Supermicro Software Defined Storage Solutions with OSNexus QuantaStorRebekah Rodriguez
With security and cost concerns at an all-time high, organizations are searching for solutions to lower labor costs and keep their data safe from threats. Supermicro and OSNexus partner to bring a solution to you with a single point of management for file, block, and object storage, along with cutting-edge security features and certifications for regulated industries.
What is in All of Those SSTable Files Not Just the Data One but All the Rest ...DataStax
Have you ever wondered what is in all of those SSTable files and how it helps Cassandra find and manage your data? If you go to the Datastax website they will give you a high level explanation of what is in each file. In this talk we will go much deeper explaining each file and walking through a dump of its contents. We will also explore the differences between Cassandra 2.1 and 3.4.
About the Speaker
John Schulz Prinicipal Consultant, The Pythian Group
John has 40 of years experience working with data. Data in files and in Databases from flat files through ISAM to relational databases and most recently NoSQL. For the last 15 he's worked on a variety of Open source technologies including MySQL, PostgreSQL, Cassandra, Riak, Hadoop and Hbase. He has been working with Cassandra since 2010. For the last eighteen months he has been working for The Pythian Group to help their customers improve their existing databases and select new ones.
This document evaluates hardware platforms and path replanning strategies for emergency landing of unmanned aerial vehicles (UAVs). It compares the performance of greedy heuristic, genetic algorithm, and ensemble methods on personal computer and embedded computer hardware when responding to critical situations like motor or battery failure. The genetic algorithm and ensemble genetic algorithm-genetic algorithm method achieved the best results overall, finding near optimal emergency routes. Testing was done in simulation and with a real UAV to validate the approaches.
Using Dynamic Statement Cache in DB2 9.1 for z/OsCésar Buzzo
Using the table DSN_STATEMENT_CACHE_TABLE can be of valuable help when trying to diagnose performance problems in DB2 for z/Os.
A brief guide to start using it and a general description of how it works.
Deblocking Filter for Reduction of Blocking Artifacts in VideoIRJET Journal
This document presents a proposed deblocking filter algorithm to reduce blocking artifacts in video compressed with block-based coding standards like H.264/AVC. Blocking artifacts occur at block boundaries due to operations like transformation and quantization being done independently on each block. The proposed algorithm classifies regions as smooth, complex or intermediate based on pixel differences across block boundaries. It then applies different types of filtering - strong for smooth, weak for complex, and intermediate filtering for other regions. Test results on standard video sequences show the proposed algorithm improves PSNR and SSIM metrics over previous filtering methods, reducing blocking artifacts and improving subjective video quality.
Descriptive analytics in r programming languageAshwini Mathur
The document discusses experiments involving R programming code and analysis of built-in data sets. It includes questions about manipulating gender data, evaluating mathematical expressions, creating a data frame, generating Fibonacci sequences with different starting values, analyzing solar radiation data through plotting and statistics, and using the built-in mtcars data set to explore plotting options in ggplot2. Code solutions are provided for each question to demonstrate the requested data manipulations and analyses.
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxmydrynan
CSIA 413: Cybersecurity Policy, Plans, and Programs
June 2, 2019
Executive Summary
The Red Clay Renovations Employee Handbook is to give general rules about its strategies. The Employee Handbook will fill in as a guide for workers to get comfortable with Red Clay Renovations strategies for "Acceptable Use Policy for Information Technology", "Bring Your Own Device Policy " and "Digital Media Sanitization, Reuse, and Destruction Policy". Red Clay Renovations maintains whatever authority is needed to adjust the Employee Handbook to best suit the organization whenever with no earlier warning to its representatives.
Red Clay Renovations "Acceptable Use Policy for Information Technology" will characterize in subtleties what Acceptable Use is and what it's most certainly not. Every Employee will get his/her duty of the framework accounts, processing resources, organize utilization and will sign and consent to the approach before access is conceded to the system.
Red Clay Renovations "Bring Your Own Device Policy or BYOD" will name every one of the gadgets that are satisfactory as BYOD and the administration of the use of such gadgets. Every worker's gadgets must satisfy the arrangement guideline before actualizing the gadgets into Red Clay Renovation Company.
Red Clay Renovations "Digital Media Sanitization, Reuse, and Destruction Policy" will ensure that any worker of Red Clay Renovation who marked for the BYOD approach has/should sign this arrangement also. Workers need to comprehend the techniques the organization will use to clean off the BYOD.
Acceptable Use Policy
Introduction
This Acceptable Use Policy is for all Red Clay Renovation workers and supplants every single past version. All workers are liable to the terms and states of the Policy. The approach will build up satisfactory and inadmissible utilization of defending the security of information, secure and ensure PC and PCs, the use of system condition and servers, the utilization of electronic correspondences. Additionally Red Clay Renovation gathers, keeps up, and stores individual data to incorporate Mastercard’s, credit checks, building plans and illustrations, customers restorative and wellbeing information.
Red Clay Renovation must be in consistence with the accompanying: HIPPA Privacy and Security Rule, Freedom of Information Act (FOIA), PCI DSS, Privacy Act of 1977, Building Codes and Regulations. It is to the greatest advantage of the organization for all workers to comprehend the Acceptable Use Policy to settle on trustworthy choices before participating in inadmissible utilization of the approach. Any offense with the Acceptable Use Policy could conceivably cause Red Clay Renovation considerable loss of its business and its notorieties. On the off chance that any worker needs more data with this arrangement, they can reach out to the IT department directly.
Policy Content
Utilization of IT Systems
Red Clay Renovation possesses the property rights to all informati.
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docxmydrynan
CSIS 100
CSIS 100 - Discussion Board Topic #1:
One of the objectives of this course is to enable students to differentiate between the disciplines of Information Systems, Information Technology, and Computer Science. Oftentimes, these areas overlap and are difficult to distinguish – even among professionals within the industries.
There are some distinctions that become evident, but all too frequently, people do not understand these distinctions until they are already deep within their programs of study. Consequently, many decide that it is too late to pursue a different avenue in the computing world without losing valuable time and money spent on courses that may or may not apply to a different major.
Given the importance of achieving effective planning from the beginning, your first assignment in this course is to delve into the broad areas of Information Systems, Information Technology, and Computer Science and write about your career choice in a discussion board post. This should be your thought process:
· First, define each field (i.e. IS, IT, CS). Understand the similarities and differences.
· Second, determine what jobs are available in each area.
· Third, look at the degree completion plans for each of these programs.
· Fourth, assess your own skills (e.g. Are you good in math? Do you like business? Do you like algorithms? Are you gifted at problem-solving? Do you like learning about new technology? Do you enjoy working hands-on with equipment/hardware/wires?)
· Fifth, (and most importantly) ask God what He wants you to pursue based on your talents, interests, and abilities.
· Sixth, based on your analysis above, what career do you hope to obtain after graduation, and what degree will you pursue to achieve this goal?
To facilitate your research, there are four videos in your Reading & Study folder that will help you understand the differences between the computing fields and become familiar with the job opportunities in each area. Be sure to view these videos first.
The LU Registrar’s home page has information on degree completion plans. Here is a link to all of the currently available ones in the university:
http://www.liberty.edu/academics/registrar/index.cfm?PID=2981
Be sure to look at all of the ones listed for Information Systems and Information Technology. At the time of this writing, Computer Science is only listed under residential degree plans. That does not mean that you should rule out Computer Science as a potential major. You must consider all options and listen to God’s calling upon your life. With God, all things are possible.
Discussion Board Deliverables
Main Post:
In a minimum of 300 words, create a thread in Module 1’s discussion board forum that describes the following:
1. Your desired career upon graduation
2. Why you chose this career
3. Your intended major
4. Your strengths, weaknesses, and interests
5. How the major supports your chosen career
6. How God has led you to reach your decision
7. A Bib.
More Related Content
Similar to CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
Abstract: Iterative stencils represent the core computational kernel of many applications belonging to different domains, from scientific computing to finance. Given the complex dependencies and the low computation to memory access ratio, this kernels represent a challenging acceleration target on every architecture. This is especially true for FPGAs, whose direct hardware execution offers the possibility for high performance and power efficiency, but where the non-fixed architecture can lead to very large solutions spaces to be explored.
In this work, we build upon an FPGA-based acceleration methodology for iterative stencil algorithms previously presented, where we provide a dataflow architectural template that implements optimal on-chip buffering and is able to increase almost linearly in performance using a scaling technique denoted as iterations queuing. In particular, we propose a set of design improvements and we elaborate an accurate analytical performance model that can be used to support the exploration of the design space. Experimental results obtained implementing a set of benchmarks from different application domains on a Xilinx VC707 board show an average performance and power efficiency increase over the previous work of respectively around 22x and 8x, and a prediction error that is on average less than 1%.
NIST NVD REV 4 Security Controls Online Database AnalysisJames W. De Rienzo
This document provides an analysis of NIST NVD 800 Rev4 data across 256 security controls. It shows the distribution of controls by priority level, with over 47% rated P1. It also includes counts of controls, enhancements, and control families. For each control, it lists the identifier, priority, baseline requirements, and enhanced requirements with associated enhancement identifiers.
IRJET- UART Testing under Built-In-Self-Test(BIST) using Verilog on FPGAIRJET Journal
This document discusses testing of a UART (Universal Asynchronous Receiver/Transmitter) chip using Built-In Self-Test (BIST) and implemented with Verilog on an FPGA. It proposes a BIST-enabled UART architecture that uses a linear feedback shift register (LFSR) as the test pattern generator and a multiple input shift register (MISR) as the response analyzer. The goal is to provide high test coverage with low hardware overhead. Key aspects of BIST and how it can test chips through embedded self-testing circuits like LFSRs and MISRs are described. The paper also discusses implementing and testing the proposed BIST-enabled UART design using Verilog on an FPGA to
This document is a cover sheet and block diagram for the Gigabyte Z390 DESIGNARE motherboard. It includes the document title, number, revision, and date. The block diagram shows the main components and connections of the motherboard, including the Intel LGA1151 CPU, Intel Z390 PCH chipset, DDR4 memory channels, M.2 slots, SATA ports, PCIe slots, front panel I/O, and audio circuitry. Revisions to the board design and components are also documented.
Mechanical Design and Analysis of Star SensorIRJET Journal
This document discusses the mechanical design and analysis of a star sensor. It begins with an introduction to star sensors and their basic working principle. It then describes the CAD model created for the star sensor assembly in NX 8.5 based on design specifications. A finite element model is developed and modal, static, and dynamic analyses are performed to evaluate the sensor's response to loading conditions and ensure it meets performance requirements. The analyses show the assembly has sufficient strength and stiffness under expected launch loads and vibrations.
Prepared for U.S.-Japan Health IT Expert Meeting at the American Chamber of Commerce in Japan: Speakers including Doug Fridsma (Chief Science Officer and Director, Office of Science and Technology, Office of the National Coordinator for HIT, HHS, USG), Eiji Sasahara (Board Member, Cloud Security Alliance - Japan Chapter), Steven Yeo (General Manager, HIMSS Analytics Asia Pacific & Middle East, Vice President & Executive Director, HIMSS Asia Pacific), Theresa Cullen (Acting Deputy Director, Department of Defense / Veterans Affairs Interagency Program Office, USG)
The document discusses the draft USG IPv6 V1.0 Profile, which provides requirements for IPv6-capable systems in the US government. It addresses topics like the profile's scope and relationship to other efforts. It also identifies several issues that may be of interest to the SAAG group, such as IPsec algorithms and requirements, privacy addresses, and developing a testing program. Stakeholders are encouraged to provide comments on the draft profile.
Weka Hertz Clock Based Weka Bits Per Second P.R.B.S Data Array Encryption A.S...theijes
The Aim is to Implementation of Weka Hertz Clock P.R.B.S Data Frame Array Encryption Soft H.D.L A.S.I.C I.P Core Architecture Design using Serial to Parallel Data Array Encoder for Parallel Distributed Array Data Computing System based Ultra High Speed Wireless System Software Applications and Products – A.S.I.C Data Serializer-De-Serializer, cloud, cluster, grid, WI-FI,GI-FI Internet computing, 3G,4G,5G Wireless System Software Products and Applications. This Design Architecture contains P.R.B.S Data Frame Registers of 32/64 bit Length, 8 Serial to Parallel Data Encoder Arrays and Weka Clock Frequency Baud Rate Generator /Oscillator and Coding Done by V.H.D.L and Verilog H.D.L Software. Design Implementation Done by Xilinx ISE 9.2i Software I.D.E and Altera Quartus II MODELSIM Simulation Tool. Programming and Debugging Done by Xilinx F.P.G.A Development Kit Xilinx XC 3S 200 TQ 144 F.P.G.A Chip. Design Implementation done through SPARTAN III F.P.G.A.
Delivering Supermicro Software Defined Storage Solutions with OSNexus QuantaStorRebekah Rodriguez
With security and cost concerns at an all-time high, organizations are searching for solutions to lower labor costs and keep their data safe from threats. Supermicro and OSNexus partner to bring a solution to you with a single point of management for file, block, and object storage, along with cutting-edge security features and certifications for regulated industries.
What is in All of Those SSTable Files Not Just the Data One but All the Rest ...DataStax
Have you ever wondered what is in all of those SSTable files and how it helps Cassandra find and manage your data? If you go to the Datastax website they will give you a high level explanation of what is in each file. In this talk we will go much deeper explaining each file and walking through a dump of its contents. We will also explore the differences between Cassandra 2.1 and 3.4.
About the Speaker
John Schulz Prinicipal Consultant, The Pythian Group
John has 40 of years experience working with data. Data in files and in Databases from flat files through ISAM to relational databases and most recently NoSQL. For the last 15 he's worked on a variety of Open source technologies including MySQL, PostgreSQL, Cassandra, Riak, Hadoop and Hbase. He has been working with Cassandra since 2010. For the last eighteen months he has been working for The Pythian Group to help their customers improve their existing databases and select new ones.
This document evaluates hardware platforms and path replanning strategies for emergency landing of unmanned aerial vehicles (UAVs). It compares the performance of greedy heuristic, genetic algorithm, and ensemble methods on personal computer and embedded computer hardware when responding to critical situations like motor or battery failure. The genetic algorithm and ensemble genetic algorithm-genetic algorithm method achieved the best results overall, finding near optimal emergency routes. Testing was done in simulation and with a real UAV to validate the approaches.
Using Dynamic Statement Cache in DB2 9.1 for z/OsCésar Buzzo
Using the table DSN_STATEMENT_CACHE_TABLE can be of valuable help when trying to diagnose performance problems in DB2 for z/Os.
A brief guide to start using it and a general description of how it works.
Deblocking Filter for Reduction of Blocking Artifacts in VideoIRJET Journal
This document presents a proposed deblocking filter algorithm to reduce blocking artifacts in video compressed with block-based coding standards like H.264/AVC. Blocking artifacts occur at block boundaries due to operations like transformation and quantization being done independently on each block. The proposed algorithm classifies regions as smooth, complex or intermediate based on pixel differences across block boundaries. It then applies different types of filtering - strong for smooth, weak for complex, and intermediate filtering for other regions. Test results on standard video sequences show the proposed algorithm improves PSNR and SSIM metrics over previous filtering methods, reducing blocking artifacts and improving subjective video quality.
Descriptive analytics in r programming languageAshwini Mathur
The document discusses experiments involving R programming code and analysis of built-in data sets. It includes questions about manipulating gender data, evaluating mathematical expressions, creating a data frame, generating Fibonacci sequences with different starting values, analyzing solar radiation data through plotting and statistics, and using the built-in mtcars data set to explore plotting options in ggplot2. Code solutions are provided for each question to demonstrate the requested data manipulations and analyses.
Similar to CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx (20)
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxmydrynan
CSIA 413: Cybersecurity Policy, Plans, and Programs
June 2, 2019
Executive Summary
The Red Clay Renovations Employee Handbook is to give general rules about its strategies. The Employee Handbook will fill in as a guide for workers to get comfortable with Red Clay Renovations strategies for "Acceptable Use Policy for Information Technology", "Bring Your Own Device Policy " and "Digital Media Sanitization, Reuse, and Destruction Policy". Red Clay Renovations maintains whatever authority is needed to adjust the Employee Handbook to best suit the organization whenever with no earlier warning to its representatives.
Red Clay Renovations "Acceptable Use Policy for Information Technology" will characterize in subtleties what Acceptable Use is and what it's most certainly not. Every Employee will get his/her duty of the framework accounts, processing resources, organize utilization and will sign and consent to the approach before access is conceded to the system.
Red Clay Renovations "Bring Your Own Device Policy or BYOD" will name every one of the gadgets that are satisfactory as BYOD and the administration of the use of such gadgets. Every worker's gadgets must satisfy the arrangement guideline before actualizing the gadgets into Red Clay Renovation Company.
Red Clay Renovations "Digital Media Sanitization, Reuse, and Destruction Policy" will ensure that any worker of Red Clay Renovation who marked for the BYOD approach has/should sign this arrangement also. Workers need to comprehend the techniques the organization will use to clean off the BYOD.
Acceptable Use Policy
Introduction
This Acceptable Use Policy is for all Red Clay Renovation workers and supplants every single past version. All workers are liable to the terms and states of the Policy. The approach will build up satisfactory and inadmissible utilization of defending the security of information, secure and ensure PC and PCs, the use of system condition and servers, the utilization of electronic correspondences. Additionally Red Clay Renovation gathers, keeps up, and stores individual data to incorporate Mastercard’s, credit checks, building plans and illustrations, customers restorative and wellbeing information.
Red Clay Renovation must be in consistence with the accompanying: HIPPA Privacy and Security Rule, Freedom of Information Act (FOIA), PCI DSS, Privacy Act of 1977, Building Codes and Regulations. It is to the greatest advantage of the organization for all workers to comprehend the Acceptable Use Policy to settle on trustworthy choices before participating in inadmissible utilization of the approach. Any offense with the Acceptable Use Policy could conceivably cause Red Clay Renovation considerable loss of its business and its notorieties. On the off chance that any worker needs more data with this arrangement, they can reach out to the IT department directly.
