framework-mcp 2.4.2 → 2.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1016,7 +1016,7 @@ export class SafeguardManager {
1016
1016
  title: "Establish and Maintain a Data Management Process",
1017
1017
  description: "Establish and maintain a documented data management process. In the process, address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
1018
1018
  implementationGroup: "IG1",
1019
- assetType: ["data"],
1019
+ assetType: ["Data"],
1020
1020
  securityFunction: ["Govern"],
1021
1021
  governanceElements: [
1022
1022
  "Establish",
@@ -1024,20 +1024,15 @@ export class SafeguardManager {
1024
1024
  "Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
1025
1025
  ],
1026
1026
  coreRequirements: [
1027
- "documented data management process",
1028
- "address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise"
1027
+ "documented data management process"
1029
1028
  ],
1030
1029
  subTaxonomicalElements: [
1031
- "Documented Data management process",
1032
1030
  "Data Sensitivity",
1033
1031
  "Data Owner",
1034
1032
  "Data Handling",
1035
1033
  "Data Retention Limits",
1036
1034
  "Disposal Requirements",
1037
- "Retention Standards",
1038
- "Review and update documentation",
1039
- "Annually",
1040
- "When significant enterprise changes occur that could impact this Safeguard"
1035
+ "Retention Standards"
1041
1036
  ],
1042
1037
  implementationSuggestions: [ // Gray - Implementation suggestions
1043
1038
  ],
@@ -1093,7 +1088,7 @@ export class SafeguardManager {
1093
1088
  title: "Establish and Maintain a Data Inventory",
1094
1089
  description: "Establish and maintain a data inventory based on the enterprise's data management process. Inventory sensitive data, at a minimum. Review and update inventory annually, at a minimum, with a priority on sensitive data.",
1095
1090
  implementationGroup: "IG1",
1096
- assetType: ["data"],
1091
+ assetType: ["Data"],
1097
1092
  securityFunction: ["Identify"],
1098
1093
  governanceElements: [
1099
1094
  "Establish",
@@ -1101,16 +1096,11 @@ export class SafeguardManager {
1101
1096
  "Review and update inventory annually, at a minimum, with a priority on sensitive data"
1102
1097
  ],
1103
1098
  coreRequirements: [
1104
- "data inventory based on the enterprise's data management process",
1105
- "inventory sensitive data, at a minimum"
1099
+ "data inventory"
1106
1100
  ],
1107
1101
  subTaxonomicalElements: [
1108
- "Data Inventory",
1109
1102
  "Based on Data Management process",
1110
- "Sensitive Data at a Minimum",
1111
- "Review and update inventory",
1112
- "Annually, at a minimum",
1113
- "Priority on sensitive data"
1103
+ "Sensitive Data at a Minimum"
1114
1104
  ],
1115
1105
  implementationSuggestions: [ // Gray - Implementation suggestions
1116
1106
  ],
@@ -1166,14 +1156,13 @@ export class SafeguardManager {
1166
1156
  title: "Configure Data Access Control Lists",
1167
1157
  description: "Configure data access control lists based on a user's need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.",
1168
1158
  implementationGroup: "IG1",
1169
- assetType: ["data"],
1159
+ assetType: ["Data"],
1170
1160
  securityFunction: ["Protect"],
1171
1161
  governanceElements: [
1172
- "Configure",
1173
- "Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications"
1162
+ "Configure"
1174
1163
  ],
1175
1164
  coreRequirements: [
1176
- "data access control lists based on a user's need to know"
1165
+ "data access control lists"
1177
1166
  ],
1178
1167
  subTaxonomicalElements: [
1179
1168
  "Data Access control lists",
@@ -1238,7 +1227,7 @@ export class SafeguardManager {
1238
1227
  title: "Enforce Data Retention",
1239
1228
  description: "Retain data according to the enterprise's documented data management process. Data retention must include both minimum and maximum timelines.",
1240
1229
  implementationGroup: "IG1",
1241
- assetType: ["data"],
1230
+ assetType: ["Data"],
1242
1231
  securityFunction: ["Protect"],
1243
1232
  governanceElements: [
1244
1233
  "Retain",
@@ -1251,7 +1240,6 @@ export class SafeguardManager {
1251
1240
  ],
1252
1241
  subTaxonomicalElements: [
1253
1242
  "Data Retention",
1254
- "Must Include",
1255
1243
  "Minimum Timelines",
1256
1244
  "Maximum timelines"
1257
1245
  ],
@@ -1309,19 +1297,17 @@ export class SafeguardManager {
1309
1297
  title: "Securely Dispose of Data",
1310
1298
  description: "Securely dispose of data as outlined in the enterprise's data management process. Ensure the disposal process and method are commensurate with the data sensitivity.",
1311
1299
  implementationGroup: "IG1",
1312
- assetType: ["data"],
1300
+ assetType: ["Data"],
1313
1301
  securityFunction: ["Protect"],
1314
1302
  governanceElements: [
1315
- "Securely dispose of data",
1303
+ "Disposal process and method are commensurate with the data sensitivity",
1316
1304
  "Ensure"
1317
1305
  ],
1318
1306
  coreRequirements: [
1319
- "as outlined in the enterprise's data management process",
1320
- "the disposal process and method are commensurate with the data sensitivity"
1307
+ "Securely Dispose of Data"
1321
1308
  ],
1322
1309
  subTaxonomicalElements: [
1323
- "Securely dispose of data",
1324
- "Disposal process and method are commensurate with the data sensitivity"
1310
+ "Securely dispose of Data"
1325
1311
  ],
1326
1312
  implementationSuggestions: [ // Gray - Implementation suggestions
1327
1313
  ],
@@ -1377,17 +1363,17 @@ export class SafeguardManager {
1377
1363
  title: "Encrypt Data on End-User Devices",
1378
1364
  description: "Encrypt data on end-user devices containing sensitive data. Example implementations can include: Windows BitLocker®, Apple FileVault®, Linux® dm-crypt.",
1379
1365
  implementationGroup: "IG1",
1380
- assetType: ["data"],
1366
+ assetType: ["Data"],
1381
1367
  securityFunction: ["Protect"],
1382
1368
  governanceElements: [
1383
1369
  "Encrypt"
1384
1370
  ],
1385
1371
  coreRequirements: [
1386
- "data on end-user devices containing sensitive data"
1372
+ "data on end-user devices"
1387
1373
  ],
1388
1374
  subTaxonomicalElements: [
1389
1375
  "Data on end-user devices",
1390
- "Sensitive data"
1376
+ "that contain Sensitive data"
1391
1377
  ],
1392
1378
  implementationSuggestions: [
1393
1379
  "Windows Bitlocker",
@@ -1446,7 +1432,7 @@ export class SafeguardManager {
1446
1432
  title: "Establish and Maintain a Data Classification Scheme",
1447
1433
  description: "Establish and maintain an overall data classification scheme for the enterprise. Enterprises may use labels, such as \"Sensitive,\" \"Confidential,\" and \"Public,\" and classify their data according to those labels. Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard.",
1448
1434
  implementationGroup: "IG2",
1449
- assetType: ["data"],
1435
+ assetType: ["Data"],
1450
1436
  securityFunction: ["Identify"],
1451
1437
  governanceElements: [
1452
1438
  "Establish",
@@ -1454,15 +1440,10 @@ export class SafeguardManager {
1454
1440
  "Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard"
1455
1441
  ],
1456
1442
  coreRequirements: [
1457
- "overall data classification scheme for the enterprise",
1458
- "classify their data according to those labels"
1443
+ "data classification scheme"
1459
1444
  ],
1460
1445
  subTaxonomicalElements: [
1461
- "Data classification scheme",
1462
- "Classify their data according to labels",
1463
- "Review and update classification scheme",
1464
- "Annually",
1465
- "When significant enterprise changes occur that could impact this Safeguard"
1446
+ "Classify their data according to labels"
1466
1447
  ],
1467
1448
  implementationSuggestions: [
1468
1449
  "Sensitive",
@@ -1521,27 +1502,19 @@ export class SafeguardManager {
1521
1502
  title: "Document Data Flows",
1522
1503
  description: "Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise's data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
1523
1504
  implementationGroup: "IG2",
1524
- assetType: ["data"],
1505
+ assetType: ["Data"],
1525
1506
  securityFunction: ["Identify"],
1526
1507
  governanceElements: [
1527
- "Document data flows",
1528
- "Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
1508
+ "Document data flows"
1529
1509
  ],
1530
1510
  coreRequirements: [
1531
- "Data flow documentation includes service provider data flows and should be based on the enterprise's data management process"
1511
+ "Document Data Flows"
1532
1512
  ],
1533
1513
  subTaxonomicalElements: [
1534
- "Document data flows",
1535
1514
  "Enterprise Data Flows",
1536
- "Service Provider Data Flows",
1537
- "Review and update documentation",
1538
- "Annually",
1539
- "When significant enterprise changes occur that could impact this Safeguard"
1515
+ "Service Provider Data Flows"
1540
1516
  ],
1541
- implementationSuggestions: [
1542
- "Data management systems",
1543
- "Data flow mapping tools",
1544
- "Service provider documentation"
1517
+ implementationSuggestions: [ // Gray - Implementation suggestions
1545
1518
  ],
1546
1519
  relatedSafeguards: ["3.1", "3.2", "3.7", "3.9", "3.10", "3.11"],
1547
1520
  systemPromptFull: {
@@ -1595,16 +1568,16 @@ export class SafeguardManager {
1595
1568
  title: "Encrypt Data on Removable Media",
1596
1569
  description: "Encrypt Data on Removable Media",
1597
1570
  implementationGroup: "IG2",
1598
- assetType: ["data"],
1571
+ assetType: ["Data"],
1599
1572
  securityFunction: ["Protect"],
1600
1573
  governanceElements: [
1601
- "Encrypt Data on Removable Media"
1574
+ "Encrypt"
1602
1575
  ],
1603
- coreRequirements: [ // Green - The "what"
1576
+ coreRequirements: [
1577
+ "Encrypt Data on Removable Media"
1604
1578
  ],
1605
1579
  subTaxonomicalElements: [
1606
1580
  "Data on Removable Media",
1607
- "Maintain"
1608
1581
  ],
1609
1582
  implementationSuggestions: [ // Gray - Implementation suggestions
1610
1583
  ],
@@ -1660,13 +1633,13 @@ export class SafeguardManager {
1660
1633
  title: "Encrypt Sensitive Data in Transit",
1661
1634
  description: "Encrypt sensitive data in transit. Example implementations can include: Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).",
1662
1635
  implementationGroup: "IG2",
1663
- assetType: ["data"],
1636
+ assetType: ["Data"],
1664
1637
  securityFunction: ["Protect"],
1665
1638
  governanceElements: [
1666
1639
  "Encrypt"
1667
1640
  ],
1668
1641
  coreRequirements: [
1669
- "sensitive data in transit"
1642
+ "Encrypt sensitive data in transit"
1670
1643
  ],
1671
1644