Policy Content
Utilization of IT Systems
Red Clay Renovation possesses the property rights to all informati.
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docxmydrynan
CSIS 100
CSIS 100 - Discussion Board Topic #1:
One of the objectives of this course is to enable students to differentiate between the disciplines of Information Systems, Information Technology, and Computer Science. Oftentimes, these areas overlap and are difficult to distinguish – even among professionals within the industries.
There are some distinctions that become evident, but all too frequently, people do not understand these distinctions until they are already deep within their programs of study. Consequently, many decide that it is too late to pursue a different avenue in the computing world without losing valuable time and money spent on courses that may or may not apply to a different major.
Given the importance of achieving effective planning from the beginning, your first assignment in this course is to delve into the broad areas of Information Systems, Information Technology, and Computer Science and write about your career choice in a discussion board post. This should be your thought process:
· First, define each field (i.e. IS, IT, CS). Understand the similarities and differences.
· Second, determine what jobs are available in each area.
· Third, look at the degree completion plans for each of these programs.
· Fourth, assess your own skills (e.g. Are you good in math? Do you like business? Do you like algorithms? Are you gifted at problem-solving? Do you like learning about new technology? Do you enjoy working hands-on with equipment/hardware/wires?)
· Fifth, (and most importantly) ask God what He wants you to pursue based on your talents, interests, and abilities.
· Sixth, based on your analysis above, what career do you hope to obtain after graduation, and what degree will you pursue to achieve this goal?
To facilitate your research, there are four videos in your Reading & Study folder that will help you understand the differences between the computing fields and become familiar with the job opportunities in each area. Be sure to view these videos first.
The LU Registrar’s home page has information on degree completion plans. Here is a link to all of the currently available ones in the university:
http://www.liberty.edu/academics/registrar/index.cfm?PID=2981
Be sure to look at all of the ones listed for Information Systems and Information Technology. At the time of this writing, Computer Science is only listed under residential degree plans. That does not mean that you should rule out Computer Science as a potential major. You must consider all options and listen to God’s calling upon your life. With God, all things are possible.
Discussion Board Deliverables
Main Post:
In a minimum of 300 words, create a thread in Module 1’s discussion board forum that describes the following:
1. Your desired career upon graduation
2. Why you chose this career
3. Your intended major
4. Your strengths, weaknesses, and interests
5. How the major supports your chosen career
6. How God has led you to reach your decision
7. A Bib.
CSI Paper Grading Rubric- (worth a possible 100 points) .docxmydrynan
CSI Paper Grading Rubric- (worth a possible 100 points)
1. INTRODUCTION (10%): Identifies/summarizes the paper’s topic and states an informed
judgment about the topic.
1 2.5 5 7.5 10
DEVELOPING……………………………………................................................................DEVELOPED
Lacks an introduction that takes an overview and that states the
objectives of the paper. A brief statement of the crime and the
criminological theories that can help explain it is absent,
unfocused or very weak.
Begins with a strong introduction that lays out the crime and
its context, as well as theories that can help understand the
circumstances surrounding the crime. Also provides the
sequence of what follows clearly and concisely.
2. RESOURCES (10%): Evidence from scholarly sources and textual sources (minimum of 5 total
sources).
1 2.5 5 7.5 10
DEVELOPING……………………………………………………………………………….DEVELOPED
Lists evidence but doesn’t explain how it does or doesn’t support a
point. Lacks organization or transitions. Does not completely or
correctly identify sources of information through in-text citations
and a works cited reference page.
Provides appropriate and sufficient evidence, smoothly
synthesizes evidence from sources and clearly ties it to the
point being made. Logically organizes ideas. Uses
transitions to connect one idea to the next. Correctly
identifies all sources of information through in-text
citations and a works cited reference page.
3. BODY (50%): Formulates a coherent, logical, and thoughtful sociological analysis of the crime
being investiaged. Addressed all parts of the paper assignment.
10 20 30 40 50
DEVELOPING…………………….………………………………………………………...DEVELOPED
Shows little understanding of sociological concepts and theories
used to explain the crime being investigated. No discussion at all
of any complexities or nuances related to the topic. No integration
of source information.
Identifies the circumstances of the crime with necessary
detail to perform a rigorous sociological analysis of the
crime. Shows strong understanding of the sociological
concepts and theories discussed in the paper (for example,
other perspectives and confounding factors), and discusses
how the source information is relevant.
4. CONCLUSION (10%): Identifies and assesses conclusions and implications of the sociological
analysis of your crime of the semester; sums up the importance/sociological relevance of your paper.
1 2.5 5 7.5 10
DEVELOPING……………………………………………………………………………...DEVELOPED
Only restates verbatim what has already been said. Conclusion is
not related to the support in the paper or new information is
presented. Feels abrupt, unconnected, or changes the focus. Is not
persuasive.
Goes beyond summarizing your main points. Reader feels a
sense of closure in the paper and is persuaded by the
examination of your crime and use of sociological theories
to explain it. No new informati.
CSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docxmydrynan
CSIA 413: Cybersecurity Policy, Plans, and ProgramsProject #4: IT Audit Policy and Plans Company Background & Operating Environment
Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristics. Please refer to the company profile (file posted in Week 1 > Content > CSIA 413 Red Clay Renovations Company Profile.docx) for additional background information and information about the company’s operating environment.Policy Issue & Plan of Action
The corporate board was recently briefed by the Chief Information Officer concerning the company’s IT Security Program and how this program contributes to the company’s risk management strategy. During the briefing, the CIO presented assessment reports and audit findings from IT security audits. These audits focused upon the technical infrastructure and the effectiveness and efficiency of the company’s implementation of security controls. During the discussion period, members of the corporate board asked about audits of policy compliance and assessments as to the degree that employees were (a) aware of IT security policies and (b) complying with these policies. The Chief Information Officer was tasked with providing the following items to the board before its next quarterly meeting:
(a) Issue Specific Policy requiring an annual compliance audit for IT security policies as documented in the company’s Policy System
(b) Audit Plan for assessing employee awareness of and compliance with IT security policies
a. Are employees aware of the IT security policies in the Employee Handbook?
b. Do employees know their responsibilities under those policies?
(c) Audit Plan for assessing the IT security policy system
a. Do required policies exist?
b. Have they been updated within the past year?
c. Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)?
Your Task Assignment
As a staff member supporting the CISO, you have been asked to research this issue (auditing IT security policy compliance) and then prepare an “approval draft” for a compliance policy. You must also research and draft two separate audit plans (a) employee compliance and (b) policy system audit. The audit policy should not exceed two typed pages in length so you will need to be concise in your writing and only include the most important elements for the policy. Make sure that you include a requirement for an assessment report to be provided to company management and the corporate board of directors.
· For the employee compliance assessment, you must use an interview strategy which includes 10 or more multiple choice questions that can be used to construct a web-based survey of all employees. The questions should be split.
CSI 170 Week 3 Assingment
Assignment 1: Cyber Computer Crime
Assignment 1: Cyber Computer Crime
Create a 15-slide presentation in which you:
1. Describe the responsibilities of the National Security Administration (NSA).
2. Identify the four critical needs at the state or local level of law enforcement in order to fight computer crime more effectively.
3. Explain how the U.S. Postal Service assists in the investigation and prosecution of cases involving child pornography.
4. Discuss how and why the Department of Homeland Security (DHS) consolidated so many federal offices.
5. Go to https://research.strayer.edu to locate at least three (3) quality references for this assignment. One of these must have been published within the last year.
4/15/2019 Auden, Musée des Beaux Arts
english.emory.edu/classes/paintings&poems/auden.html 1/1
Musee des Beaux Arts
W. H. Auden
About suffering they were never wrong,
The old Masters: how well they understood
Its human position: how it takes place
While someone else is eating or opening a window or just walking
dully along;
How, when the aged are reverently, passionately waiting
For the miraculous birth, there always must be
Children who did not specially want it to happen, skating
On a pond at the edge of the wood:
They never forgot
That even the dreadful martyrdom must run its course
Anyhow in a corner, some untidy spot
Where the dogs go on with their doggy life and the torturer's horse
Scratches its innocent behind on a tree.
In Breughel's Icarus, for instance: how everything turns away
Quite leisurely from the disaster; the ploughman may
Have heard the splash, the forsaken cry,
But for him it was not an important failure; the sun shone
As it had to on the white legs disappearing into the green
Water, and the expensive delicate ship that must have seen
Something amazing, a boy falling out of the sky,
Had somewhere to get to and sailed calmly on.
Pieter Brueghel, The Fall of Icarus
Oil-tempera, 29 inches x 44 inches.
Museum of Fine Arts, Brussels.
See also:
William Carlos Williams' "Landscape with the Fall of Icarus "
Return to the Poem Index
javascript:openwin('Icarus.jpg',530,330)
http://english.emory.edu/classes/paintings&poems/Williams.html
http://english.emory.edu/classes/paintings&poems/titlepage.html
1. Biographical information on Ibsen—Concluding sentence: Sub-thesis, his play and Nora.
2. Nora’s treatment by her father and Nora’s treatment by her husband Torvald.
3. Nora’s treatment by Krogstad.
4. Nora’s contrast with Christine
INTRO: Females in Conflict
Yet another voice to champion the cause of inequality of the sexes is Henrik Ibsen.
Writing at the end of the nineteenth century in Victorian Norway, his play A Doll House utilizes
the format of a playwright to convey through the use of evolving characters different political and
social messages. When analyzing A Doll House’s protagonist, Nora, her interactions with the
other characters.
CSE422 Section 002 – Computer Networking Fall 2018 Ho.docxmydrynan
CSE422 Section 002 – Computer Networking
Fall 2018
Homework 2 – 50 points
Sockets (10 points)
1. For a client-server application over TCP, why must the server program be executed before the
client program?
2. For a client-server application over UDP, why may the client program be executed before the
server program?
3. The UDP server shown in the course slides needed only one socket, whereas the TCP server
needed two sockets. Why?
4. If the TCP server were to support N simultaneous connections, each from a different client host,
how may sockets would the TCP server need?
5. You are creating an event logging service that will be handling event messages from multiple
remote clients. This service can suffer delays in message delivery and even the loss of some
event messages. Would you implement this using TCP or UDP? Why?
The HTTP GET message (10 Points)
Consider the figure below, where a client is sending an HTTP GET message to a web server,
gaia.cs.umass.edu.
Suppose the client-to-server HTTP GET message is the following:
GET /kurose_ross/interactive/quotation1.htm HTTP/1.1
Host: gaia.cs.umass.edu
Accept: text/plain, text/html, image/gif, image/jpeg, audio/basic,
audio/vnf.wave, video/mp4, video/wmv, application/*, */*
Accept-Language: en-us, en-gb;q=0.5, en;q=0.1, fr, fr-ch, zh, cs
If-Modified-Since: Wed, 10 Jan 2018 13:13:03 -0800
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML,
like Gecko) Chrome/17.0.963.56 Safari/535.11
Answer the following questions:
1. What is the name of the file that is being retrieved in this GET message?
2. What version of HTTP is the client running?
CSE422 Section 002 – Computer Networking
Fall 2018
3. What formats of text, images, audio, and video does the client browser prefer to receive?
[Note: for this and the following questions on browser media and language preferences, you
will need to do a bit of additional reading on the Web. Here is a good place to start.]
4. What do the strings "application/*" and "*/*" signify in the Accept: header?
5. What languages is the browser indicating that it is willing to accept? [Note: you can look at
your own browser preferences to get a listing of language codes.]
6. What is the meaning of the "relative quality factor," q, associated with the various version of
English? [Note: Here is a good place to start. See also [RFC 2616].]
7. What is the client's preferred version of English? What is the browser's least preferred
version of English?
8. Does the browser sending the HTTP message prefer Swiss French over traditional French?
Explain.
9. Does the client already have a (possibly out-of-date) copy of the requested file? Explain. If
so, approximately how long ago did the client receive the file, assuming the GET request has
just been issued?
10. What is the type of client browser and the client's operating system? [Note: To answer this,
you'll need to understan.
CSCI 132 Practical Unix and Programming .docxmydrynan
CSCI
132:
Practical
Unix
and
Programming
Adjunct:
Trami
Dang
Assignment
4
Fall
2018
Assignment 41
This set of exercises will strengthen your ability to write relatively simple shell scripts
using various filters. As always, your goals should be clarity, efficiency, and simplicity. It
has two parts.
1. The background context that was provided in the previous assignment is repeated here
for your convenience. A DNA string is a sequence of the letters a, c, g, and t in any
order, whose length is a multiple of three2. For example, aacgtttgtaaccagaactgt
is a DNA string of length 21. Each sequence of three consecutive letters is called a codon.
For example, in the preceding string, the codons are aac, gtt, tgt, aac, cag, aac,
and tgt.
Your task is to write a script named codonhistogram that expects a file name on the
command line. This file is supposed to be a dna textfile, which means that it contains
only a DNA string with no newline characters or white space characters of any kind; it is
a sequence of the letters a, c, g, and t of length 3n for some n. The script must count the
number of occurrences of every codon in the file, assuming the first codon starts at
position 13, and it must output the number of times each codon occurs in the file, sorted
in order of decreasing frequency. For example, if dnafile is a file containing the dna
string aacgtttgtaaccagaactgt, then the command
codonhistogram dnafile
should produce the following output:
3 aac
2 tgt
1 cag
1 gtt
because there are 3 aac codons, 2 tgt, 1 cag, and 1 gtt. Notice that frequency comes
first, then the codon name.
1
This is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0/.
2
This is really just a simplification to make the assignment easier. In reality, it is not necessarily a
multiple of 3.
3
Tho.
CSCI 714 Software Project Planning and EstimationLec.docxmydrynan
This document provides an overview of work breakdown structures (WBS) and their role in project planning and management. It discusses approaches to developing WBS, basic principles for creating effective WBS, and the purpose of WBS for cost estimating, budgeting, resource planning, and other project functions. Specific topics covered include defining the scope of work, developing a hierarchy of deliverables and tasks, and using a WBS to improve scheduling, tracking, and managing changes to a project.
CSCI 561Research Paper Topic Proposal and Outline Instructions.docxmydrynan
CSCI 561
Research Paper: Topic Proposal and Outline Instructions
The easiest approach for selecting a topic for your paper might be to review the various subject areas covered in the course readings (i.e., search the bibliographies of the textbooks). Although the chosen topic must relate directly to the general subject area of this course, you are not limited to the concepts, techniques, and technologies specifically covered in this course.
Each Topic Outline must include the following 3 items:
1. A brief (at least 3–4 bullets with 1–2 sentences per bullet) overview of the research topics of your paper – you will need to address these in the actual paper. This will be titled “Research Objectives”.
2. A list of at least 3 questions (in a numbered list) you intend your research to ask and hopefully answer. These must be questions that will require you to draw conclusions from your research. These must not be questions to answer your research objectives. This section will be titled “Questions”
3. At least 3 initial research sources, 1 of which is an academic journal or other peer reviewed source. These should match APA formatting of sources.
Example formats for Topic Outlines (an example, not a template):
Research Objectives
· Briefly describe the overall concept of system integration.
· Discuss the traditional approach of big-bang integration including the major advantages and disadvantages of this approach.
· Discuss the traditional approaches of top-down and bottom-up integration and their major advantages and disadvantages.
· Discuss the traditional approach of mixed integration, combining the desirable advantages from the top-down and bottom-up integration approaches.
Questions
1. Why is system integration an important step in the software development process?
2. Why has big-bang integration not survived as a useful testing method?
3. Why have top-down and bottom-up integration not been replaced by more modern methods?
4. Why would you use mixed integration all the time rather than sometimes using top-down and bottom-up integration exclusively?
References
1. Herath, T. , & Rao, H. (2012). Encouraging information security behaviors in the best organizations: Role of penalties, pressures, and potential effectiveness. Descision Support Systems, 47(2), 154-165.
2. Testing Computer Software, 2nd Edition, by Cem Kaner
3. Anderson, R. (2008). Security Engineering: A Guide to Building Dependable Distributed Systems (2nd ed.). Cambridge, MA: Wiley.
During your research, if any substantial changes to your objective(s) are necessary, or a topic change is required, communicate with your instructor via email.
The Policy Research Paper: Topic Proposal and Outline is due by 11:59 p.m. (ET) on Sunday of Module/Week 2.
The Technology Research Paper: Topic Proposal and Outline is due by 11:59 p.m. (ET) on Sunday of Module/Week 5.
Quantitative Reasoning 2 Project
Shawn Cyr
MTH/216
01/16/2019
Mr. Kim
Running head: QUANTITATIVE REASONING 2 PROJEC.
CSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docxmydrynan
This document outlines a rubric for grading student discussion posts and replies in an online course. It evaluates students on content, structure, and integration of biblical worldview. For the original post, students can earn up to 19 points for content and 5 points for structure. For each of two required replies, students can earn up to 8 points for content and 5 points for structure. Higher scores are given for more thorough engagement with course materials, critical analysis, and APA formatting.
CSCE 1040 Homework 2 For this assignment we are going to .docxmydrynan
CSCE 1040 Homework 2
For this assignment we are going to design a system to schedule drivers and
passengers for rides in the Mean Green EagleLift system
For this we will need the following entities, plus collections for each of the
entities: Driver, Passenger and Ride.
The data for a Driver will contain at least the following:
Driver Id (6 digits)
Driver Name (20 characters each for first and last name)
Vehicle Capacity ( integer value for number of passengers)
Handicapped Capable (Boolean)
Vehicle Type (compact 2 dr, sedan 4dr, SUV, Van, other)
Driver Rating (floating point value 0-5)
Available (Boolean)
Pets allowed (Boolean)
Notes (String – could include days and hours of operation, coverage area, etc)
You may add other data needed for your implementation as well as
you will need accessor and mutator functions for the data.
The data for a Passenger will contain at least:
Name (e.g. Fred Smith)
ID number (6 digits e.g. 123456)
Payment preference (cash, credit, debit)
Handicapped (Boolean)
Default rating required (floating point)
Has pets (Boolean)
You may add other data needed for your implementation as well as
you will need accessor and mutator functions for the data.
The data for a Ride (The transaction entity) will contain at least
the following:
Ride ID (8 digit value auto assigned)
Pickup location (string)
Pickup Time (Time value)
Drop-off location (string)
Size of party (whole number)
Includes pets (Boolean)
Drop-off time (Time value – entered at completion)
Status (Active, Completed, Cancelled)
Rating by customer (floating point value)
You may add other data needed for your implementation as well as
you will need accessor and mutator functions for the data.
For the collections of each of the 3 Entity Classes identified above you
will need to include the ability to:
Add
Edit
Delete
Search/Find based on appropriate criteria
Print a list of all entries in the specific collection
Print the details for a single entity (do a find first)
Print a list of all Rides for a particular Passenger
Print a list of all Rides for a Particular Driver
Print a list of all Active (future and current) Rides, all completed rides and all
cancelled rides
for the Rides collection when you add a Ride you will need to verify that
a. the Driver selected is available during the defined time period
b. the Driver selected has number of seats sufficient for the passengers
c. The Driver has the appropriate pet policy
d. The Driver has required Handicapped capability
e. the driver has at least the minimum rating preferred by the Passenger
Note that a particular Driver could have multiple assignments
as long as they do not conflict with dates or times. For this assignment
you do not need to worry about verifying availability based on starting and
ending locations.
You will also need to provide in the Rides collection the ability to
print an assignment schedule for a particular .
CSCE 509 – Spring 2019
Assignment 3 // updated 01May19
DUE: May 11, 2019 at 5 p.m.
• Two data sets available on Moodle
o {concaveData.npy, concaveTarget.npy}
o {testData.npy, testTarget.npy}
• Write TensorFlow code to perform DNN classification with three (3) classes
• Use concave*.npy for training
• Use test*.npy for test
• Data is the data matrix; Target is the labeled targets from {0, 1, 2}
• Do each of the following steps. For each step: Note the accuracy of the classification using
the test data set. Discuss the results.
1. Write TensorFlow code to perform DNN classification using default settings. Define your
own architecture with two hidden layers. Calculate the number of parameters in your
network. Do not let the number of parameters exceed the number of input samples in
concave*.npy
2. Use one or two additional layers compared to (1) but be sure that the number of
parameters do not exceed the number of input samples. Which has better accuracy
performance? Or are they about the same?
3. Write Python code to read in the data sets. Add a large constant (such as “509” or “5090”)
to each input feature. Write the data sets as files, to be read in as input sets. Repeat the
classification using the new input files with the architecture that has better performance
in (1) or (2). What is the accuracy performance for the same number of epochs? If the
accuracy performance is about the same, does it converge faster or slower or about the
same?
4. Use the given data sets as used in (1) and (2). Use either of the two architectures. Change
the tf.layers.dense() function initlialization to He initialization by using the
variance_scaling_initializer() function:
he_init = tf.contrib.layers.variance_scaling_initializer(factor=2.0)
hidden1 = tf.layers.dense(X, n_hidden1, activation=tf.nn.relu,
kernel_initializer=he_init, name=”hidden1”)
# do the same for other hidden layers
What is the accuracy performance? Compare to either (1) or (2).
5. Take the architecture from either (1) or (2). Replace the relu activation function by the
exponential linear unit (ELU). In the tf.layers.dense function, use
activation=tf.nn.elu
What is the accuracy performance? Compare to either (1) or (2) and to (4).
6. Perform batch normalization on either (1) or (2) as follows. We want to zero-center and
normalize the inputs to the activation function of each layer by learning the mean and
scales of the inputs for each layer. Modify the Python code as follows:
X = tf.placeholder(tf.float32, shape=(None, n_inputs), name=”X”)
training = tf.placeholder_with_default(False, shape=(), name=”training”)
Then in defining the hidden layers:
hidden1 = tf.layers.dense(X, n_hidden1, name=”hidden1”)
batchnorm1 = tf.layers.batch_normalization(hidden1, training=training,
momentum=0.9)
bn1_act = tf.nn.elu(batchnorm1)
hidden2 = tf.layers.dense(bn1_act, n_hidden2, name=”hidden2”)
batchnorm2 = tf.layers.batch_normalization.
CSCI 2033 Elementary Computational Linear Algebra(Spring 20.docxmydrynan
CSCI 2033: Elementary Computational Linear Algebra
(Spring 2020)
Assignment 1 (100 points)
Due date: February 21st, 2019 11:59pm
In this assignment, you will implement Matlab functions to perform row
operations, compute the RREF of a matrix, and use it to solve a real-world
problem that involves linear algebra, namely GPS localization.
For each function that you are asked to implement, you will need to complete
the corresponding .m file with the same name that is already provided to you in
the zip file. In the end, you will zip up all your complete .m files and upload the
zip file to the assignment submission page on Gradescope.
In this and future assignments, you may not use any of Matlab’s built-in
linear algebra functionality like rref, inv, or the linear solve function A\b,
except where explicitly permitted. However, you may use the high-level array
manipulation syntax like A(i,:) and [A,B]. See “Accessing Multiple Elements”
and “Concatenating Matrices” in the Matlab documentation for more informa-
tion. However, you are allowed to call a function you have implemented in this
assignment to use in the implementation of other functions for this assignment.
Note on plagiarism A submission with any indication of plagiarism will be
directly reported to University. Copying others’ solutions or letting another
person copy your solutions will be penalized equally. Protect your code!
1 Submission Guidelines
You will submit a zip file that contains the following .m files to Gradescope.
Your filename must be in this format: Firstname Lastname ID hw1 sol.zip
(please replace the name and ID accordingly). Failing to do so may result in
points lost.
• interchange.m
• scaling.m
• replacement.m
• my_rref.m
• gps2d.m
• gps3d.m
• solve.m
1
Ricardo
Ricardo
Ricardo
Ricardo
�
The code should be stand-alone. No credit will be given if the function does not
comply with the expected input and output.
Late submission policy: 25% o↵ up to 24 hours late; 50% o↵ up to 48 hours late;
No point for more than 48 hours late.
2 Elementary row operations (30 points)
As this may be your first experience with serious programming in Matlab,
we will ease into it by first writing some simple functions that perform the
elementary row operations on a matrix: interchange, scaling, and replacement.
In this exercise, complete the following files:
function B = interchange(A, i, j)
Input: a rectangular matrix A and two integers i and j.
Output: the matrix resulting from swapping rows i and j, i.e. performing the
row operation Ri $ Rj .
function B = scaling(A, i, s)
Input: a rectangular matrix A, an integer i, and a scalar s.
Output: the matrix resulting from multiplying all entries in row i by s, i.e. per-
forming the row operation Ri sRi.
function B = replacement(A, i, j, s)
Input: a rectangular matrix A, two integers i and j, and a scalar s.
Output: the matrix resulting from adding s times row j to row i, i.e. performing
the row operatio.
CSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docxmydrynan
CSCE 3110 Data Structures & Algorithms Summer 2019
1 of 12
Project 3 – Hopscotch Hash Table
Due: 11:59 PM on Friday, June 21, 2019
PROGRAM DESCRIPTION
In this C++ program, you will implement an efficient hopscotch hash table that improves
on the classic linear probing algorithm. Specifically, you will use a TABLE_SIZE = 17
and use the single hash function ℎ(𝑥) = 𝑥 mod 𝑇𝐴𝐵𝐿𝐸_𝑆𝐼𝑍𝐸. You shall resolve
collisions using linear probing where the maximal length of the probe sequence (i.e.,
distance away from the original hash location) is bound by the hopscotch hash
algorithm where MAX_DIST = 4.
You shall support the following five operations that are menu driven:
1. Insert Value
2. Delete Value
3. Search Value
4. Output Table
5. Exit Program
All data shall be entered through the console and consist of integers. You may assume
valid data, though data may be out of range (i.e., zero, negative integers or possibly out
of range of menu options). Your algorithm to find the next available slot is bound by the
end of the table so that the linear probe sequence need not be circular. In other words,
you do not need to wrap around beyond the last element of the array to the first for
either the linear probe or the bound for the hopscotch algorithm. For example, if the
user attempts to insert 33 which hashes to index position 16 (i.e., 33 % TABLE_SIZE) in
the array, but an element already exists at that location, the insert will fail as there are
no more array locations beyond this to attempt to insert the element.
You must keep an item array containing the elements as well as an associated hop
array that indicates positions in the item array that are occupied with items that hash to
the same value. You should also provide specific feedback to the user on successful
operations or when an operation failed. The search should utilize the hash value and
then perhaps a linear probe of MAX_DIST – 1 index locations, but you should not
simply search the entire array to accomplish this operation. Be sure to handle the case
that requires multiple hops (i.e., using recursion) to get the value within the correct
range.
REQUIREMENTS
• Your code should be well documented in terms of comments. For example, good
comments in general consist of a header (with your name, course section, date,
and brief description), comments for each variable, and commented blocks of
code.
• Your program will be graded based largely on whether it works correctly on the
CSE machines (e.g., cse01, cse02, …, cse06), so you should make sure that
your program compiles and runs on a CSE machine.
aemalki
aemalki
aemalki
aemalki
aemalki
aemalki
aemalki
aemalki
CSCE 3110 Data Structures & Algorithms Summer 2019
2 of 12
• You should contact your instructor if there is any question about what is being
asked for.
• This is an individual programming assignment that must be the sole work of the
individual student. Any in
CSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docxmydrynan
CSCI 340 Final Group Project
Natalie Warden, Arturo Gonzalez, Ricky Gaji
Introduction
As our world continues to rely on technology to store our information, issues concerning data storage and organization will arise
Association of Computing Machinery (ACM) has asked us to prepare a database through which they can easily and effectively access this information
In this project we have created a tier system of entities, established the relationships between them, and decreased redundancy by eliminating repeating attributes
Responsibility MatrixTask/PersonNatalieArturoRickyAnalysisMSER-DiagramSMRedundancySSSSQLMSLogical DesignMAnalysis DocMRelationships DocMReadMe DocSMDatabaseMSS
Software Used:
Analysis:
Google Docs - helped to bring the group together and organize all our information to make sure we were on the same page.
Google Slides- served as the main platform in which to come up with our presentation and visualize what we are going to do.
Draw.io- used to build our many ER diagrams
Database Design:
x10 web hosting- hosted our website and had the tools necessary to get started on the database
phpMyAdmin- here we created our database tables and made sure all the attribute’s data types and entity’s primary key, foreign keys, and attributes were correct.
mySQL Databases- used as relational database management system
generatedata.com-used to create “dummy” data to incorporate in the SQL testing
Analysis and Findings
Problems/Results
Final Decision
Decided to create entities for leadership
Took inspiration from University database setup
ER-Diagram
Tables
Tables
Building the ACM Database
Populated Tables
SQL/RESULTS
3
Name
Course
Date
Instructor
Benchmark - Gospel Essentials
In at least 150 words, complete your introductory paragraph with a thesis statement in which you will address each of the following six sections with at least one paragraph each.
God
In at least 150 words, respond thoroughly to the questions in the assignment. Be sure to include citations.
Humanity
In at least 150 words, respond thoroughly to the questions in the assignment. Be sure to include citations.
Jesus
In at least 150 words, respond thoroughly to the questions in the assignment. Be sure to include citations.
Restoration
In at least 150 words, respond thoroughly to the questions in the assignment. Be sure to include citations.
Analysis
In at least 150 words, respond thoroughly to the questions in the assignment. Be sure to include citations.
Reflection
In at least 150 words, respond thoroughly to the questions in the assignment. Be sure to include citations.
Conclusion
In at least 150 words, synthesize the main points, pulling the ideas of the paper together. Be sure to include citations.
References
Author, A. A., .
CSC-321 Final Writing Assignment In this assignment, you .docxmydrynan
CSC-321 Final Writing Assignment
In this assignment, you will write an article about a recent cybersecurity attack (of your choosing). The
article will include the following components:
1) Executive summary: a 1-page executive summary highlighting the potential impact and likelihood
of a similar attack against a fictional company XYZ. XYZ should be a company in a similar field
to the company attacked by the vulnerability.
a. Audience: A C-level business executive. Do not assume they will have any technical
knowledge but assume they are very interested in the economic impact of things.
b. Purpose: Provide a summary that they will use to make business decisions from. You
need to be convincing that the cost of security makes business sense.
2) Technical report: a 3-page technical report including the following topics: Introduction,
Vulnerability(s) exploited, financial impact (if applicable), social impact (if applicable),
technological impact (if applicable), political impact (if applicable), patches available/needed to
prevent these vulnerabilities (if applicable), human training needed (if applicable), comparison to
similar vulnerabilities in the past 20 years, assessment of how common the vulnerability is, and
recommendations for company XYZ to protect itself from similar vulnerabilities.
a. Audience: A Technical manager and his engineering staff. Assume a good knowledge of
computer science, engineering, and math but no specific security knowledge.
b. Purpose: Provides information to engineers at XYZ about the attack and how to prevent a
similar one against XYZ.
3) Press release: a 2-page article for popular consumption (think wired). This should explain the
vulnerability, protection, and potential impact to general audiences (users and share-holders).
a. Format: 2-page wired article. Be informative, objective, and entertaining
b. Audience: General public who are interested in technology but may have never taken a
computer science course and, almost certainly, have never taken a computer security
course.
c. Purpose: To express your understanding to a broad audience.
Choosing your topic
Your article must be about a recent computer security exploit with real world impacts. You must get your
topic approved in lab or by email before April 22nd.
Format: IEEE conference formatting with 12pt font. All page counts are precise. You should not go
over and should be no more than ¼ column under.
Press release (2 pages) Draft: Apr, 29 Due: May, 13
Lastly you are to write a two-page article for a national technical magazine, think Wired. This article is
intended for a general audience who is interested in technology but does not have formal technical
backgrounds. This article should explain the attack, its impact, how it is mitigated, and what (if
anything) the general audience should do. This article should be informative, objective, and entertaining.
Executive Summary (1 page) .
Cryptography is the application of algorithms to ensure the confiden.docxmydrynan
Cryptography is the application of algorithms to ensure the confidentiality, integrity, and availability of data, while it is at rest, in motion, or in use. Cryptography systems can include local encryptions at the file or disk level or databases. Cryptography systems can also extend to an enterprise-wide public key infrastructure for whole agencies or corporations.
The following are the deliverables for this project:
Deliverables
Enterprise Key Management Plan:
An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Enterprise Key Management Policy:
A two- to three-page double-spaced Word document.
Lab Report:
A Word document sharing your lab experience along with screenshots.
There are seven steps to complete the project. Most steps of this project should take no more than two hours to complete. The entire project should take no more than one week to complete. Begin with the workplace scenario, and then continue to Step 1, “Identify Components of Key Management.”
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
Step 1: Identify Components of Key Management
Key management will be an important aspect of the new electronic protected health information (e-PHI). Key management is often considered the most difficult part of designing a cryptosystem.
Choose a fictitious or an actual organization. The idea is to provide an overview of the current state of enterprise key management for Superior Health Care.
Review these authentication resources to learn about
authentication
and the characteristics of key management.
Provide a high-level, top-layer network view (diagram) of the systems in Superior Health Care. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Conduct independent research to identify a suitable network diagram.
Read these resources on
data at rest
, data in use, and
data in motion
.
Identify data at rest, data in use, and data in motion as it could apply to your organization. Start by focusing on where data are stored and how data are accessed.
Review these resources on insecure handling, and identify areas where
insecure handling
may be a concern for your organization.
Incorporate this information in your key management plan.
In the next step, you will consider key management capabilities.
Step 3: Identify Key Management Gaps, Risks,
Solution
s, and Challenges
In the previous step, you identified the key components of an enterprise key management system. In this step, you will conduct independent research on key management issues in existing organizations. You will use this research to help identify gaps in key management, in each of the key management areas within Superior Health Care.
Conduct independent research to identify typical gaps in key manage.
CSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docxmydrynan
CSc3320 Assignment 6 Due on 24th April, 2013
Socket programming code (server.c & client.c) demoed in class implement a server-client communication by socket. The server sets up a socket and waits for communication request from a client. The client tries to connect to server and asks user for a message to send to server after the connection established. Server then accepts the communication, reads the message, displays it and send confirmation message to the client. The client reads confirmation from server and displays it too.
Please modify the server.c such that the server can carry out the same communication with
3
clients. It creates a child process (fork()) every time a communication request from one client arrives and continues to wait to serve the next client. This child process takes care of reading message/sending confirmation from/to the corresponding client and terminates with the exit code 0. After serving all 3 clients, the server needs to accept (wait()) termination of all child processes it created. Server prints out message about the child process ID and the exit code every time it accepts the termination of a child process (eg. “A child with PID 1959 terminated with exit code 0”).