  subTaxonomicalElements: [
1672
1645
  "Sensitive data in transit"
@@ -1727,23 +1700,21 @@ export class SafeguardManager {
1727
1700
  title: "Encrypt Sensitive Data at Rest",
1728
1701
  description: "Encrypt sensitive data at rest on servers, applications, and databases. Storage-layer encryption, also known as server-side encryption, meets the minimum requirement of this Safeguard. Additional encryption methods may include application-layer encryption, also known as client-side encryption, where access to the data storage device(s) does not permit access to the plain-text data.",
1729
1702
  implementationGroup: "IG2",
1730
- assetType: ["data"],
1703
+ assetType: ["Data"],
1731
1704
  securityFunction: ["Protect"],
1732
1705
  governanceElements: [
1733
1706
  "Encrypt",
1734
- "meets the minimum requirement of this Safeguard"
1707
+ "Minimum Requirement"
1735
1708
  ],
1736
1709
  coreRequirements: [
1737
- "sensitive data at rest on servers, applications, and databases",
1738
- "Storage-layer encryption, also known as server-side encryption"
1710
+ "Encrypt sensitive data at rest"
1739
1711
  ],
1740
1712
  subTaxonomicalElements: [
1741
- "Encrypt Sensitive Data At Rest",
1713
+ "Sensitive Data At Rest",
1742
1714
  "Servers",
1743
- "Software",
1715
+ "Applications",
1744
1716
  "Databases",
1745
- "Storage Layer (server side) encryption",
1746
- "Minimum Requirement"
1717
+ "Storage Layer (server side) encryption"
1747
1718
  ],
1748
1719
  implementationSuggestions: [
1749
1720
  "Application layer (client-side) encryption",
@@ -1801,19 +1772,17 @@ export class SafeguardManager {
1801
1772
  title: "Segment Data Processing and Storage Based on Sensitivity",
1802
1773
  description: "Segment data processing and storage based on the sensitivity of the data. Do not process sensitive data on enterprise assets intended for lower sensitivity data.",
1803
1774
  implementationGroup: "IG2",
1804
- assetType: ["data"],
1775
+ assetType: ["Data"],
1805
1776
  securityFunction: ["Protect"],
1806
1777
  governanceElements: [
1807
- "Segment data processing and storage based on the sensitivity of the data",
1808
1778
  "Do not process sensitive data on enterprise assets intended for lower sensitivity data"
1809
1779
  ],
1810
- coreRequirements: [ // Green - The "what"
1780
+ coreRequirements: [
1781
+ "Segment Data Processing",
1782
+ "Segment Data Storage",
1783
+ "Based on Sensitivity"
1811
1784
  ],
1812
- subTaxonomicalElements: [
1813
- "Based on the sensitivity of data",
1814
- "Segment data processing (compute)",
1815
- "Segment Storage",
1816
- "Do not process sensitive data on enterprise assets intended for lower sensitivity data"
1785
+ subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1817
1786
  ],
1818
1787
  implementationSuggestions: [ // Gray - Implementation suggestions
1819
1788
  ],
@@ -1869,17 +1838,15 @@ export class SafeguardManager {
1869
1838
  title: "Deploy a Data Loss Prevention Solution",
1870
1839
  description: "Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise's data inventory.",
1871
1840
  implementationGroup: "IG3",
1872
- assetType: ["data"],
1841
+ assetType: ["Data"],
1873
1842
  securityFunction: ["Protect"],
1874
1843
  governanceElements: [
1875
- "Implement",
1876
- "Update Data Inventory"
1844
+ "Implement"
1877
1845
  ],
1878
1846
  coreRequirements: [
1879
- "automated tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider"
1847
+ "automated tool to identify all sensitive data"
1880
1848
  ],
1881
1849
  subTaxonomicalElements: [
1882
- "Automated DLP Tool",
1883
1850
  "Identify all sensitive Data",
1884
1851
  "Stored",
1885
1852
  "Processed",
@@ -1943,19 +1910,15 @@ export class SafeguardManager {
1943
1910
  title: "Log Sensitive Data Access",
1944
1911
  description: "Log sensitive data access, including modification and disposal.",
1945
1912
  implementationGroup: "IG3",
1946
- assetType: ["data"],
1913
+ assetType: ["Data"],
1947
1914
  securityFunction: ["Detect"],
1948
1915
  governanceElements: [
1949
1916
  "Log"
1950
1917
  ],
1951
1918
  coreRequirements: [
1952
- "sensitive data access, including modification and disposal"
1919
+ "Log sensitive data access, including modification and disposal"
1953
1920
  ],
1954
- subTaxonomicalElements: [
1955
- "Sensitive Data access",
1956
- "Access",
1957
- "Modification",
1958
- "Disposal"
1921
+ subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1959
1922
  ],
1960
1923
  implementationSuggestions: [ // Gray - Implementation suggestions
1961
1924
  ],
@@ -2011,19 +1974,17 @@ export class SafeguardManager {
2011
1974
  title: "Establish and Maintain a Secure Configuration Process",
2012
1975
  description: "Establish and maintain a documented secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
2013
1976
  implementationGroup: "IG1",
2014
- assetType: ["end-user devices", "network devices", "IoT devices", "servers", "Software"],
1977
+ assetType: ["Docuemntation"],
2015
1978
  securityFunction: ["Govern"],
2016
1979
  governanceElements: [
2017
1980
  "Establish",
2018
1981
  "Maintain",
2019
- "Documented Secure Configuration Process",
2020
1982
  "Review and update documentation",
2021
1983
  "Annually",
2022
1984