Client.c
#include
#include
#include
#include
#include
#include
#include
#include
void error(const char *msg)
{
perror(msg);
exit(0);
}
int main(int argc, char *argv[])
{
int sockfd, portno, n;
struct sockaddr_in serv_addr;
struct hostent *server;
char buffer[256];
if (argc < 3) {
fprintf(stderr,"usage %s hostname port\n", argv[0]);
exit(0);
}
portno = atoi(argv[2]);
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0)
error("ERROR opening socket");
server = gethostbyname(argv[1]);
if (server == NULL) {
fprintf(stderr,"ERROR, no such host\n");
exit(0);
}
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
bcopy((char *)server->h_addr,
(char *)&serv_addr.sin_addr.s_addr,
server->h_length);
serv_addr.sin_port = htons(portno);
//printf("h_addr: %s\n", inet_ntoa(serv_addr.sin_addr));
if (connect(sockfd,(struct sockaddr *) &serv_addr,sizeof(serv_addr)) < 0)
error("ERROR connecting");
printf("Please enter the message: ");
bzero(buffer,256);
fgets(buffer,255,stdin);
n = write(sockfd,buffer,strlen(buffer));
if (n < 0)
error("ERROR writing to socket");
bzero(buffer,256);
n = read(sockfd,buffer,255);
if (n < 0)
error("ERROR reading from socket");
printf("%s\n",buffer);
close(sockfd);
return 0;
}
Server.c
/* A simple server in the internet domain using TCP
The port number is passed as an argument */
#include
#include
#include
#include
#include
#include
#include
#include
void error(const char *msg)
{
perror(msg);
.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
4. SC-21
SC-22
SC-236.5Application & Interface Security
Customer Access RequirementsAIS-02Prior to granting
customers access to data, assets, and information systems, all
identified security, contractual, and regulatory requirements for
customer access shall be addressed and
remediated.XXXXXXXXXXXXS3.2.a(S3.2.a) a. Logical access
security measures to restrict access to information resources not
deemed to be public.C.2.1, C.2.3, C.2.4, C.2.6.1, H.110 (B)
11 (A+)SA-01Domain 10NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 CA-5
NIST SP 800-53 R3 CA-6NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 CA-5
NIST SP 800-53 R3 CA-61.2.2
1.2.6
6.2.1
6.2.2A.6.2.1
A.6.2.2
A.11.1.1Commandment #6
Commandment #7
Commandment #8CA-1
CA-2
CA-5
CA-6Application & Interface Security
Data IntegrityAIS-03Data input and output integrity routines
(i.e., reconciliation and edit checks) shall be implemented for
application interfaces and databases to prevent manual or
systematic processing errors, corruption of data, or
misuse.XXXXXXXXXXI3.2.0
5. I3.3.0
I3.4.0
I3.5.0(I3.2.0) The procedures related to completeness, accuracy,
timeliness, and authorization of inputs are consistent with the
documented system processing integrity policies.
(I3.3.0) The procedures related to completeness, accuracy,
timeliness, and authorization of system processing, including
error correction and database management, are consistent with
documented system processing integrity policies.
(I3.4.0) The procedures related to completeness, accuracy,
timeliness, and authorization of outputs are consistent with the
documented system processing integrity policies.
(I3.5.0) There are procedures to enable tracing of information
inputs from their source to their final disposition and vice
versa.I.4G.16.3, I.3SA-05Domain 10NIST SP 800-53 R3 SI-2
NIST SP 800-53 R3 SI-3NIST SP 800-53 R3 SI-2
NIST SP 800-53 R3 SI-2 (2)
NIST SP 800-53 R3 SI-3
NIST SP 800-53 R3 SI-3 (1)
NIST SP 800-53 R3 SI-3 (2)
NIST SP 800-53 R3 SI-3 (3)
NIST SP 800-53 R3 SI-4
NIST SP 800-53 R3 SI-4 (2)
NIST SP 800-53 R3 SI-4 (4)
NIST SP 800-53 R3 SI-4 (5)
6. NIST SP 800-53 R3 SI-4 (6)
NIST SP 800-53 R3 SI-6
NIST SP 800-53 R3 SI-7
NIST SP 800-53 R3 SI-7 (1)
NIST SP 800-53 R3 SI-9
NIST SP 800-53 R3 SI-10
NIST SP 800-53 R3 SI-111.2.645 CFR 164.312 (c)(1)
45 CFR 164.312 (c)(2)
45 CFR 164.312(e)(2)(i)A.10.9.2
A.10.9.3
A.12.2.1
A.12.2.2
A.12.2.3
A.12.2.4
A.12.6.1
A.15.2.1Commandment #1
Commandment #9
Commandment #11CIP-003-3 - R4.2SI-10
SI-11
SI-2
SI-3
SI-4
SI-6
SI-7
SI-96.3.1
6.3.2Application & Interface Security
Data Security / IntegrityAIS-04Policies and procedures shall be
established, and supporting business processes and technical
measures implemented, to ensure protection of confidentiality,
integrity, and availability of data exchanged between one or
more system interfaces, jurisdictions, or external business
relationships to prevent improper disclosure, alteration, or
destruction. These policies, procedures, processes, and
measures shall be in accordance with known legal, statutory and
regulatory compliance obligations.XXXXXXXXXXS3.4(S3.4)
Procedures exist to protect against unauthorized access to
8. 4.1.1
6.1
6.3.2a
6.5c
8.3
10.5.5
11.5Audit Assurance & Compliance
Audit PlanningAAC-01Audit plans, activities, and operational
action items focusing on data duplication, access, and data
boundary limitations shall be designed to minimize the risk of
business process disruption. Audit activities must be planned
and agreed upon in advance by
stakeholders.XXXXXXXXXXXS4.1.0
S4.2.0(S4.1.0) The entity’s system security is periodically
reviewed and compared with the defined system security
policies.
(S4.2.0) There is a process to identify and address potential
impairments to the entity’s ongoing ability to achieve its
objectives in accordance with its defined system security
policies.L.1, L.2, L.7, L.9, L.1158 (B)CO-01ME 2.1
ME 2.2
PO 9.5
PO 9.6Domain 2, 46.01. (d)NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 CA-7NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 CA-7
NIST SP 800-53 R3 CA-7 (2)
NIST SP 800-53 R3 PL-610.2.545 CFR 164.312(b)Clause 4.2.3
e)
Clause 4.2.3b
Clause 5.1 g
Clause 6
9. A.15.3.1Commandment #1
Commandment #2
Commandment #3CA-2
CA-7
PL-62.1.2.bAudit Assurance & Compliance
Independent AuditsAAC-02Independent reviews and
assessments shall be performed at least annually, or at planned
intervals, to ensure that the organization addresses any
nonconformities of established policies, procedures, and known
contractual, statutory, or regulatory compliance
obligations.XXXXXXXXXXXXS4.1.0
S4.2.0(S4.1.0) The entity’s system security is periodically
reviewed and compared with the defined system security
policies.
(S4.2.0) There is a process to identify and address potential
impairments to the entity’s ongoing ability to achieve its
objectives in accordance with its defined system security
policies.L.2, L.4, L.7, L.9, L.1158 (B)
59 (B)
61 (C+, A+)
76 (B)
77 (B)CO-02DS5.5
ME2.5
ME 3.1
PO 9.6Domian 2, 46.03. (e)
6.07.01. (m)
6.07.01. (n)NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 CA-6
NIST SP 800-53 R3 RA-5NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
10. NIST SP 800-53 R3 CA-6
NIST SP 800-53 R3 RA-5
NIST SP 800-53 R3 RA-5 (1)
NIST SP 800-53 R3 RA-5 (2)
NIST SP 800-53 R3 RA-5 (3)
NIST SP 800-53 R3 RA-5 (6)
NIST SP 800-53 R3 RA-5 (9)1.2.5
1.2.7
4.2.1
8.2.7
10.2.3
10.2.545 CFR 164.308 (a)(8)
45 CFR 164.308(a)(1)(ii)(D)Clause 4.2.3e
Clause 5.1 g
Clause 5.2.1 d)
Clause 6
A.6.1.8Commandment #1
Commandment #2
Commandment #3CIP-003-3 - R1.3 - R4.3
CIP-004-3 R4 - R4.2
CIP-005-3a - R1 - R1.1 - R1.2CA-1
CA-2
CA-6
RA-511.2
11.3
6.6
12.1.2.bAudit Assurance & Compliance
Information System Regulatory MappingAAC-03An inventory
of the organization's external legal, statutory, and regulatory
compliance obligations associated with (and mapped to) any
scope and geographically-relevant presence of data or
organizationally-owned or managed (physical or virtual)
infrastructure network and systems components shall be
maintained and regularly updated as per the business need (e.g.,
change in impacted-scope and/or a change in any compliance
obligation).XXXXXXXXXXXXS3.1.0
11. x3.1.0(S3.1.0) Procedures exist to (1) identify potential threats
of disruption to systems operation that would impair system
security commitments and (2) assess the risks associated with
the identified threats.
(x3.1.0) Procedures exist to (1) identify potential threats of
disruptions to systems operations that would impair system
[availability, processing integrity, confidentiality] commitments
and (2) assess the risks associated with the identified
threats.L.1, L.2, L.4, L.7, L.976 (B)
77 (B)
78 (B)
83 (B)
84 (B)
85 (B)CO-05ME 3.1Domain 2, 46.10. (a)
6.10. (b)
6.10. (c)
6.10. (d)
6.10. (e)
6.10. (f)
6.10. (g)
6.10. (h)
6.10. (i)NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 AT-1
NIST SP 800-53 R3 AU-1
NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CP-1
NIST SP 800-53 R3 IA-1
NIST SP 800-53 R3 IA-7
NIST SP 800-53 R3 IR-1
NIST SP 800-53 R3 MA-1
14. SI-13.1.1
3.1Business Continuity Management & Operational Resilience
Business Continuity PlanningBCR-01A consistent unified
framework for business continuity planning and plan
development shall be established, documented and adopted to
ensure all business continuity plans are consistent in addressing
priorities for testing, maintenance, and information security
requirements. Requirements for business continuity plans
include the following:
• Defined purpose and scope, aligned with relevant
dependencies
• Accessible to and understood by those who will use them
• Owned by a named person(s) who is responsible for their
review, update, and approval
• Defined lines of communication, roles, and responsibilities
• Detailed recovery procedures, manual work-around, and
reference information
• Method for plan invocationXXXXXXXXXXXXA3.1.0
A3.3.0
A3.4.0(A3.1.0) Procedures exist to (1) identify potential threats
of disruptions to systems operation that would impair system
availability commitments and (2) assess the risks associated
with the identified threats.
(A3.3.0) Procedures exist to provide for backup, offsite storage,
restoration, and disaster recovery consistent with the entity’s
defined system availability and related security policies.
16. 45 CFR 164.308 (a)(7)(ii)(B)
45 CFR 164.308 (a)(7)(ii)(C)
45 CFR 164.308 (a)(7)(ii)(E)
45 CFR 164.310 (a)(2)(i)
45 CFR 164.312 (a)(2)(ii)Clause 5.1
A.6.1.2
A.14.1.3
A.14.1.4Commandment #1
Commandment #2
Commandment #3CP-1
CP-2
CP-3
CP-4
CP-6
CP-7
CP-8
CP-9
CP-10
PE-1712.9.1
12.9.3
12.9.4
12.9.6Business Continuity Management & Operational
Resilience
Business Continuity TestingBCR-02Business continuity and
security incident response plans shall be subject to testing at
planned intervals or upon significant organizational or
environmental changes. Incident response plans shall involve
impacted customers (tenant) and other business relationships
that represent critical intra-supply chain business process
dependencies.XXXXXXXXXXXXA3.3(A3.3) Procedures exist
to provide for backup, offsite storage, restoration, and disaster
recovery consistent with the entity’s defined system availability
and related security policies.K.1.3, K.1.4.3, K.1.4.6, K.1.4.7,
K.1.4.8, K.1.4.9, K.1.4.10, K.1.4.11, K.1.4.1252 (B)
55 (A+)RS-04Domain 7, 86.07.01. (b)
6.07.01. (j)
17. 6.07.01. (l)NIST SP800-53 R3 CP-2
NIST SP800-53 R3 CP-3
NIST SP800-53 R3 CP-4NIST SP800-53 R3 CP-2
NIST SP800-53 R3 CP-2 (1)
NIST SP800-53 R3 CP-2 (2)
NIST SP800-53 R3 CP-3
NIST SP800-53 R3 CP-4
NIST SP800-53 R3 CP-4 (1)45 CFR 164.308
(a)(7)(ii)(D)A.14.1.5Commandment #1
Commandment #2
Commandment #3CP-2
CP-3
CP-412.9.2Business Continuity Management & Operational
Resilience
Datacenter Utilities / Environmental ContitionsBCR-
03Datacenter utilities services and environmental conditions
(e.g., water, power, temperature and humidity controls,
telecommunications,and internet connectivity) shall be secured,
monitored, maintained, and tested for continual effectiveness at
planned intervals to ensure protection from unauthorized
interception or damage, and designed with automated fail-over
or other redundancies in the event of planned or unplanned
disruptions.XXXXXXA3.2.0
A3.4.0(A3.2.0) Measures to prevent or mitigate threats have
been implemented consistent with the risk assessment when
commercially practicable.
(A3.4.0) Procedures exist to protect against unauthorized access
to system resource.F.1F.1.6, F.1.6.1, F.1.6.2, F.1.9.2, F.2.10,
F.2.11, F.2.129 (B)
10 (B)RS-08Domain 7, 86.08. (a)
6.09. (c)
6.09. (f)
18. 6.09. (g)NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-4
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)A.9.2.2
A.9.2.3Commandment #1
Commandment #2
Commandment #3
Commandment #4
Commandment #9
Commandment #11PE-1
PE-4
PE-13Business Continuity Management & Operational
Resilience
DocumentationBCR-04Information system documentation (e.g.,
administrator and user guides, and architecture diagrams) shall
be made available to authorized personnel to ensure the
following:
• Configuring, installing, and operating the information system
• Effectively using the system’s security
featuresXXXXXXXXXXS3.11.0
A.2.1.0(S3.11.0) Procedures exist to provide that personnel
responsible for the design, development, implementation, and
operation of systems affecting security have the qualifications
and resources to fulfill their responsibilities.
(A.2.1.0) The entity has prepared an objective description of the
20. of natural or man-made disaster shall be anticipated, designed,
and have countermeasures applied.XXXXXXA3.1.0
A3.2.0(A3.1.0) Procedures exist to (1) identify potential threats
of disruptions to systems operation that would impair system
availability commitments and (2) assess the risks associated
with the identified threats.
(A3.2.0) Measures to prevent or mitigate threats have been
implemented consistent with the risk assessment when
commercially practicable.F.1F.2.9, F.1.2.21, F.5.1, F.1.5.2,
F.2.1, F.2.7, F.2.8RS-05Domain 7, 86.07. (d)
6.08. (a)
6.09. (a)
6.09. (b)
6.09. (d)NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-15NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-15
NIST SP800-53 R3 PE-188.2.445 CFR 164.308 (a)(7)(i)
45 CFR 164.310(a)(2)(ii)A.9.1.4
A.9.2.1Commandment #1
Commandment #2
Commandment #3CIP-004-3 R3.2PE-1
PE-13
PE-14
PE-15
21. PE-18Business Continuity Management & Operational
Resilience
Equipment LocationBCR-06To reduce the risks from
environmental threats, hazards, and opportunities for
unauthorized access, equipment shall be kept away from
locations subject to high probability environmental risks and
supplemented by redundant equipment located at a reasonable
distance.XXXXXXA3.1.0
A3.2.0(A3.1.0) Procedures exist to (1) identify potential threats
of disruptions to systems operation that would impair system
availability commitments and (2) assess the risks associated
with the identified threats.
(A3.2.0) Measures to prevent or mitigate threats have been
implemented consistent with the risk assessment when
commercially practicable.F.1F.2.9, F.1.2.21, F.5.1, F.1.5.2,
F.2.1, F.2.7, F.2.853 (A+)
75 (C+, A+)RS-06Domain 7, 86.07. (d)
6.08. (a)
6.09. (a)
6.09. (b)
6.09. (d)NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-15NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-5
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-15
NIST SP800-53 R3 PE-1845 CFR 164.310
(c)A.9.2.1Commandment #1
Commandment #2
Commandment #3PE-1
PE-5
22. PE-14
PE-15
PE-189.1.3
9.5
9.6
9.9
9.9.1Business Continuity Management & Operational Resilience
Equipment MaintenanceBCR-07Policies and procedures shall be
established, and supporting business processes and technical
measures implemented, for equipment maintenance ensuring
continuity and availability of operations and support
personnel.XXXXXXXXXXXA3.2.0
A4.1.0(A3.2.0) Measures to prevent or mitigate threats have
been implemented consistent with the risk assessment when
commercially practicable.
(A4.1.0) The entity’s system availability and security
performance is periodically reviewed and compared with the
defined system availability and related security policies.F.2.191
(B)OP-04A13.3Domain 7, 86.09. (h)NIST SP 800-53 R3 MA-2
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 MA-5NIST SP 800-53 R3 MA-2
NIST SP 800-53 R3 MA-2 (1)
NIST SP 800-53 R3 MA-3
NIST SP 800-53 R3 MA-3 (1)
NIST SP 800-53 R3 MA-3 (2)
NIST SP 800-53 R3 MA-3 (3)
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 MA-4 (1)
NIST SP 800-53 R3 MA-4 (2)
NIST SP 800-53 R3 MA-5
NIST SP 800-53 R3 MA-65.2.3
8.2.2
24. NIST SP800-53 R3 PE-14A.9.2.2
A.9.2.3
A 9.2.4Commandment #1
Commandment #2
Commandment #3CP-8
PE-1
PE-9
PE-10
PE-11
PE-12
PE-13
PE-14Business Continuity Management & Operational
Resilience
Impact AnalysisBCR-09There shall be a defined and
documented method for determining the impact of any
disruption to the organization that must incorporate the
following:
• Identify critical products and services
• Identify all dependencies, including processes, applications,
business partners, and third party service providers
• Understand threats to critical products and services
• Determine impacts resulting from planned or unplanned
disruptions and how these vary over time
• Establish the maximum tolerable period for disruption
• Establish priorities for recovery
• Establish recovery time objectives for resumption of critical
products and services within their maximum tolerable period of
disruption
• Estimate the resources required for
resumptionXXXXXXXXXXXXA3.1.0
A3.3.0
25. A3.4.0(A3.1.0) Procedures exist to (1) identify potential threats
of disruptions to systems operation that would impair system
availability commitments and (2) assess the risks associated
with the identified threats.
(A3.3.0) Procedures exist to provide for backup, offsite storage,
restoration, and disaster recovery consistent with the entity’s
defined system availability and related security policies.