  "When significant enterprise changes occur that could impact this Safeguard"
2023
1985
  ],
2024
1986
  coreRequirements: [
2025
- "documented secure configuration process for enterprise assets",
2026
- "documented secure configuration process for software"
1987
+ "documented secure configuration process"
2027
1988
  ],
2028
1989
  subTaxonomicalElements: [
2029
1990
  "Enterprise assets",
@@ -2033,12 +1994,9 @@ export class SafeguardManager {
2033
1994
  "Portable",
2034
1995
  "Non-computing/IoT devices",
2035
1996
  "Servers",
2036
- "OS",
2037
- "Software"
1997
+ "OS"
2038
1998
  ],
2039
- implementationSuggestions: [
2040
- "Secure Configuration Policy / Process",
2041
- "Configuration Management Tool"
1999
+ implementationSuggestions: [ // Gray - Implementation suggestions
2042
2000
  ],
2043
2001
  relatedSafeguards: ["1.1", "2.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8", "4.9", "4.10", "4.11", "4.12"],
2044
2002
  systemPromptFull: {
@@ -2092,25 +2050,22 @@ export class SafeguardManager {
2092
2050
  title: "Establish and Maintain a Secure Configuration Process for Network Infrastructure",
2093
2051
  description: "Establish and maintain a documented secure configuration process for network devices. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
2094
2052
  implementationGroup: "IG1",
2095
- assetType: ["network devices"],
2053
+ assetType: ["Documentation"],
2096
2054
  securityFunction: ["Govern"],
2097
2055
  governanceElements: [
2098
2056
  "Establish",
2099
2057
  "Maintain",
2100
- "Documented Secure Network Configuration Process",
2101
2058
  "Review and update documentation",
2102
2059
  "Annually",
2103
2060
  "When significant enterprise changes occur that could impact this Safeguard"
2104
2061
  ],
2105
2062
  coreRequirements: [
2106
- "documented secure configuration process for network devices"
2063
+ "documented secure configuration process"
2107
2064
  ],
2108
2065
  subTaxonomicalElements: [
2109
2066
  "Network devices"
2110
2067
  ],
2111
- implementationSuggestions: [
2112
- "Secure Configuration Policy / Process",
2113
- "Configuration Management Tool"
2068
+ implementationSuggestions: [ // Gray - Implementation suggestions
2114
2069
  ],
2115
2070
  relatedSafeguards: ["1.1", "2.1", "3.10", "4.1", "6.4", "8.1", "12.1", "12.2", "12.3", "12.4", "12.5", "13.3", "13.4", "13.6", "13.8", "13.9", "13.10"],
2116
2071
  systemPromptFull: {
@@ -2164,7 +2119,7 @@ export class SafeguardManager {
2164
2119
  title: "Configure Automatic Session Locking on Enterprise Assets",
2165
2120
  description: "Configure automatic session locking on enterprise assets after a defined period of inactivity. For general purpose operating systems, the period Must Not Exceed 15 minutes. For mobile end-user devices, the period must not exceed 2 minutes.",
2166
2121
  implementationGroup: "IG1",
2167
- assetType: ["devices"],
2122
+ assetType: ["Devices"],
2168
2123
  securityFunction: ["Protect"],
2169
2124
  governanceElements: [
2170
2125
  "Configure",
@@ -2172,18 +2127,14 @@ export class SafeguardManager {
2172
2127
  "Period must not exceed for 2 Minutes"
2173
2128
  ],
2174
2129
  coreRequirements: [
2175
- "automatic session locking on enterprise assets after a defined period of inactivity",
2176
- "general purpose operating systems",
2177
- "mobile end-user devices"
2130
+ "automatic session locking on enterprise assets"
2178
2131
  ],
2179
2132
  subTaxonomicalElements: [
2180
- "Automatic Session Locking",
2181
2133
  "Period of inactivity",
2182
2134
  "General Purpose OSs",
2183
2135
  "Mobile end-user devices"
2184
2136
  ],
2185
- implementationSuggestions: [
2186
- "Configuration Management Tool"
2137
+ implementationSuggestions: [ // Gray - Implementation suggestions
2187
2138
  ],
2188
2139
  relatedSafeguards: ["4.1"],
2189
2140
  systemPromptFull: {
@@ -2237,7 +2188,7 @@ export class SafeguardManager {
2237
2188
  title: "Implement and Manage a Firewall on Servers",
2238
2189
  description: "Implement and manage a firewall on servers, where supported. Example implementations include a virtual firewall, operating system firewall, or a third-party firewall agent.",
2239
2190
  implementationGroup: "IG1",
2240
- assetType: ["devices"],
2191
+ assetType: ["Devices"],
2241
2192
  securityFunction: ["Protect"],
2242
2193
  governanceElements: [
2243
2194
  "Implement",
@@ -2254,8 +2205,6 @@ export class SafeguardManager {
2254
2205
  "Virtual Firewall",
2255
2206
  "OS Firewall",
2256
2207
  "Third Party Firewall",
2257
- "Firewall",
2258
- "Configuration Management Tool"
2259
2208
  ],
2260
2209
  relatedSafeguards: ["4.1"],
2261
2210
  systemPromptFull: {
@@ -2309,21 +2258,18 @@ export class SafeguardManager {
2309
2258
  title: "Implement and Manage a Firewall on End-User Devices",
2310
2259
  description: "Implement and manage a host-based firewall or port-filtering tool on end-user devices, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.",
2311
2260
  implementationGroup: "IG1",
2312
- assetType: ["devices"],
2261
+ assetType: ["Devices"],
2313
2262
  securityFunction: ["Protect"],
2314
2263
  governanceElements: [
2315
2264
  "Implement",
2316
- "Manage",
2317
- "Default deny rule that drops all traffic",
2318