(A3.4.0) Procedures exist to provide for the integrity of backup
data and systems maintained to support the entity’s defined
system availability and related security policies.K.2RS-
02Domain 7, 86.02. (a)
6.03.03. (c)
6.07. (a)
6.07. (b)
6.07. (c)NIST SP 800-53 R3 CP-1
NIST SP 800-53 R3 CP-2
NIST SP 800-53 R3 RA-3NIST SP 800-53 R3 CP-1
NIST SP 800-53 R3 CP-2
NIST SP 800-53 R3 RA-345 CFR 164.308 (a)(7)(ii)(E)ISO/IEC
27001:2005
A.14.1.2
A 14.1.4Commandment #1
Commandment #2
Commandment #3CIP-007-3 - R8 - R8.1 - R8.2 - R8.3RA-
3Business Continuity Management & Operational Resilience
Management ProgramBCR-10Policies and procedures shall be
established, and supporting business processes and technical
measures implemented, for business resiliency and operational
continuity to manage the risks of minor to catastrophic business
disruptions. These policies, procedures, processes, and
measures must protect the availability of critical business
26. operations and corporate assets in accordance with applicable
legal, statutory, or regulatory compliance obligations. A
management program shall be established with supporting roles
and responsibilities that have been communicated and, if
needed, consented and/or contractually agreed to by all affected
facilities, personnel, and/or external business
relationships.XXXXXXXXXXXXA3.1.0
A3.3.0
A3.4.0Procedures exist to (1) identify potential threats of
disruptions to systems operation that would impair system
availability commitments and (2) assess the risks associated
with the identified threats.
Procedures exist to provide for backup, offsite storage,
restoration, and disaster recovery consistent with the entity’s
defined system availability and related security policies.
Procedures exist to provide for the integrity of backup data and
systems maintained to support the entity’s defined system
availability and related security policies.K.1.2.9, K.1.2.10,
K.3.127 (B)
31 (C+, A+)RS-01PO 9.1
PO 9.2
DS 4.2Domain 7, 86.07. (a)NIST SP 800-53 R3 CP-1
NIST SP 800-53 R3 CP-2NIST SP 800-53 R3 CP-1
NIST SP 800-53 R3 CP-2
NIST SP 800-53 R3 CP-2 (1)
NIST SP 800-53 R3 CP-2 (2)45 CFR 164.308 (a)(7)(i)
27. 45 CFR 164.308 (a)(7)(ii)(C)Clause 4.3.2
A.14.1.1
A 14.1.4Commandment #1
Commandment #2
Commandment #3CP-1
CP-212.9.1Business Continuity Management & Operational
Resilience
PolicyBCR-11Policies and procedures shall be established, and
supporting business processes and technical measures
implemented, for appropriate IT governance and service
management to ensure appropriate planning, delivery and
support of the organization's IT capabilities supporting business
functions, workforce, and/or customers based on industry
acceptable standards (i.e., ITIL v4 and COBIT 5). Additionally,
policies and procedures shall include defined roles and
responsibilities supported by regular workforce
training.XXXXXXXXS2.3.0(S2.3.0) Responsibility and
accountability for the entity’s system availability,
confidentiality of data, processing integrity, system security and
related security policies and changes and updates to those
policies are communicated to entity personnel responsible for
implementing them.G.1.145 (B)OP-01DS13.1Domain 7, 86.03.
(c)NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-4
NIST SP 800-53 R3 CM-6
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-5NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-2 (1)
NIST SP 800-53 R3 CM-2 (3)
NIST SP 800-53 R3 CM-2 (5)
NIST SP 800-53 R3 CM-3
NIST SP 800-53 R3 CM-3 (2)
NIST SP 800-53 R3 CM-4
NIST SP 800-53 R3 CM-5
29. SA-5
SA-8
SA-10
SA-11
SA-1212.1
12.2
12.3
12.4Business Continuity Management & Operational Resilience
Retention PolicyBCR-12Policies and procedures shall be
established, and supporting business processes and technical
measures implemented, for defining and adhering to the
retention period of any critical asset as per established policies
and procedures, as well as applicable legal, statutory, or
regulatory compliance obligations. Backup and recovery
measures shall be incorporated as part of business continuity
planning and tested accordingly for
effectiveness.XXXXXXXXXXA3.3.0
A3.4.0
I3.20.0
I3.21.0(A3.3.0) Procedures exist to provide for backup, offsite
storage, restoration, and disaster recovery consistent with the
entity’s defined system availability and related security
policies.
(A3.4.0) Procedures exist to provide for the integrity of backup
data and systems maintained to support the entity’s defined
30. system availability and related security policies.
(I3.20.0) Procedures exist to provide for restoration and disaster
recovery consistent with the entity’s defined processing
integrity policies.
(I3.21.0) Procedures exist to provide for the completeness,
accuracy, and timeliness of backup data and systems.D.2.2.936
(B)DG-04DS 4.1
DS 4.2
DS 4.5
DS 4.9
DS 11.6Domain 56.03. (h)
6.07.01. (c)NIST SP 800-53 R3 CP-2
NIST SP 800-53 R3 CP-9NIST SP 800-53 R3 CP-2
NIST SP 800-53 R3 CP-2 (1)
NIST SP 800-53 R3 CP-2 (2)
NIST SP 800-53 R3 CP-6
NIST SP 800-53 R3 CP-6 (1)
NIST SP 800-53 R3 CP-6 (3)
NIST SP 800-53 R3 CP-7
NIST SP 800-53 R3 CP-7 (1)
NIST SP 800-53 R3 CP-7 (2)
NIST SP 800-53 R3 CP-7 (3)
NIST SP 800-53 R3 CP-7 (5)
NIST SP 800-53 R3 CP-8
NIST SP 800-53 R3 CP-8 (1)
NIST SP 800-53 R3 CP-8 (2)
NIST SP 800-53 R3 CP-9
NIST SP 800-53 R3 CP-9 (1)
NIST SP 800-53 R3 CP-9 (3)5.1.0
5.1.1
5.2.2
8.2.645 CFR 164.308 (a)(7)(ii)(A)
45 CFR 164.310 (d)(2)(iv)
45 CFR 164.308(a)(7)(ii)(D)
31. 45 CFR 164.316(b)(2)(i) (New)Clause 4.3.3
A.10.5.1
A.10.7.3Commandment #11CIP-003-3 - R4.1CP-2
CP-6
CP-7
CP-8
CP-9
SI-12
AU-113.1
3.1.1
3.2
9.9.1
9.5
9.6
10.7Change Control & Configuration Management
New Development / AcquisitionCCC-01Policies and procedures
shall be established, and supporting business processes and
technical measures implemented, to ensure the development
and/or acquisition of new data, physical or virtual applications,
infrastructure network and systems components, or any
corporate, operations and/or datacenter facilities have been pre-
authorized by the organization's business leadership or other
accountable business role or function.XXXXXXXXXXXS3.12.0
S3.10.0
S3.13.0(S3.12.0) Procedures exist to maintain system
components, including configurations consistent with the
defined system security policies.
(S3.10.0) Design, acquisition, implementation, configuration,
32. modification, and management of infrastructure and software
are consistent with defined system security policies.
(S3.13.0) Procedures exist to provide that only authorized,
tested, and documented changes are made to the system.I.2I.1.1,
I.1.2, I.2. 7.2, I.2.8, I.2.9, I.2.10, I.2.13, I.2.14, I.2.15, I.2.18,
I.2.22.6, L.5RM-01A12
A16.1None6.03. (a)NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 PL-1
NIST SP 800-53 R3 PL-2
NIST SP 800-53 R3 SA-1
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CM-9
NIST SP 800-53 R3 PL-1
NIST SP 800-53 R3 PL-2
NIST SP 800-53 R3 SA-1
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-4 (1)
NIST SP 800-53 R3 SA-4 (4)
NIST SP 800-53 R3 SA-4 (7)1.2.6A.6.1.4
A.6.2.1
A.12.1.1
A.12.4.1
A.12.4.2
A.12.4.3
A.12.5.5
A.15.1.3
A.15.1.4Commandment #1
Commandment #2
Commandment #3CA-1
CM-1
CM-9
33. PL-1
PL-2
SA-1
SA-3
SA-46.3.2Change Control & Configuration Management
Outsourced DevelopmentCCC-02The use of an outsourced
workforce or external business relationship for designing,
developing, testing, and/or deploying the organization's own
source code shall require higher levels of assurance of
trustworthy applications (e.g., management supervision,
established and independently certified adherence information
security baselines, mandated information security training for
outsourced workforce, and ongoing security code
reviews).XXXXXXXXXXXS3.10.0
S3.13(S3.10.0) Design, acquisition, implementation,
configuration, modification, and management of infrastructure
and software are consistent with defined system availability,
confidentiality of data, processing integrity, systems security
and related security policies.
(S3.13) Procedures exist to provide that only authorized, tested,
and documented changes are made to the system.C.2
I.1
I.2
I.4C.2.4, G.4, G6, I.1, I.4.4, I.4.5, I.2.7.2, I.2.8, I.2.9, I.2.15,
I.2.18, I.2.22.6, I.2.7.1, I.2.13, I.2.14, I.2.17, I.2.20, I.2.22.2,
I.2.22.4, I.2.22.7, I.2.22.8, I.2.22.9, I.2.22.10, I.2.22.11,
I.2.22.12, I.2.22.13, I.2.22.14, I.3, J.1.2.10, L.7, L.9, L.1027
(B)RM-04NoneNIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-5
NIST SP 800-53 R3 SA-9NIST SP 800-53 R3 SA-4
35. Commandment #2
Commandment #3SA-4
SA-5
SA-8
SA-9
SA-10
SA-11
SA-12
SA-133.6.7
6.4.5.2
7.1.3
8.5.1
9.1
9.1.2
9.2b
9.3.1
10.5.2
11.5
12.3.1
12.3.3Change Control & Configuration Management
Quality TestingCCC-03A program for the systematic monitoring
and evaluation to ensure that standards of quality and security
baselines are being met shall be established for all software
developed by the organization. Quality evaluation and
acceptance criteria for information systems, upgrades, and new
versions shall be established and documented, and tests of the
system(s) shall be carried out both during development and
prior to acceptance to maintain security. Management shall have
a clear oversight capacity in the quality testing process, with
the final product being certified as "fit for purpose" (the
product should be suitable for the intended purpose) and "right
first time" (mistakes should be eliminated) prior to release. It is
also necessary to incorporate technical security reviews (i.e.,
vulnerability assessments and/or penetration testing) to
remediate vulnerabilities that pose an unreasonable business
risk or risk to customers (tenants) prior to
36. release.XXXXXXXXXXA3.13.0
C3.16.0
I3.14.0
S3.10.0
S3.13(A3.13.0, C3.16.0, I3.14.0, S3.10.0) Design, acquisition,
implementation, configuration, modification, and management
of infrastructure and software are consistent with defined
system availability, confidentiality of data, processing integrity,
systems security and related security policies.
(S3.13) Procedures exist to provide that only authorized, tested,
and documented changes are made to the system.C.1.7, G.1,
G.6, I.1, I.4.5, I.2.18, I.22.1, I.22.3, I.22.6, I.2.23, I.2.22.2,
I.2.22.4, I.2.22.7. I.2.22.8, I.2.22.9, I.2.22.10, I.2.22.11,
I.2.22.12, I.2.22.13, I.2.22.14,I.2.20, I.2.17, I.2.7.1, I.3, J.2.10,
L.9RM-03PO 8.1None6.03.01. (b)
6.03.01. (d)NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-5NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-2 (1)
NIST SP 800-53 R3 CM-2 (3)
NIST SP 800-53 R3 CM-2 (5)
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-4 (1)
NIST SP 800-53 R3 SA-4 (4)
NIST SP 800-53 R3 SA-4 (7)
NIST SP 800-53 R3 SA-5
NIST SP 800-53 R3 SA-5 (1)
NIST SP 800-53 R3 SA-5 (3)
NIST SP 800-53 R3 SA-8
38. Unauthorized Software InstallationsCCC-04Policies and
procedures shall be established, and supporting business
processes and technical measures implemented, to restrict the
installation of unauthorized software on organizationally-owned
or managed user end-point devices (e.g., issued workstations,
laptops, and mobile devices) and IT infrastructure network and
systems components.XXXXXXXXXA3.6.0
S3.5.0
S3.13.0(A3.6.0) Procedures exist to restrict physical access to
the defined system including, but not limited to, facilities,
backup media, and other system components such as firewalls,
routers, and servers.
(S3.5.0) Procedures exist to protect against infection by
computer viruses, malicious code, and unauthorized software.
(S3.13.0) Procedures exist to provide that only authorized,
tested, and documented changes are made to the system.G.1
I.2G.2.13, G.20.2,G.20.4, G.20.5, G.7, G.7.1, G.12.11, H.2.16,
I.2.22.1, I.2.22.3, I.2.22.6, I.2.23RM-05NoneNIST SP 800-53
R3 CM-1
NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-7
NIST SP 800-53 R3 CM-8
NIST SP 800-53 R3 SA-6
NIST SP 800-53 R3 SA-7
NIST SP 800-53 R3 SI-1
NIST SP 800-53 R3 SI-3NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-2 (1)
40. Commandment #5
Commandment #11CM-1
CM-2
CM-3
CM-5
CM-7
CM-8
CM-9
SA-6
SA-7
SI-1
SI-3
SI-4
SI-7Change Control & Configuration Management
Production ChangesCCC-05Policies and procedures shall be
established, and supporting IT governance and service
management-related business processes implemented, for
managing the risks associated with applying changes to
business-critical or customer (tenant) impacting (physical and
virtual) application and system-system interface (API) designs
and configurations, as well as infrastructure network and
systems components. Technical measures shall be implemented
to provide assurance that, prior to deployment, all changes
directly correspond to a registered change request, business-
critical or customer (tenant) impacting risk analysis, validation
of expected outcome in staged environment, pre-authorization
by appropriate management, and notification to, and/or
authorization by, the customer (tenant) as per agreement
(SLA).XXXXXXXXXXXA3.16.0
S3.13.0(A3.16.0, S3.13.0) Procedures exist to provide that only
authorized, tested, and documented changes are made to the
system.I.2.17, I.2.20, I.2.22RM-02A16.1
A17.6None6.03. (a)NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-6
NIST SP 800-53 R3 CA-7
NIST SP 800-53 R3 CM-2
42. CM-3
CM-5
CM-6
CM-9
PL-2
PL-5
SI-2
SI-6
SI-71.1.1
6.3.2
6.4
6.1Data Security & Information Lifecycle Managment
ClassificationDSI-01Data and objects containing data shall be
assigned a classification based on data type, jurisdiction of
origin, jurisdiction domiciled, context, legal constraints,
contractual constraints, value, sensitivity, criticality to the
organization, third-party obligation for retention, and
prevention of unauthorized disclosure or
misuse.XXXXXXXXXXS3.8.0
C3.14.0(S3.8.0) Procedures exist to classify data in accordance
with classification policies and periodically monitor and update
such classifications as necessary.
(C3.14.0) Procedures exist to provide that system data are
classified in accordance with the defined confidentiality and
related security policies.D.1.3, D.2.2DG-02PO 2.3
DS 11.6Domain 56.04.03. (a)NIST SP 800-53 R3 RA-2NIST SP
800-53 R3 RA-2
NIST SP 800-53 R3 AC-41.2.3
1.2.6
4.1.2
8.2.1
8.2.5
43. 8.2.6A.7.2.1Commandment #9CIP-003-3 - R4 - R5RA-2
AC-49.7.1
9.10
12.3Data Security & Information Lifecycle Management
Data Inventory / FlowsDSI-02Policies and procedures shall be
established, and supporting business processes and technical
measures implemented, to inventory, document, and maintain
data flows for data that is resident (permanently or temporarily)
within the service's geographically distributed (physical and
virtual) applications and infrastructure network and systems
components and/or shared with other third parties to ascertain
any regulatory, statutory, or supply chain agreement (SLA)
compliance impact, and to address any other business risks
associated with the data. Upon request, provider shall inform
customer (tenant) of compliance impact and risk, especially if
customer data is used as part of the services.--Domain 56.10. (a)
6.10. (b)
6.10. (c)
6.10. (d)
6.10. (e)NIST SP 800-53 R3 SC-30Data Security & Information
Lifecycle Management
eCommerce TransactionsDSI-03Data related to electronic
commerce (e-commerce) that traverses public networks shall be
appropriately classified and protected from fraudulent activity,
unauthorized disclosure, or modification in such a manner to
prevent contract dispute and compromise of
data.XXXXXXXS3.6
I13.3.a-e
44. I3.4.0(S3.6) Encryption or other equivalent security techniques
are used to protect transmissions of user authentication and
other confidential information passed over the Internet or other
public networks.
(I13.3.a-e) The procedues related to completeness, accuracy,
timeliness, and authorization of system processing, including
error correction and database management, are consistent with
documented system processing integrity policies.
(I3.4.0) The procedures related to completeness, accuracy,
timeliness, and authorization of outputs are consistent with the
documented system processing integrity policiies.G.4
G.11
G.16
G.18
I.3
I.4G.19.1.1, G.19.1.2, G.19.1.3, G.10.8, G.9.11, G.14,
G.15.1IS-28DS 5.10 5.11Domain 2NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 AC-2
NIST SP 800-53 R3 AC-22
NIST SP 800-53 R3 AU-1NIST SP 800-53 R3 AC-22
NIST SP 800-53 R3 AU-10
NIST SP 800-53 R3 AU-10 (5)
NIST SP 800-53 R3 SC-8
NIST SP 800-53 R3 SC-8 (1)
NIST SP 800-53 R3 SC-9
NIST SP 800-53 R3 SC-9 (1)3.2.4
4.2.3
7.1.2
7.2.1
7.2.2
8.2.1
8.2.545 CFR 164.312(e)(1)
45 CFR 164.312(e)(2)(i)A.7.2.1
45. A.10.6.1
A.10.6.2
A.10.9.1
A.10.9.2
A.15.1.4Commandment #4
Commandment #5
Commandment #9
Commandment #10
Commandment #11AC-14
AC-21
AC-22
IA-8
AU-10
SC-4
SC-8
SC-92.1.1
4.1
4.1.1
4.2Data Security & Information Lifecycle Management
Handling / Labeling / Security PolicyDSI-04Policies and
procedures shall be established for labeling, handling, and the
security of data and objects which contain data. Mechanisms for
label inheritance shall be implemented for objects that act as
aggregate containers for data.XXXXXXXXXXS3.2.a(S3.2.a) a.