- "Except Explicitly Allowed"
2265
+ "Manage"
2319
2266
  ],
2320
2267
  coreRequirements: [
2321
2268
  "host-based firewall or port-filtering tool on end-user devices"
2322
2269
  ],
2323
2270
  subTaxonomicalElements: [
2324
- "Host-based Firewall",
2325
- "Port Filtering Tool",
2326
- "End User Devices",
2271
+ "Default Deny Rule that drops all traffic",
2272
+ "Except Explicitly Allowed",
2327
2273
  "Services",
2328
2274
  "Ports"
2329
2275
  ],
@@ -2383,7 +2329,7 @@ export class SafeguardManager {
2383
2329
  title: "Securely Manage Enterprise Assets and Software",
2384
2330
  description: "Securely manage enterprise assets and software. Example implementations include managing configuration through version-controlled- Infrastructure-as-Code (IaC) and accessing administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). Do not use insecure management protocols, such as Telnet (Teletype Network) and HTTP, unless operationally essential.",
2385
2331
  implementationGroup: "IG1",
2386
- assetType: ["devices", "Software"],
2332
+ assetType: ["Devices"],
2387
2333
  securityFunction: ["Protect"],
2388
2334
  governanceElements: [
2389
2335
  "Do not use insecure management protocols",
@@ -2393,16 +2339,14 @@ export class SafeguardManager {
2393
2339
  "Securely manage enterprise assets and software"
2394
2340
  ],
2395
2341
  subTaxonomicalElements: [
2396
- "Securely manage enterprise assets and software"
2342
+ "Securely manage enterprise assets and software",
2343
+ "Do not use insecure management protocols unless operationally essential"
2397
2344
  ],
2398
2345
  implementationSuggestions: [
2399
2346
  "Manage configuration through version-controlled Infrastructure-as-Code (IaC)",
2400
2347
  "Accessing administrative interfaces over secure network protocols",
2401
- "SSH",
2402
- "HTTPS",
2403
- "Telnet (Teletype Network)",
2404
- "HTTP",
2405
- "Configuration Management Tool"
2348
+ "SSH instead of TELNET",
2349
+ "HTTPS instead of HTTP",
2406
2350
  ],
2407
2351
  relatedSafeguards: ["4.1", "12.3"],
2408
2352
  systemPromptFull: {
@@ -2456,26 +2400,22 @@ export class SafeguardManager {
2456
2400
  title: "Manage Default Accounts on Enterprise Assets and Software",
2457
2401
  description: "Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.",
2458
2402
  implementationGroup: "IG1",
2459
- assetType: ["devices", "Software", "users"],
2403
+ assetType: ["Users"],
2460
2404
  securityFunction: ["Protect"],
2461
2405
  governanceElements: [
2462
2406
  "Manage"
2463
2407
  ],
2464
2408
  coreRequirements: [
2465
- "default accounts on enterprise assets and software"
2409
+ "default accounts"
2466
2410
  ],
2467
2411
  subTaxonomicalElements: [
2468
- "Default accounts",
2469
2412
  "Enterprise assets",
2470
- "Software",
2471
- "Root",
2472
- "Administrator",
2473
- "Other pre-configured vendor accounts"
2413
+ "Software"
2474
2414
  ],
2475
2415
  implementationSuggestions: [
2476
- "Disabling",
2477
- "Unusable",
2478
- "Configuration Management Tool"
2416
+ "Disabling them",
2417
+ "making them Unusable",
2418
+ "Root, Administrator, or other pre-configured vendor accounts"
2479
2419
  ],
2480
2420
  relatedSafeguards: ["4.1"],
2481
2421
  systemPromptFull: {
@@ -2529,25 +2469,23 @@ export class SafeguardManager {
2529
2469
  title: "Uninstall or Disable Unnecessary Services on Enterprise Assets and Software",
2530
2470
  description: "Uninstall or disable unnecessary services on enterprise assets and software, such as an unused file sharing service, web application module, or service function.",
2531
2471
  implementationGroup: "IG2",
2532
- assetType: ["devices", "Software"],
2472
+ assetType: ["Devices", "Software"],
2533
2473
  securityFunction: ["Protect"],
2534
2474
  governanceElements: [
2535
2475
  "Uninstall",
2536
2476
  "Disable"
2537
2477
  ],
2538
2478
  coreRequirements: [
2539
- "unnecessary services on enterprise assets and software"
2479
+ "unnecessary services"
2540
2480
  ],
2541
2481
  subTaxonomicalElements: [
2542
- "Unnecessary Services",
2543
2482
  "Enterprise assets",
2544
- "Software",
2545
- "Unused file sharing service",
2546
- "Web application module",
2547
- "Service function"
2483
+ "Software"
2548
2484
  ],
2549
2485
  implementationSuggestions: [
2550
- "Configuration Management Tool"
2486
+ "Unused File Sharing Services",
2487
+ "Web Application Module",
2488
+ "Service Function"
2551
2489
  ],
2552
2490
  relatedSafeguards: ["4.1"],
2553
2491
  systemPromptFull: {
@@ -2601,22 +2539,20 @@ export class SafeguardManager {
2601
2539
  title: "Configure Trusted DNS Servers on Enterprise Assets",
2602
2540
  description: "Configure trusted DNS servers on enterprise assets. Example implementations include: configuring assets to use enterprise-controlled DNS servers and/or reputable externally accessible DNS servers.",
2603
2541
  implementationGroup: "IG2",
2604
- assetType: ["devices"],
2542
+ assetType: ["Devices"],
2605
2543
  securityFunction: ["Protect"],
2606
2544
  governanceElements: [
2607
2545
  "Configure"
2608
2546
  ],
2609
2547
  coreRequirements: [
2610
- "trusted DNS servers on enterprise assets"
2548
+ "trusted DNS servers"
2611
2549
  ],
2612
2550
  subTaxonomicalElements: [
2613
- "Trusted DNS Servers",