Logical access security measures to restrict access to
information resources not deemed to be public.G.13D.2.2DG-
03PO 2.3
DS 11.6Domain 56.03.05. (b)NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 MP-1
NIST SP 800-53 R3 PE-1
NIST SP 800-53 R3 PE-16
NIST SP 800-53 R3 SI-1
NIST SP 800-53 R3 SI-12NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 AC-16
NIST SP 800-53 R3 MP-1
NIST SP 800-53 R3 MP-3
46. NIST SP 800-53 R3 PE-16
NIST SP 800-53 R3 SC-9
NIST SP 800-53 R3 SC-9 (1)
NIST SP 800-53 R3 SI-1
NIST SP 800-53 R3 SI-121.1.2
5.1.0
7.1.2
8.1.0
8.2.5
8.2.6A.7.2.2
A.10.7.1
A.10.7.3
A.10.8.1Commandment #8
Commandment #9
Commandment #10CIP-003-3 - R4 - R4.1AC-16
MP-1
MP-3
PE-16
SI-12
SC-99.5
9.6
9.7.1
9.7.2
9.10Data Security & Information Lifecycle Management
Information LeakageDSI-05Security mechanisms shall be
implemented to prevent data leakage.XXXXXXXXXC3.5.0
S3.4.0(C3.5.0) The system procedures provide that confidential
information is disclosed to parties only in accordance with the
entity’s defined confidentiality and related security policies.
(S3.4.0) Procedures exist to protect against unauthorized access
to system resources.I.2.18DG-07DS 11.6Domain 5NIST SP 800-
53 R3 AC-1
48. AC-11
AU-13
PE-19
SC-28
SA-8
SI-71.2
6.5.5
11.1
11.2
11.3
11.4
A.1Data Security & Information Lifecycle Management
Non-Production DataDSI-06Production data shall not be
replicated or used in non-production
environments.XXXXXXXC3.5.0
S3.4.0
C3.21.0(C3.5.0) The system procedures provide that
confidential information is disclosed to parties only in
accordance with the entity’s defined confidentiality and related
security policies.
(S3.4.0) Procedures exist to protect against unauthorized access
to system resources.
(C3.21.0) Procedures exist to provide that confidential
information is protected during the system development, testing,
and change processes in accordance with defined system
confidentiality and related security policies.I.2.18DG-06Domain
56.03. (d)NIST SP 800-53 R3 SA-11
NIST SP 800-53 R3 SA-11 (1)1.2.645 CFR
164.308(a)(4)(ii)(B)A.7.1.3
49. A.10.1.4
A.12.4.2
A.12.5.1Commandment #9
Commandment #10
Commandment #11CIP-003-3 - R6SA-11
CM-046.4.3Data Security & Information Lifecycle Management
Ownership / StewardshipDSI-07All data shall be designated
with stewardship, with assigned responsibilities defined,
documented, and communicated.XXXXXXXXXS2.2.0
S2.3.0
S3.8.0(S2.2.0) The security obligations of users and the entity’s
security commitments to users are communicated to authorized
users.
(S2.3.0) Responsibility and accountability for the entity’s
system security policies and changes and updates to those
policies are communicated to entity personnel responsible for
implementing them.
(S3.8.0) Procedures exist to classify data in accordance with
classification policies and periodically monitor and update such
classifications as necessaryC.2.5.1, C.2.5.2, D.1.3, L.7DG-
01DS5.1
PO 2.3Domain 5NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 SA-2NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
50. NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 SA-26.2.145 CFR 164.308 (a)(2)A.6.1.3
A.7.1.2
A.15.1.4Commandment #6
Commandment #10CIP-007-3 - R1.1 - R1.2CA-2
PM-5
PS-2
RA-2
SA-2Data Security & Information Lifecycle Management
Secure DisposalDSI-08Policies and procedures shall be
established, and supporting business processes and technical
measures implemented, for the secure disposal and complete
removal of data from all storage media, ensuring data is not
recoverable by any computer forensic
means.XXXXXXXXXC3.5.0
S3.4.0(C3.5.0) The system procedures provide that confidential
information is disclosed to parties only in accordance with the
entity’s defined confidentiality and related security policies.
(S3.4.0) Procedures exist to protect against unauthorized access
to system resources.D.2.2.10, D.2.2.11, D.2.2.14,37 (B)DG-
05DS 11.4Domain 56.03. (h)NIST SP 800-53 R3 MP-6
NIST SP 800-53 R3 PE-1NIST SP 800-53 R3 MP-6
NIST SP 800-53 R3 MP-6 (4)
NIST SP 800-53 R3 PE-15.1.0
5.2.345 CFR 164.310 (d)(2)(i)
45 CFR 164.310 (d)(2)(ii)A.9.2.6
A.10.7.2Commandment #11CIP-007-3 - R7 - R7.1 - R7.2
R7.3MP-6
PE-13.1.1
9.10
9.10.1
51. 9.10.2
3.1Datacenter Security
Asset ManagementDCS-01Assets must be classified in terms of
business criticality in support of dynamic and distributed
physical and virtual computing environments, service-level
expectations, and operational continuity requirements. A
complete inventory of business-critical assets located at all sites
and/or geographical locations and their usage over time shall be
maintained and updated regularly (or in real-time), and assigned
ownership supported by defined roles and responsibilities,
including those assets used, owned, or managed by customers
(tenants).S3.1.0
C3.14.0
S1.2.b-c(S3.1.0) Procedures exist to (1) identify potential
threats of disruption to systems operation that would impair
system security commitments and (2) assess the risks associated
with the identified threats.
(C3.14.0) Procedures exist to provide that system data are
classified in accordance with the defined confidentiality and
related security policies.
(S1.2.b-c) b. Classifying data based on its criticality and
sensitivity and that classification is used to define protection
requirements, access rights and access restrictions, and
retention and destruction policies.
c. Assessing risks on a periodic basis.FS-08Domain 8Datacenter
Security
Controlled Access PointsDCS-02Physical security perimeters
52. (e.g., fences, walls, barriers, guards, gates, electronic
surveillance, physical authentication mechanisms, reception
desks, and security patrols) shall be implemented to safeguard
sensitive data and information systems.XXXXXA3.6.0(A3.6.0)
Procedures exist to restrict physical access to the defined
system including, but not limited to, facilities, backup media,
and other system components such as firewalls, routers, and
servers.F.2F.1.2.3, F.1.2.4, F.1.2.5, F.1.2.6, F.1.2.8, F.1.2. 9,
F.1.2.10, F.1.2.11, F.1.2.12, F.1.2.13, F.1.2.14, F.1.2.15,
F.1.2.24, F.1.3, F.1.4.2, F1.4.6, F.1.4.7, F.1.6, F.1.7,F.1.8,
F.2.13, F.2.14, F.2.15, F.2.16, F.2.17, F.2.187 (B)FS-03DS 12.2
DS 12.3Domain 86.08. (a)
6.09. (i)NIST SP 800-53 R3 PE-2
NIST SP 800-53 R3 PE-3
NIST SP 800-53 R3 PE-6
NIST SP 800-53 R3 PE-7
NIST SP 800-53 R3 PE-8NIST SP 800-53 R3 PE-2
NIST SP 800-53 R3 PE-3
NIST SP 800-53 R3 PE-6
NIST SP 800-53 R3 PE-6 (1)
NIST SP 800-53 R3 PE-7
NIST SP 800-53 R3 PE-7 (1)
NIST SP 800-53 R3 PE-8
NIST SP 800-53 R3 PE-188.2.3A.9.1.1
A.9.1.2Commandment #1
Commandment #2
Commandment #3
Commandment #5CIP-006-3c R1.2 - R1.3 - R1.4 - R1.6 - R1.6.1
- R2 - R2.2PE-2
PE-3
PE-6
PE-7
PE-8
PE-189.1
9.1.1
9.1.2
53. 9.1.3
9.2Datacenter Security
Equipment IdentificationDCS-03Automated equipment
identification shall be used as a method of connection
authentication. Location-aware technologies may be used to
validate connection authentication integrity based on known
equipment location.XXXXXS3.2.a(S3.2.a) a. Logical access
security measures to restrict access to information resources not
deemed to be public.D.1D.1.1, D.1.3SA-13DS5.7Domain
106.05. (a)NIST SP 800-53 R3 IA-4NIST SP 800-53 R3 IA-3
NIST SP 800-53 R3 IA-4
NIST SP 800-53 R3 IA-4 (4)A.11.4.3Commandment #1
Commandment #2
Commandment #3
Commandment #5
Commandment #8IA-3
IA-4Datacenter Security
Off-Site AuthorizationDCS-04Authorization must be obtained
prior to relocation or transfer of hardware, software, or data to
an offsite premises.XXXXXXXXS3.2.f
C3.9.0(S3.2.f) f. Restriction of access to offline storage, backup
data, systems, and media.
(C3.9.0) Procedures exist to restrict physical access to the
defined system including, but not limited to: facilities, backup
media, and other system components such as firewalls, routers,
and servers.F.2.18, F.2.19,FS-06Domain 86.08. (a)
6.09. (j)NIST SP 800-53 R3 AC-17
NIST SP 800-53 R3 MA-1
NIST SP 800-53 R3 PE-1
NIST SP 800-53 R3 PE-16NIST SP 800-53 R3 AC-17
NIST SP 800-53 R3 AC-17 (1)
NIST SP 800-53 R3 AC-17 (2)
NIST SP 800-53 R3 AC-17 (3)
54. NIST SP 800-53 R3 AC-17 (4)
NIST SP 800-53 R3 AC-17 (5)
NIST SP 800-53 R3 AC-17 (7)
NIST SP 800-53 R3 AC-17 (8)
NIST SP 800-53 R3 MA-1
NIST SP 800-53 R3 PE-1
NIST SP 800-53 R3 PE-16
NIST SP 800-53 R3 PE-1745 CFR 164.310 (c )
45 CFR 164.310 (d)(1)
45 CFR 164.310 (d)(2)(i)A.9.2.5
A.9.2.6Commandment #4
Commandment #5
Commandment #11AC-17
MA-1
PE-1
PE-16
PE-179.8
9.9
9.10Datacenter Security
Off-Site EquipmentDCS-05Policies and procedures shall be
established, and supporting business processes implemented, for
the use and secure disposal of equipment maintained and used
outside the organization's
premise.XXXXXXXXXXXXS3.4(S3.4) Procedures exist to
protect against unauthorized access to system
resources.D.1D.1.1, D.2.1. D.2.2,FS-07Domain 86.05. (a)
6.05. (b)
6.05. (c)NIST SP 800-53 R3 CM-8NIST SP 800-53 R3 CM-8
NIST SP 800-53 R3 CM-8 (1)
NIST SP 800-53 R3 CM-8 (3)
NIST SP 800-53 R3 CM-8 (5)
NIST SP 800-53 R3 SC-3045 CFR 164.310 (d)(2)(iii)A.7.1.1
A.7.1.2Commandment #6
Commandment #7
Commandment #8CM-89.9.1
12.3.3
55. 12.3.4Datacenter Security
PolicyDCS-06Policies and procedures shall be established, and
supporting business processes implemented, for maintaining a
safe and secure working environment in offices, rooms,
facilities, and secure areas.XXXA3.6.0(A3.6.0) Procedures exist
to restrict physical access to the defined system including, but
not limited to, facilities, backup media, and other system
components such as firewalls, routers, and servers.H.6F.1.2.3,
F.1.2.4, F.1.2.5, F.1.2.6, F.1.2.8, F.1.2. 9, F.1.2.10, F.1.2.11,
F.1.2.12, F.1.2.13, F.1.2.14, F.1.2.15, F.1.2.24, F.1.4.2, F1.4.6,
F.1.4.7, F.1.7, F.1.8, F.2.13, F.2.14, F.2.15, F.2.16, F.2.17,
F.2.187 (B)FS-01Domain 86.08. (a)
6.09. (i)NIST SP 800-53 R3 PE-2
NIST SP 800-53 R3 PE-3
NIST SP 800-53 R3 PE-6NIST SP 800-53 R3 PE-2
NIST SP 800-53 R3 PE-3
NIST SP 800-53 R3 PE-4
NIST SP 800-53 R3 PE-5
NIST SP 800-53 R3 PE-6
NIST SP 800-53 R3 PE-6 (1)8.2.1
8.2.2
8.2.345 CFR 164.310(a)(1)
45 CFR 164.310(a)(2)(ii)
45 CFR 164.310(b)
45 CFR 164.310 ( c) (New)A.9.1.1
A.9.1.2Commandment #1
Commandment #2
Commandment #3
Commandment #5CIP-006-3c R1.2 - R1.3 - R1.4 -R2 - R2.2PE-
2
PE-3
PE-4
PE-5
PE-69.1Datacenter Security - Secure Area AuthorizationDCS-
07Ingress and egress to secure areas shall be constrained and
monitored by physical access control mechanisms to ensure that
56. only authorized personnel are allowed
access.XXXXXXXXXXA3.6.0(A3.6.0) Procedures exist to
restrict physical access to the defined system including, but not
limited to, facilities, backup media, and other system
components such as firewalls, routers, and servers.F.2F.1.2.3,
F.1.2.4, F.1.2.5, F.1.2.6, F.1.2.8, F.1.2. 9, F.1.2.10, F.1.2.11,
F.1.2.12, F.1.2.13, F.1.2.14, F.1.2.15, F.1.2.24, F.1.3, F.1.4.2,
F1.4.6, F.1.4.7, F.1.6, F.1.7,F.1.8, F.2.13, F.2.14, F.2.15,
F.2.16, F.2.17, F.2.187 (B)FS-04DS 12.3Domain 86.08. (a)
6.09. (i)NIST SP 800-53 R3 PE-7
NIST SP 800-53 R3 PE-16NIST SP 800-53 R3 PE-7
NIST SP 800-53 R3 PE-7 (1)
NIST SP 800-53 R3 PE-16
NIST SP 800-53 R3 PE-188.2.3A.9.1.6Commandment #1
Commandment #2
Commandment #3
Commandment #5CIP-006-3c R1.2 - R1.3 - R1.4PE-7
PE-16
PE-18Datacenter Security
Unauthorized Persons EntryDCS-08Ingress and egress points
such as service areas and other points where unauthorized
personnel may enter the premises shall be monitored, controlled
and, if possible, isolated from data storage and processing
facilities to prevent unauthorized data corruption, compromise,
and loss.XXXXXXXXA3.6.0(A3.6.0) Procedures exist to
restrict physical access to the defined system including, but not
limited to, facilities, backup media, and other system
components such as firewalls, routers, and
servers.G.21F.2.18FS-05Domain 86.08. (a)
6.09. (j)NIST SP 800-53 R3 MA-1
NIST SP 800-53 R3 MA-2
NIST SP 800-53 R3 PE-16NIST SP 800-53 R3 MA-1
NIST SP 800-53 R3 MA-2
NIST SP 800-53 R3 MA-2 (1)
NIST SP 800-53 R3 PE-168.2.5
8.2.645 CFR 164.310 (d)(1)A.9.2.7
57. A.10.1.2Commandment #6
Commandment #7MA-1
MA-2
PE-169.8
9.9Datacenter Security
User AccessDCS-09Physical access to information assets and
functions by users and support personnel shall be
restricted.XXXXXA3.6.0(A3.6.0) Procedures exist to restrict
physical access to the defined system including, but not limited
to, facilities, backup media, and other system components such
as firewalls, routers, and servers.F.2F.1.2.3, F.1.2.4, F.1.2.5,
F.1.2.6, F.1.2.8, F.1.2. 9, F.1.2.10, F.1.2.11, F.1.2.12, F.1.2.13,
F.1.2.14, F.1.2.15, F.1.2.24, F.1.3, F.1.4.2, F1.4.6, F.1.4.7,
F.1.6, F.1.7,F.1.8, F.2.13, F.2.14, F.2.15, F.2.16, F.2.17,
F.2.187 (B)
10 (B)FS-02DS 12.3Domain 86.08. (a)
6.09. (i)NIST SP 800-53 R3 PE-2
NIST SP 800-53 R3 PE-3
NIST SP 800-53 R3 PE-6NIST SP 800-53 R3 PE-2
NIST SP 800-53 R3 PE-3
NIST SP 800-53 R3 PE-6
NIST SP 800-53 R3 PE-6 (1)
NIST SP 800-53 R3 PE-188.2.3A.9.1.1Commandment #1
Commandment #2
Commandment #3
Commandment #5CIP-006-3c R1.2 - R1.3 - R1.4 - R1.6 - R1.6.1
- R2 - R2.2PE-2
PE-3
PE-6
PE-189.1Encryption & Key Management
EntitlementEKM-01All entitlement decisions shall be derived
from the identities of the entities involved. These shall be
managed in a corporate identity management system.
Keys must have identifiable owners (binding keys to identities)
and there shall be key management policies.Encryption & Key
58. Management
Key GenerationEKM-02Policies and procedures shall be
established, and supporting business processes and technical
measures implemented, for the management of cryptographic
keys in the service's cryptosystem (e.g., lifecycle management
from key generation to revocation and replacement, public key
infrastructure, cryptographic protocol design and algorithms
used, access controls in place for secure key generation, and
exchange and storage including segregation of keys used for
encrypted data or sessions). Upon request, provider shall inform
the customer (tenant) of changes within the cryptosystem,
especially if the customer (tenant) data is used as part of the
service, and/or the customer (tenant) has some shared
responsibility over implementation of the
control.XXXXXXXXXS3.6.0
S3.4(S3.6.0) Encryption or other equivalent security techniques
are used to protect transmissions of user authentication and
other confidential information passed over the Internet or other
public networks.
(S3.4) Procedures exist to protect against unauthorized access to
system resources.L.638 (B)
39 (C+)IS-19DS5.8Domain 26.04.04. (a)
6.04.04. (b)
6.04.04. (c)
6.04.04. (d)
6.04.04. (e)
6.04.05. (d)
6.04.05. (e)
6.04.08.02. (b)NIST SP 800-53 R3 SC-12
NIST SP 800-53 R3 SC-13NIST SP 800-53 R3 SC-12
NIST SP 800-53 R3 SC-12 (2)
59. NIST SP 800-53 R3 SC-12 (5)
NIST SP 800-53 R3 SC-13
NIST SP 800-53 R3 SC-13 (1)
NIST SP 800-53 R3 SC-178.1.1
8.2.1
8.2.545 CFR 164.312 (a)(2)(iv)
45 CFR 164.312(e)(1)Clause 4.3.3
A.10.7.3
A.12.3.2
A.15.1.6Commandment #9
Commandment #10
Commandment #11SC-12
SC-13
SC-17
SC-283.4.1
3.5
3.5.1
3.5.2
3.6
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8Encryption & Key Management
Sensitive Data ProtectionEKM-03Policies and procedures shall
be established, and supporting business processes and technical
measures implemented, for the use of encryption protocols for
protection of sensitive data in storage (e.g., file servers,
databases, and end-user workstations) and data in transmission
(e.g., system interfaces, over public networks, and electronic
messaging) as per applicable legal, statutory, and regulatory
compliance obligations.XXXXXXXXXXC3.12.0
S3.6.0
60. S3.4(C3.12.0, S3.6.0) Encryption or other equivalent security
techniques are used to protect transmissions of user
authentication and other confidential information passed over
the Internet or other public networks.
(S3.4) Procedures exist to protect against unauthorized access to
system resources.G.4
G.15
I.3G.10.4, G.11.1, G.11.2, G.12.1, G.12.2, G.12.4, G.12.10,
G.14.18, G.14.19, G.16.2, G.16.18, G.16.19, G.17.16, G.17.17,
G.18.13, G.18.14, G.19.1.1, G.20.1423 (B)
24 (B)
25 (B)IS-18DS5.8
DS5.10
DS5.11Domain 26.04.05. (a)
6.04.05. (c)NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 AC-18
NIST SP 800-53 R3 IA-7
NIST SP 800-53 R3 SC-1
NIST SP 800-53 R3 SC-7
NIST SP 800-53 R3 SC-13NIST SP 800-53 R3 AC-18
NIST SP 800-53 R3 AC-18 (1)
NIST SP 800-53 R3 AC-18 (2)
NIST SP 800-53 R3 IA-7
NIST SP 800-53 R3 SC-7
NIST SP 800-53 R3 SC-7 (4)
NIST SP 800-53 R3 SC-8
NIST SP 800-53 R3 SC-8 (1)
NIST SP 800-53 R3 SC-9
NIST SP 800-53 R3 SC-9 (1)
NIST SP 800-53 R3 SC-13
NIST SP 800-53 R3 SC-13 (1)
NIST SP 800-53 R3 SC-23
61. NIST SP 800-53 R3 SC-28
NIST SP 800-53 R3 SI-88.1.1
8.2.1
8.2.545 CFR 164.312 (a)(2)(iv)
45 CFR 164.312 (e)(1)
45 CFR 164.312 (e)(2)(ii)A.10.6.1
A.10.8.3
A.10.8.4
A.10.9.2
A.10.9.3
A.12.3.1
A.15.1.3
A.15.1.4Commandment #4
Commandment #5
Commandment #9
Commandment #10
Commandment #11CIP-003-3 - R4.2AC-18
IA-3
IA-7
SC-7
SC-8
SC-9
SC-13
SC-16
SC-23
SI-82.1.1
3.4
3.4.1
4.1
4.1.1
4.2Encryption & Key Management
Storage and AccessEKM-04Strong encryption (e.g., AES-256)
in open/validated formats and standard algorithms shall be
required. Keys shall not be stored in the cloud (i.e. at the cloud
provider in question), but maintained by the cloud consumer or
trusted key management provider. Key management and key
62. usage shall be separated duties.--Domain 11Governance and
Risk Management
Baseline RequirementsGRM-01Baseline security requirements
shall be established for developed or acquired, organizationally-
owned or managed, physical or virtual, applications and
infrastructure system and network components that comply with
applicable legal, statutory and regulatory compliance
obligations. Deviations from standard baseline configurations
must be authorized following change management policies and
procedures prior to deployment, provisioning, or use.
Compliance with security baseline requirements must be
reassessed at least annually unless an alternate frequency has
been established and established and authorized based on
business need.XXXXXXXXXXXS1.1.0
S1.2.0(a-i)(S1.1.0) The entity’s security policies are established
and periodically reviewed and approved by a designated
individual or group.
(S1.2.0(a-i)) The entity's security policies include, but may not
be limited to, the following matters:L.2L.2, L.5, L.7 L.8, L.9,
L.1012 (B)
14 (B)
13 (B)
15 (B)
16 (C+, A+)
21 (B)IS-04AI2.1
AI2.2
AI3.3
DS2.3
DS11.6Domain 26.03.01. (a)
6.03.04. (a)
6.03.04. (b)
6.03.04. (c)
64. across applications, databases, servers, and network
infrastructure
• Compliance with defined retention periods and end-of-life
disposal requirements
• Data classification and protection from unauthorized use,
access, loss, destruction, and
falsificationXXXXXXXXXXS3.1.0
C3.14.0
S1.2.b-c(S3.1.0) Procedures exist to (1) identify potential
threats of disruption to systems operation that would impair
system security commitments and (2) assess the risks associated
with the identified threats.
(C3.14.0) Procedures exist to provide that system data are
classified in accordance with the defined confidentiality and
related security policies.
(S1.2.b-c) b. Classifying data based on its criticality and
sensitivity and that classification is used to define protection
requirements, access rights and access restrictions, and
retention and destruction policies.
c. Assessing risks on a periodic basis.L.4, L.5, L.6, L.734
(B)DG-08PO 9.1
PO 9.2
PO 9.4
DS 5.7Domain 56.01. (d)
6.04.03. (a)NIST SP 800-53 R3 CA-3
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 RA-3
65. NIST SP 800-53 R3 SI-12NIST SP 800-53 R3 CA-3
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 RA-3
NIST SP 800-53 R3 SI-121.2.4
8.2.145 CFR 164.308(a)(1)(ii)(A)
45 CFR 164.308(a)(8)Clause 4.2.1 c) & g)
Clause 4.2.3 d)
Clause 4.3.1 & 4.3.3
Clause 7.2 & 7.3
A.7.2
A.15.1.1
A.15.1.3
A.15.1.4Commandment #1
Commandment #2
Commandment #3
Commandment #6
Commandment #7
Commandment #9
Commandment #10
Commandment #11CA-3
RA-2
RA-3
MP-8
PM-9
SI-1212.1
12.1.2Governance and Risk Management
Management OversightGRM-03Managers are responsible for
maintaining awareness of, and complying with, security
policies, procedures and standards that are relevant to their area
of responsibility.XXXXXXS1.2.f
S2.3.0(S1.2.f) f. Assigning responsibility and accountability for
system availability, confidentiality, processing integrity and
related security.
66. (S2.3.0) Responsibility and accountability for the entity’s
system security policies and changes and updates to those
policies are communicated to entity personnel responsible for
implementing them.E.1E.45 (B)
65 (B)IS-14DS5.3
DS5.4
DS5.5Domain 3, 9NIST SP 800-53 R3 AT-2
NIST SP 800-53 R3 AT-3
NIST SP 800-53 R3 AT-4
NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-5
NIST SP 800-53 R3 CA-6
NIST SP 800-53 R3 CA-7NIST SP 800-53 R3 AT-2
NIST SP 800-53 R3 AT-3
NIST SP 800-53 R3 AT-4
NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-5
NIST SP 800-53 R3 CA-6
NIST SP 800-53 R3 CA-7
NIST SP 800-53 R3 CA-7 (2)1.1.2
8.2.1Clause 5.2.2
A.8.2.1
A.8.2.2
A 11.2.4
A.15.2.1Commandment #6
Commandment #7
Commandment #8AT-2
AT-3
CA-1
CA-5
CA-6
CA-7
PM-1012.6.1
12.6.2Governance and Risk Management
Management ProgramGRM-04An Information Security
67. Management Program (ISMP) shall be developed, documented,
approved, and implemented that includes administrative,
technical, and physical safeguards to protect assets and data
from loss, misuse, unauthorized access, disclosure, alteration,
and destruction. The security program shall include, but not be
limited to, the following areas insofar as they relate to the
characteristics of the business:
• Risk management
• Security policy
• Organization of information security
• Asset management
• Human resources security
• Physical and environmental security
• Communications and operations management
• Access control
• Information systems acquisition, development, and
maintenanceXXXXXXXXXXXXx1.2.(x1.2.) The entity’s
system [availability, processing integrity, confidentiality and
related] security policies include, but may not be limited to, the
following matters:A.1, B.12 (B)
3 (B)
5 (B)IS-01R2 DS5.2
R2 DS5.5Domain 28.2.145 CFR 164.308(a)(1)(i)
45 CFR 164.308(a)(1)(ii)(B)
45 CFR 164.316(b)(1)(i)
45 CFR 164.308(a)(3)(i) (New)
45 CFR 164.306(a) (New)Clause 4.2
Clause 5
A.6.1.1
A.6.1.2
A.6.1.3
A.6.1.4
A.6.1.5
A.6.1.6
A.6.1.7
A.6.1.8Commandment #1
68. Commandment #2CIP-001-1a - R1 - R2
CIP-003-3 - R1 - R1.1 - R4
CIP-006-3c R1PM-1
PM-2
PM-3
PM-4
PM-5
PM-6
PM-7
PM-8
PM-9
PM-10
PM-1112.1
12.2Governance and Risk Management
Management Support/InvolvementGRM-05Executive and line
management shall take formal action to support information
security through clearly-documented direction and commitment,
and shall ensure the action has been
assigned.XXXXXS1.3.0(S1.3.0) Responsibility and
accountability for developing and maintaining the entity’s
system security policies, and changes and updates to those
policies, are assigned.
The entity has prepared an objective description of the system
and its boundaries and communicated such description to
authorized users
The security obligations of users and the entity’s security
commitments to users are communicated to authorized
users.C.15 (B)IS-02DS5.1Domain 2NIST SP 800-53 R3 CM-
1NIST SP 800-53 R3 CM-18.2.145 CFR 164.316 (b)(2)(ii)
45 CFR 164.316 (b)(2)(iii)Clause 5
A.6.1.1Commandment #3
Commandment #6CIP-003-3 - R1 - R1.1CM-1
PM-1
PM-1112.5Governance and Risk Management
69. PolicyGRM-06Information security policies and procedures
shall be established and made readily available for review by all
impacted personnel and external business relationships.
Information security policies must be authorized by the
organization's business leadership (or other accountable
business role or function) and supported by a strategic business
plan and an information security management program inclusive
of defined information security roles and responsibilities for
business leadership.XXXXXXS1.1.0
S1.3.0
S2.3.0(S1.1.0) The entity's security policies are established and
periodically reviewed and approved by a designated individual
or group.
(S1.3.0) Responsibility and accountability for developing and
maintaining the entity’s system security policies, and changes
and updates to those policies, are assigned.
(S2.3.0) Responsibility and accountability for the entity's
system security policies and changes and updates to those
policies are communicated to entity personnel responsible for
implementing them.B.1IS-03DS5.2Domain 26.02. (e)NIST SP
800-53 R3 AC-1
NIST SP 800-53 R3 AT-1
NIST SP 800-53 R3 AU-1
NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 IA-1
NIST SP 800-53 R3 IR-1
NIST SP 800-53 R3 MA-1
71. IR-1
MA-1
MP-1
MP-1
PE-1
PL-1
PS-1
SA-1
SC-1
SI-112.1
12.2Governance and Risk Management
Policy EnforcementGRM-07A formal disciplinary or sanction
policy shall be established for employees who have violated
security policies and procedures. Employees shall be made
aware of what action might be taken in the event of a violation,
and disciplinary measures must be stated in the policies and
procedures.XXXXXXS3.9
S2.4.0(S3.9) Procedures exist to provide that issues of
noncompliance with security policies are promptly addressed
and that corrective measures are taken on a timely basis.
(S2.4.0) The security obligations of users and the entity’s
security commitments to users are communicated to authorized
users.B.1.5IS-06PO 7.7Domain 2NIST SP 800-53 R3 PL-4
NIST SP 800-53 R3 PS-1
NIST SP 800-53 R3 PS-8NIST SP 800-53 R3 PL-4
NIST SP 800-53 R3 PS-1
NIST SP 800-53 R3 PS-810.2.445 CFR 164.308
(a)(1)(ii)(C)A.8.2.3Commandment #6
Commandment #7PL-4
PS-1
PS-8Governance and Risk Management
Policy Impact on Risk AssessmentsGRM-08Risk assessment
75. AT-1
AU-1
CA-1
CM-1
CP-1
IA-1
IA-5
IR-1
MA-1
MP-1
PE-1
PL-1
PM-1
PS-1
RA-1
SA-1
SC-1
SI-112.1.3Governance and Risk Management
Risk AssessmentsGRM-10Aligned with the enterprise-wide
framework, formal risk assessments shall be performed at least
annually or at planned intervals, to determine the likelihood and
impact of all identified risks using qualitative and quantitative
methods. The likelihood and impact associated with inherent
and residual risk shall be determined independently, considering
all risk categories (e.g., audit results, threat and vulnerability
analysis, and regulatory compliance).XXXXXXXXXXXXS3.1
x3.1.0
76. S4.3.0(S3.1) Procedures exist to (1) identify potential threats of
disruption to systems operation that would impair system
security commitments and (2) assess the risks associated with
the identified threats.
(x3.1.0) Procedures exist to (1) identify potential threats of
disruptions to systems operation that would impair system
[availability, processing integrity, confidenitality] commitments
and (2) assess the risks associated with the identified threats.
(S4.3.0) Environmental, regulatory, and technological changes
are monitored, and their effect on system availability,
confidentiality of data, processing integrity, and system
security is assessed on a timely basis; policies are updated for
that assessment.I.1
I.4C.2.1, I.4.1, I.5, G.15.1.3, I.346 (B)
74 (B)RI-02PO 9.4Domain 2, 46.03. (a)
6.08. (a)NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 RA-1
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 RA-3NIST SP 800-53 R3 RA-1
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 RA-3
NIST SP 800-53 R3 SC-301.2.4
1.2.545 CFR 164.308 (a)(1)(ii)(A)Clause 4.2.1 c) through g)
Clause 4.2.3 d)
Clause 5.1 f)
Clause 7.2 & 7.3
A.6.2.1
A.12.5.2
A.12.6.1
A.14.1.2
A.15.1.1
A.15.2.1
A.15.2.2CIP-002-3 - R1.1 - R1.2
CIP-005-3a - R1 - R1.2
77. CIP-009-3 - R.1.1PL-5
RA-2
RA-312.1.2Governance and Risk Management
Risk Management FrameworkGRM-11Organizations shall
develop and maintain an enterprise risk management framework
to mitigate risk to an acceptable level.XXXXXXXXXXXXS3.1
x3.1.0(S3.1) Procedures exist to (1) identify potential threats of
disruption to systems operation that would impair system
security commitments and (2) assess the risks associated with
the identified threats.
(x3.1.0) Procedures exist to (1) identify potential threats of
disruptions to systems operation that would impair system
[availability, processing integrity, confidenitality] commitments
and (2) assess the risks associated with the identified
threats.L.2A.1, L.1RI-01PO 9.1Domain 2, 4NIST SP 800-53 R3
AC-1
NIST SP 800-53 R3 AT-1
NIST SP 800-53 R3 AU-1
NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-6
NIST SP 800-53 R3 CA-7
NIST SP 800-53 R3 PL-1
NIST SP 800-53 R3 RA-1
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 RA-3NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 AT-1
NIST SP 800-53 R3 AU-1
NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-6
NIST SP 800-53 R3 CA-7
NIST SP 800-53 R3 PL-1
78. NIST SP 800-53 R3 RA-1
NIST SP 800-53 R3 RA-2
NIST SP 800-53 R3 RA-3
NIST SP 800-53 R3 SA-9 (1)
NIST SP 800-53 R3 SC-30
NIST SP 800-53 R3 SI-4
NIST SP 800-53 R3 SI-4 (2)
NIST SP 800-53 R3 SI-4 (4)
NIST SP 800-53 R3 SI-4 (5)
NIST SP 800-53 R3 SI-4 (6)
NIST SP 800-53 R3 CM-11.2.445 CFR 164.308 (a)(8)
45 CFR 164.308(a)(1)(ii)(B)Clause 4.2.1 c) through g)
Clause 4.2.2 b)
Clause 5.1 f)
Clause 7.2 & 7.3
A.6.2.1
A.12.6.1
A.14.1.2
A.15.2.1
A.15.2.2CIP-009-3 - R4AC-4
CA-2
CA-6
PM-9
RA-112.1.2Governance and Risk Management
Risk Mitigation / AcceptanceGRM-12Risks shall be mitigated to
an acceptable level. Acceptance levels based on risk criteria
shall be established and documented in accordance with
reasonable resolution time frames and executive
approval.XXXXXXXXXXXXS3.1
x3.1.0(S3.1) Procedures exist to (1) identify potential threats of
disruption to systems operation that would impair system
security commitments and (2) assess the risks associated with
79. the identified threats.