2614
2551
  "Enterprise assets"
2615
2552
  ],
2616
2553
  implementationSuggestions: [
2617
2554
  "Configuring assets to use enterprise-controlled DNS servers",
2618
- "Reputable externally accessible DNS servers",
2619
- "Configuration Management Tool"
2555
+ "Reputable externally accessible DNS servers"
2620
2556
  ],
2621
2557
  relatedSafeguards: ["4.1", "8.6", "9.2"],
2622
2558
  systemPromptFull: {
@@ -2670,7 +2606,7 @@ export class SafeguardManager {
2670
2606
  title: "Enforce Automatic Device Lockout on Portable End-User Devices",
2671
2607
  description: "Enforce automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices, where supported. For laptops, do not allow more than 20 failed authentication attempts; for tablets and smartphones, no more than 10 failed authentication attempts. Example implementations include Microsoft® InTune Device Lock and Apple® Configuration Profile maxFailedAttempts.",
2672
2608
  implementationGroup: "IG2",
2673
- assetType: ["devices"],
2609
+ assetType: ["Devices"],
2674
2610
  securityFunction: ["Protect"],
2675
2611
  governanceElements: [
2676
2612
  "Enforce",
@@ -2679,14 +2615,13 @@ export class SafeguardManager {
2679
2615
  "No more than 10 Failed Authentication Attempts"
2680
2616
  ],
2681
2617
  coreRequirements: [
2682
- "automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices"
2618
+ "automatic device lockout"
2683
2619
  ],
2684
2620
  subTaxonomicalElements: [
2685
- "Automatic Device Lockout",
2686
- "Predetermined threshold of local failed authentication attempts",
2687
- "Portable end-user devices",
2688
- "Laptops",
2689
- "Tablets and smartphones"
2621
+ "After a Predetermined threshold of local failed authentication attempts",
2622
+ "On Portable end-user devices",
2623
+ "Such as Laptops",
2624
+ "Such as Tablets and smartphones"
2690
2625
  ],
2691
2626
  implementationSuggestions: [
2692
2627
  "Microsoft® InTune Device Lock",
@@ -2745,24 +2680,22 @@ export class SafeguardManager {
2745
2680
  title: "Enforce Remote Wipe Capability on Portable End-User Devices",
2746
2681
  description: "Remotely wipe enterprise data from enterprise-owned portable end-user devices when deemed appropriate such as lost or stolen devices, or when an individual no longer supports the enterprise.",
2747
2682
  implementationGroup: "IG2",
2748
- assetType: ["devices"],
2683
+ assetType: ["Devices"],
2749
2684
  securityFunction: ["Protect"],
2750
2685
  governanceElements: [
2751
2686
  "When deemed appropriate"
2752
2687
  ],
2753
2688
  coreRequirements: [
2754
- "Remotely wipe enterprise data from enterprise-owned portable end-user devices"
2689
+ "Remotely wipe enterprise data"
2755
2690
  ],
2756
2691
  subTaxonomicalElements: [
2757
- "Remotely Wipe enterprise data",
2758
- "Portable end-user devices",
2692
+ "Portable end-user devices"
2693
+ ],
2694
+ implementationSuggestions: [
2759
2695
  "Lost devices",
2760
2696
  "Stolen devices",
2761
2697
  "When an individual no longer supports the enterprise"
2762
2698
  ],
2763
- implementationSuggestions: [
2764
- "Configuration Management Tool"
2765
- ],
2766
2699
  relatedSafeguards: ["4.1"],
2767
2700
  systemPromptFull: {
2768
2701
  role: "Vendor Description Assistant and expert on CIS Controls",
@@ -2815,7 +2748,7 @@ export class SafeguardManager {
2815
2748
  title: "Separate Enterprise Workspaces on Mobile End-User Devices",
2816
2749
  description: "Ensure separate enterprise workspaces are used on mobile end-user devices, where supported. Example implementations include using an Apple® Configuration Profile or AndroidTM Work Profile to separate enterprise applications and data from personal applications and data.",
2817
2750
  implementationGroup: "IG3",
2818
- assetType: ["devices", "data"],
2751
+ assetType: ["Data"],
2819
2752
  securityFunction: ["Protect"],
2820
2753
  governanceElements: [
2821
2754
  "Ensure",
@@ -2825,17 +2758,12 @@ export class SafeguardManager {
2825
2758
  "separate enterprise workspaces are used on mobile end-user devices"
2826
2759
  ],
2827
2760
  subTaxonomicalElements: [
2828
- "Separate enterprise workspaces",
2829
- "On Mobile Devices",
2830
- "Enterprise Applications",
2831
- "Enterprise Data",
2832
- "Personal Applications",
2833
- "Personal Data"
2761
+ "Enterprise Applications and Enterprise Data",
2762
+ "Seperate from Personal Applications and Personal Data"
2834
2763
  ],
2835
2764
  implementationSuggestions: [
2836
2765
  "Apple® Configuration Profile",
2837
- "AndroidTM Work Profile",
2838
- "Configuration Management Tool"
2766
+ "AndroidTM Work Profile"
2839
2767
  ],
2840
2768
  relatedSafeguards: ["4.1"],
2841
2769
  systemPromptFull: {
@@ -2889,7 +2817,7 @@ export class SafeguardManager {
2889
2817
  title: "Establish and Maintain an Inventory of Accounts",
2890
2818
  description: "Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory, at a minimum, should contain the person's name, username, start/stop dates, and department. Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.",
2891
2819
  implementationGroup: "IG1",
2892
- assetType: ["users"],
2820
+ assetType: ["Users"],
2893
2821
  securityFunction: ["Identify"],
2894
2822
  governanceElements: [
2895
2823
  "Establish and maintain an inventory of all accounts managed in the enterprise",
@@ -2972,7 +2900,7 @@ export class SafeguardManager {
2972
2900
  title: "Use Unique Passwords",
2973
2901
  description: "Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using Multi-Factor Authentication (MFA) and a 14-character password for accounts not using MFA.",
2974
2902
  implementationGroup: "IG1",
2975
- assetType: ["users"],
2903
+ assetType: ["Users"],
2976
2904
  securityFunction: ["Protect"],
2977
2905
  governanceElements: [
2978
2906
  "Use unique passwords for all enterprise assets",
@@ -3044,7 +2972,7 @@ export class SafeguardManager {
3044
2972
  title: "Disable Dormant Accounts",
3045
2973
  description: "Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported.",
3046
2974
  implementationGroup: "IG1",
3047
- assetType: ["users"],
2975
+ assetType: ["Users"],
3048
2976
  securityFunction: ["Protect"],
3049
2977
  governanceElements: [
3050
2978
  "Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported"
@@ -3114,7 +3042,7 @@ export class SafeguardManager {
3114
3042
  title: "Restrict Administrator Privileges to Dedicated Administrator Accounts",
3115
3043
  description: "Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user's primary, non-privileged account.",
3116
3044
  implementationGroup: "IG1",
3117
- assetType: ["users"],
3045
+ assetType: ["Users"],
3118
3046
  securityFunction: ["Protect"],
3119
3047
  governanceElements: [
3120
3048
  "Restrict administrator privileges to dedicated administrator accounts on enterprise assets",
@@ -3190,7 +3118,7 @@ export class SafeguardManager {
3190
3118
  title: "Establish and Maintain an Inventory of Service Accounts",
3191
3119
  description: "Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.",
3192
3120
  implementationGroup: "IG2",
3193
- assetType: ["users"],
3121
+ assetType: ["Users"],
3194
3122
  securityFunction: ["Identify"],
3195
3123
  governanceElements: [
3196
3124
  "Establish and maintain an inventory of service accounts",
@@ -3269,7 +3197,7 @@ export class SafeguardManager {
3269
3197
  title: "Centralize Account Management",
3270
3198
  description: "Centralize account management through a directory or identity service.",
3271
3199
  implementationGroup: "IG2",
3272
- assetType: ["users"],
3200
+ assetType: ["Users"],
3273
3201
  securityFunction: ["Govern"],
3274
3202
  governanceElements: [
3275
3203
  "Centralize account management through a directory or identity service"
@@ -3339,7 +3267,7 @@ export class SafeguardManager {
3339
3267
  title: "Establish an Access Granting Process",
3340
3268
  description: "Establish and follow a documented process, preferably automated, for granting access to enterprise assets upon new hire or role change of a user.",
3341
3269
  implementationGroup: "IG1",
3342
- assetType: ["users"],
3270
+ assetType: ["Users"],
3343
3271
  securityFunction: ["Govern"],
3344
3272
  governanceElements: [
3345
3273
  "Establish",
@@ -3416,7 +3344,7 @@ export class SafeguardManager {
3416
3344
  title: "Establish an Access Revoking Process",
3417
3345
  description: "Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.",
3418
3346
  implementationGroup: "IG1",
3419
- assetType: ["users"],
3347
+ assetType: ["Users"],
3420
3348
  securityFunction: ["Govern"],
3421
3349
  governanceElements: [
3422
3350
  "Establish",
@@ -3498,7 +3426,7 @@ export class SafeguardManager {
3498
3426
  title: "Require MFA for Externally-Exposed Applications",
3499
3427
  description: "Require all externally-exposed enterprise or third-party applications to enforce MFA, where supported. Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard.",
3500
3428
  implementationGroup: "IG1",
3501
- assetType: ["users"],
3429
+ assetType: ["Users"],
3502
3430
  securityFunction: ["Protect"],
3503
3431
  governanceElements: [
3504
3432
  "Require",
@@ -3573,7 +3501,7 @@ export class SafeguardManager {
3573
3501
  title: "Require MFA for Remote Network Access",
3574
3502
  description: "Require MFA for remote network access.",
3575
3503
  implementationGroup: "IG1",
3576
- assetType: ["users"],
3504
+ assetType: ["Users"],
3577
3505
  securityFunction: ["Protect"],
3578
3506
  governanceElements: [
3579
3507
  "Require",
@@ -3643,7 +3571,7 @@ export class SafeguardManager {
3643
3571
  title: "Require MFA for Administrative Access",
3644
3572
  description: "Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a service provider.",
3645
3573
  implementationGroup: "IG1",
3646
- assetType: ["users"],
3574
+ assetType: ["Users"],
3647
3575
  securityFunction: ["Protect"],
3648
3576
  governanceElements: [
3649
3577
  "Require",
@@ -3796,7 +3724,7 @@ export class SafeguardManager {
3796
3724
  title: "Centralize Access Control",
3797
3725
  description: "Centralize access control for all enterprise assets through a directory service or SSO provider, where supported.",
3798
3726
  implementationGroup: "IG2",
3799
- assetType: ["users"],
3727
+ assetType: ["Users"],
3800
3728
  securityFunction: ["Protect"],
3801
3729
  governanceElements: [
3802
3730
  "Centralize",
@@ -3874,7 +3802,7 @@ export class SafeguardManager {
3874
3802
  title: "Define and Maintain Role-Based Access Control",