(x3.1.0) Procedures exist to (1) identify potential threats of
disruptions to systems operation that would impair system
[availability, processing integrity, confidenitality] commitments
and (2) assess the risks associated with the identified threats.I.4
L.2I.3, L.9, L.1043 (C+, A+)RI-03PO 9.5Domain 2, 4NIST SP
800-53 R3 CA-5
NIST SP 800-53 R3 CP-1
NIST SP 800-53 R3 RA-1NIST SP 800-53 R3 CA-5
NIST SP 800-53 R3 CP-1
NIST SP 800-53 R3 RA-145 CFR 164.308 (a)(1)(ii)(B)Clause
4.2.1 c) through g)
Clause 4.2.2 b)
Clause 4.3.1
Clause 5.1 f)
Clause 7.3
A.6.2.1
A.12.5.2
A.12.6.1
A.15.1.1
A.15.2.1
A.15.2.2CIP-009-3 - R1.2CA-5
CM-4Human Resources
Asset ReturnsHRS-01Upon termination of workforce personnel
and/or expiration of external business relationships, all
organizationally-owned assets shall be returned within an
established period.XXXXXXXXXXXXS3.4(S3.4) Procedures
exist to protect against unauthorized access to system
resources.D.1E.6.4IS-27Domain 2NIST SP 800-53 R3 PS-
4NIST SP 800-53 R3 PS-45.2.3
7.2.2
8.2.1
8.2.645 CFR 164.308 (a)(3)(ii)(C)A.7.1.1
A.7.1.2
A.8.3.2PS-4Human Resources
80. Background ScreeningHRS-02Pursuant to local laws,
regulations, ethics, and contractual constraints, all employment
candidates, contractors, and third parties shall be subject to
background verification proportional to the data classification
to be accessed, the business requirements, and acceptable
risk.XXXXXXXS3.11.0(S3.11.0) Procedures exist to help
ensure that personnel responsible for the design, development,
implementation, and operation of systems affecting
confidentiality and security have the qualifications and
resources to fulfill their responsibilities.E.2E.263 (B)HR-01PO
7.6None6.01. (a)NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 PS-3NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 PS-31.2.9A.8.1.2Commandment #2
Commandment #3
Commandment #6
Commandment #9CIP-004-3 - R2.2PS-2
PS-312.7
12.8.3Human Resources
Employment AgreementsHRS-03Employment agreements shall
incorporate provisions and/or terms for adherence to established
information governance and security policies and must be
signed by newly hired or on-boarded workforce personnel (e.g.,
full or part-time employee or contingent staff) prior to granting
workforce personnel user access to corporate facilities,
resources, and assets.XXXXXXXXXXXXS2.2.0(S2.2.0) The
security obligations of users and the entity's security
commitments to users are communicated to authorized
usersC.1E.3.566 (B)HR-02DS 2.1NoneNIST SP 800-53 R3 PS-1
NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 PS-7NIST SP 800-53 R3 PS-1
NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 PS-71.2.9
8.2.645 CFR 164.310(a)(1)
45 CFR 164.308(a)(4)(i)A.6.1.5
81. A.8.1.3Commandment #6
Commandment #7PL-4
PS-6
PS-712.4
12.8.2Human Resources
Employment TerminationHRS-04Roles and responsibilities for
performing employment termination or change in employment
procedures shall be assigned, documented, and
communicated.XXXXXXS3.2.d
S3.8.e(S3.2.d) Procedures exist to restrict logical access to the
system and information resources maintained in the system
including, but not limited to, the following matters:
d. The process to make changes and updates to user profiles
(S3.8.e) e. Procedures to prevent customers, groups of
individuals, or other entities from accessing confidential
information other than their ownE.6HR-03PO 7.8NoneNIST SP
800-53 R3 PS-2
NIST SP 800-53 R3 PS-4
NIST SP 800-53 R3 PS-5
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 PS-8NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 PS-4
NIST SP 800-53 R3 PS-5
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 PS-88.2.2
10.2.545 CFR 164.308 (a)(3)(ii)(C)A.8.3.1Commandment #6
Commandment #7PS-4
PS-5Human Resources
Industry Knowledge / BenchmarkingHRS-05Industry security
knowledge and benchmarking through networking, specialist
82. security forums, and professional associations shall be
maintained.XXXXXXS4.3.0(S4.3.0) Environmental, regulatory,
and technological changes are monitored, and their effect on
system availability, confidentiality, processing integrity and
security is assessed on a timely basis; policies are updated for
that assessment.C.1.864 (B)IS-12Domain 2NIST SP 800-53 R3
SI-5NIST SP 800-53 R3 SI-5A.6.1.7Commandment #1
Commandment #2
Commandment #3AT-5
SI-5Human Resources
Mobile Device ManagementHRS-06Policies and procedures
shall be established, and supporting business processes and
technical measures implemented, to manage business risks
associated with permitting mobile device access to corporate
resources and may require the implementation of higher
assurance compensating controls and acceptable-use policies
and procedures (e.g., mandated security training, stronger
identity, entitlement and access controls, and device
monitoring).XXXXXXXXXXXXS3.4(S3.4) Procedures exist to
protect against unauthorized access to system resources.G.11,
G12, G.20.13, G.20.14IS-32DS5.11
DS5.5Domain 2NIST SP 800-53 R3 AC-17
NIST SP 800-53 R3 AC-18
NIST SP 800-53 R3 AC-19
NIST SP 800-53 R3 MP-2
NIST SP 800-53 R3 MP-6NIST SP 800-53 R3 AC-17
NIST SP 800-53 R3 AC-17 (1)
NIST SP 800-53 R3 AC-17 (2)
NIST SP 800-53 R3 AC-17 (3)
NIST SP 800-53 R3 AC-17 (4)
NIST SP 800-53 R3 AC-17 (5)
NIST SP 800-53 R3 AC-17 (7)
NIST SP 800-53 R3 AC-17 (8)
NIST SP 800-53 R3 AC-18
NIST SP 800-53 R3 AC-18 (1)
NIST SP 800-53 R3 AC-18 (2)
83. NIST SP 800-53 R3 AC-19
NIST SP 800-53 R3 AC-19 (1)
NIST SP 800-53 R3 AC-19 (2)
NIST SP 800-53 R3 AC-19 (3)
NIST SP 800-53 R3 MP-2
NIST SP 800-53 R3 MP-2 (1)
NIST SP 800-53 R3 MP-4
NIST SP 800-53 R3 MP-4 (1)
NIST SP 800-53 R3 MP-6
NIST SP 800-53 R3 MP-6 (4)1.2.6
3.2.4
8.2.645 CFR 164.310 (d)(1)A.7.2.1
A.10.7.1
A.10.7.2
A.10.8.3
A.11.7.1
A.11.7.2
A.15.1.4AllCIP-007-3 - R7.1AC-17
AC-18
AC-19
MP-2
MP-4
MP-69.7
9.7.2
9.8
9.9
11.1
12.3Human Resources
Non-Disclosure AgreementsHRS-07Requirements for non-
disclosure or confidentiality agreements reflecting the
organization's needs for the protection of data and operational
details shall be identified, documented, and reviewed at planned
intervals.XXXXXXXS4.1.0(S4.1.0) The entity’s system
availability, confidentiality, processing integrity and security
performance is periodically reviewed and compared with the
defined system availability and related security
84. policies.C.2.5LG-01Domain 3NIST SP 800-53 R3 PL-4
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 SA-9NIST SP 800-53 R3 PL-4
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 SA-9
NIST SP 800-53 R3 SA-9 (1)1.2.5ISO/IEC 27001:2005
Annex A.6.1.5Commandment #6
Commandment #7
Commandment #8
Commandment #9PL-4
PS-6
SA-912.8.2
12.8.3
12.8.4Human Resources
Roles / ResponsibilitiesHRS-08Roles and responsibilities of
contractors, employees, and third-party users shall be
documented as they relate to information assets and
security.XXXXXXXXXXXXS1.2.f(S1.2.f) f. Assigning
responsibility and accountability for system availability,
confidentiality, processing integrity and related
security.B.1B.1.5, D.1.1,D.1.3.3, E.1, F.1.1, H.1.1, K.1.25
(B)IS-13DS5.1Domain 2NIST SP 800-53 R3 PL-4
NIST SP 800-53 R3 PS-1
NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 PS-7NIST SP 800-53 R3 PL-4
NIST SP 800-53 R3 PS-1
NIST SP 800-53 R3 PS-2
NIST SP 800-53 R3 PS-6
NIST SP 800-53 R3 PS-71.2.9
8.2.1Clause 5.1 c)
A.6.1.2
A.6.1.3
A.8.1.1Commandment #6
Commandment #7
Commandment #8AT-3
85. PL-4
PM-10
PS-1
PS-6
PS-7Human Resources
Technology Acceptable UseHRS-09Policies and procedures
shall be established, and supporting business processes and
technical measures implemented, for defining allowances and
conditions for permitting usage of organizationally-owned or
managed user end-point devices (e.g., issued workstations,
laptops, and mobile devices) and IT infrastructure network and
systems components. Additionally, defining allowances and
conditions to permit usage of personal mobile devices and
associated applications with access to corporate resources (i.e.,
BYOD) shall be considered and incorporated as
appropriate.XXXXXXXXS1.2
S3.9(S1.2) The entity’s security policies include, but may not
be limited to, the following matters:
(S3.9) Procedures exist to provide that issues of noncompliance
with security policies are promptly addressed and that
corrective measures are taken on a timely basis.B.3B.1.7,
D.1.3.3, E.3.2, E.3.5.1, E.3.5.2IS-26DS 5.3Domain 2NIST SP
800-53 R3 AC-2
NIST SP 800-53 R3 AC-8
NIST SP 800-53 R3 AC-20
NIST SP 800-53 R3 PL-4NIST SP 800-53 R3 AC-8
NIST SP 800-53 R3 AC-20
NIST SP 800-53 R3 AC-20 (1)
NIST SP 800-53 R3 AC-20 (2)
NIST SP 800-53 R3 PL-48.1.045 CFR 164.310
(b)A.7.1.3Commandment #1
Commandment #2
Commandment #3AC-8
86. AC-20
PL-412.3.5Human Resources
Training / AwarenessHRS-10A security awareness training
program shall be established for all contractors, third-party
users, and employees of the organization and mandated when
appropriate. All individuals with access to organizational data
shall receive appropriate awareness training and regular updates
in organizational procedures, processes, and policies relating to
their professional function relative to the
organization.XXXXXXXXXXXXS1.2.k
S2.2.0(S1.2.k) The entity's security policies include, but may
not be limited to, the following matters:
k. Providing for training and other resources to support its
system security policies
(S2.2.0) The security obligations of users and the entity’s
security commitments to users are communicated to authorized
users.E.1E.465 (B)IS-11PO 7.4Domain 26.01. (c)
6.02. (e)NIST SP 800-53 R3 AT-1
NIST SP 800-53 R3 AT-2
NIST SP 800-53 R3 AT-3
NIST SP 800-53 R3 AT-4NIST SP 800-53 R3 AT-1
NIST SP 800-53 R3 AT-2
NIST SP 800-53 R3 AT-3
NIST SP 800-53 R3 AT-41.2.10
8.2.145 CFR 164.308 (a)(5)(i)
45 CFR 164.308 (a)(5)(ii)(A)Clause 5.2.2
A.8.2.2Commandment #3
Commandment #6CIP-004-3 - R1 - R2 - R2.1AT-1
AT-2
AT-3
AT-412.6
87. 12.6.1
12.6.2Human Resources
User ResponsibilityHRS-11All personnel shall be made aware
of their roles and responsibilities for:
• Maintaining awareness and compliance with established
policies and procedures and applicable legal, statutory, or
regulatory compliance obligations.
• Maintaining a safe and secure working
environmentXXXXXXXXXXXXS2.3.0(S2.3.0) Responsibility
and accountability for the entity’s system availability,
confidentiality, processing integrity and security policies and
changes and updates to those policies are communicated to
entity personnel responsible for implementing them.E.1E.465
(B)
66 (B)IS-16PO 4.6Domain 2NIST SP 800-53 R3 AT-2
NIST SP 800-53 R3 AT-3
NIST SP 800-53 R3 AT-4
NIST SP 800-53 R3 PL-4NIST SP 800-53 R3 AT-2
NIST SP 800-53 R3 AT-3
NIST SP 800-53 R3 AT-4
NIST SP 800-53 R3 PL-41.2.10
8.2.145 CFR 164.308 (a)(5)(ii)(D)Clause 5.2.2
A.8.2.2
A.11.3.1
A.11.3.2Commandment #5 Commandment #6
Commandment #7AT-2
AT-3
AT-4
PL-48.5.7
12.6.1Human Resources
WorkspaceHRS-12Policies and procedures shall be established
to require that unattended workspaces do not have openly
visible (e.g., on a desktop) sensitive documents and user
computing sessions had been disabled after an established
period of inactivity.XXXXXXXXS3.3.0
88. S3.4.0(S3.3.0) Procedures exist to restrict physical access to the
defined system including, but not limited to, facilities, backup
media, and other system components such as firewalls, routers,
and servers.
(S3.4.0) Procedures exist to protect against unauthorized access
to system resources.E.1E.4IS-17Domain 2NIST SP 800-53 R3
MP-1
NIST SP 800-53 R3 MP-2NIST SP 800-53 R3 AC-11
NIST SP 800-53 R3 MP-1
NIST SP 800-53 R3 MP-2
NIST SP 800-53 R3 MP-2 (1)
NIST SP 800-53 R3 MP-3
NIST SP 800-53 R3 MP-4
NIST SP 800-53 R3 MP-4 (1)8.2.3Clause 5.2.2
A.8.2.2
A.9.1.5
A.11.3.1
A.11.3.2
A.11.3.3Commandment #5 Commandment #6
Commandment #7
Commandment #11AC-11
MP-2
MP-3
MP-4Identity & Access Management
Audit Tools AccessIAM-01Access to, and use of, audit tools
that interact with the organization's information systems shall
be appropriately segmented and restricted to prevent
compromise and misuse of log
data.XXXXXXXXXXS3.2.g(S3.2.g) g. Restriction of access to
system configurations, superuser functionality, master
passwords, powerful utilities, and security devices (for
example, firewalls).IS-29DS 5.7Domain 26.03. (i)
89. 6.03. (j)NIST SP 800-53 R3 AU-9NIST SP 800-53 R3 AU-9
NIST SP 800-53 R3 AU-9 (2)8.2.1A.15.3.2Commandment #2
Commandment #5
Commandment #11CIP-003-3 - R5.2AU-9
AU-11
AU-1410.5.5Identity & Access Management
Credential Lifecycle / Provision ManagementIAM-02User
access policies and procedures shall be established, and
supporting business processes and technical measures
implemented, for ensuring appropriate identity, entitlement, and
access management for all internal corporate and customer
(tenant) users with access to data and organizationally-owned or
managed (physical and virtual) application interfaces and
infrastructure network and systems components. These policies,
procedures, processes, and measures must incorporate the
following:
• Procedures and supporting roles and responsibilities for
provisioning and de-provisioning user account entitlements
following the rule of least privilege based on job function (e.g.,
internal employee and contingent staff personnel changes,
customer-controlled access, suppliers' business relationships, or
other third-party business relationships)
• Business case considerations for higher levels of assurance
and multi-factor authentication secrets (e.g., management
interfaces, key generation, remote access, segregation of duties,
emergency access, large-scale provisioning or geographically-
distributed deployments, and personnel redundancy for critical
systems)
• Access segmentation to sessions and data in multi-tenant
architectures by any third party (e.g., provider and/or other
customer (tenant))
• Identity trust verification and service-to-service application
(API) and information processing interoperability (e.g., SSO
and federation)
• Account credential lifecycle management from instantiation
through revocation
90. • Account credential and/or identity store minimization or re-
use when feasible
• Authentication, authorization, and accounting (AAA) rules
for access to data and sessions (e.g., encryption and
strong/multi-factor, expireable, non-shared authentication
secrets)
• Permissions and supporting capabilities for customer (tenant)
controls over authentication, authorization, and accounting
(AAA) rules for access to data and sessions
• Adherence to applicable legal, statutory, or regulatory
compliance requirementsXXXXXXXXXXXS3.2.0(S3.2.0)
Procedures exist to restrict logical access to the defined system
including, but not limited to, the following matters:
c. Registration and authorization of new users.
d. The process to make changes to user profiles.
g. Restriction of access to system configurations, superuser
functionality, master passwords, powerful utilities, and security
devices (for example, firewalls).B.1B.1.8, B.1.21, B.1.28,
E.6.2, H.1.1, K.1.4.5,8 (B)
40 (B)
41 (B)
42 (B)
43 (B)
44 (C+)IS-07DS 5.4Domain 26.01. (b)
6.01. (d)
6.02. (e)
6.03. (b)
6.03.04. (b)
6.03.04. (c)
6.03.05. (b)
6.03.05. (d)
6.03.06. (b)
6.04.01. (c)
6.04.01. (f)
6.04.02. (a)
6.04.02. (b)
92. 2NIST SP 800-53 R3 CM-7
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 MA-5NIST SP 800-53 R3 CM-7
NIST SP 800-53 R3 CM-7 (1)
NIST SP 800-53 R3 MA-3
NIST SP 800-53 R3 MA-3 (1)
NIST SP 800-53 R3 MA-3 (2)
NIST SP 800-53 R3 MA-3 (3)
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 MA-4 (1)
NIST SP 800-53 R3 MA-4 (2)
NIST SP 800-53 R3 MA-5A.10.6.1
A.11.1.1
A.11.4.4
A.11.5.4Commandment #3
Commandment #4
Commandment #5
Commandment #6
Commandment #7
Commandment #8CIP-007-3 - R2CM-7
MA-3
MA-4
MA-59.1.2Identity & Access Management
Policies and ProceduresIAM-04Policies and procedures shall be
established to store and manage identity information about
every person who accesses IT infrastructure and to determine
their level of access. Policies shall also be developed to control
access to network resources based on user identity.--Domain
12Identity & Access Management
Segregation of DutiesIAM-05User access policies and
procedures shall be established, and supporting business
processes and technical measures implemented, for restricting
user access as per defined segregation of duties to address
business risks associated with a user-role conflict of
interest.XXXXXXXXXXXS3.2.a(S3.2.a) a. Logical access
security measures to restrict access to information resources not