3875
3803
  description: "Define and maintain role-based access control, through determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties. Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule at a minimum annually, or more frequently.",
3876
3804
  implementationGroup: "IG3",
3877
- assetType: ["users"],
3805
+ assetType: ["Users"],
3878
3806
  securityFunction: ["Govern"],
3879
3807
  governanceElements: [
3880
3808
  "Define",
@@ -4124,7 +4052,7 @@ export class SafeguardManager {
4124
4052
  title: "Perform Automated Operating System Patch Management",
4125
4053
  description: "Perform automated operating system patch management on enterprise assets",
4126
4054
  implementationGroup: "IG1",
4127
- assetType: ["devices"],
4055
+ assetType: ["Devices"],
4128
4056
  securityFunction: ["Protect"],
4129
4057
  governanceElements: [
4130
4058
  "perform automated OS patch management",
@@ -4288,7 +4216,7 @@ export class SafeguardManager {
4288
4216
  title: "Perform Automated Vulnerability Scans of Internal Enterprise Assets",
4289
4217
  description: "Perform automated vulnerability scans of internal enterprise assets on a quarterly or more frequent basis",
4290
4218
  implementationGroup: "IG2",
4291
- assetType: ["devices", "Software"],
4219
+ assetType: ["Devices", "Software"],
4292
4220
  securityFunction: ["Detect"],
4293
4221
  governanceElements: [
4294
4222
  "perform automated vulnerability scans",
@@ -4370,7 +4298,7 @@ export class SafeguardManager {
4370
4298
  title: "Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets",
4371
4299
  description: "Perform automated vulnerability scans of externally-exposed enterprise assets using either an internal or external vulnerability scanning service",
4372
4300
  implementationGroup: "IG2",
4373
- assetType: ["devices", "Software"],
4301
+ assetType: ["Devices", "Software"],
4374
4302
  securityFunction: ["Detect"],
4375
4303
  governanceElements: [
4376
4304
  "perform automated vulnerability scans",
@@ -4534,7 +4462,7 @@ export class SafeguardManager {
4534
4462
  title: "Establish and Maintain an Audit Log Management Process",
4535
4463
  description: "Establish and maintain a documented audit log management process that defines the enterprise's logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
4536
4464
  implementationGroup: "IG1",
4537
- assetType: ["enterprise assets", "data"],
4465
+ assetType: ["enterprise assets", "Data"],
4538
4466
  securityFunction: ["Govern"],
4539
4467
  governanceElements: [
4540
4468
  "establish and maintain",
@@ -4610,7 +4538,7 @@ export class SafeguardManager {
4610
4538
  title: "Collect Audit Logs",
4611
4539
  description: "Collect audit logs. Ensure that logging, per the enterprise's audit log management process, has been enabled across enterprise assets.",
4612
4540
  implementationGroup: "IG1",
4613
- assetType: ["enterprise assets", "data"],
4541
+ assetType: ["enterprise assets", "Data"],
4614
4542
  securityFunction: ["Detect"],
4615
4543
  governanceElements: [
4616
4544
  "per the enterprise's audit log management process"
@@ -4679,7 +4607,7 @@ export class SafeguardManager {
4679
4607
  title: "Ensure Adequate Audit Log Storage",
4680
4608
  description: "Ensure that logging destinations maintain adequate storage to comply with the enterprise's audit log management process.",
4681
4609
  implementationGroup: "IG1",
4682
- assetType: ["data"],
4610
+ assetType: ["Data"],
4683
4611
  securityFunction: ["Protect"],
4684
4612
  governanceElements: [
4685
4613
  "comply with the enterprise's audit log management process"
@@ -4749,7 +4677,7 @@ export class SafeguardManager {
4749
4677
  title: "Standardize Time Synchronization",
4750
4678
  description: "Standardize time synchronization. Configure at least two synchronized time sources across enterprise assets, where supported.",
4751
4679
  implementationGroup: "IG2",
4752
- assetType: ["enterprise assets", "data"],
4680
+ assetType: ["enterprise assets", "Data"],
4753
4681
  securityFunction: ["Protect"],
4754
4682
  governanceElements: [
4755
4683
  "standardize time synchronization"
@@ -4821,7 +4749,7 @@ export class SafeguardManager {
4821
4749
  title: "Collect Detailed Audit Logs",
4822
4750
  description: "Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.",
4823
4751
  implementationGroup: "IG2",
4824
- assetType: ["enterprise assets", "data"],
4752
+ assetType: ["enterprise assets", "Data"],
4825
4753
  securityFunction: ["Detect"],
4826
4754
  governanceElements: [
4827
4755
  "configure detailed audit logging"
@@ -4896,7 +4824,7 @@ export class SafeguardManager {
4896
4824
  title: "Collect DNS Query Audit Logs",
4897
4825
  description: "Collect DNS query audit logs on enterprise assets, where appropriate and supported.",
4898
4826
  implementationGroup: "IG2",
4899
- assetType: ["enterprise assets", "data"],
4827
+ assetType: ["enterprise assets", "Data"],
4900
4828
  securityFunction: ["Detect"],
4901
4829
  governanceElements: [
4902
4830
  "where appropriate and supported"
@@ -4967,7 +4895,7 @@ export class SafeguardManager {
4967
4895
  title: "Collect URL Request Audit Logs",
4968
4896
  description: "Collect URL request audit logs on enterprise assets, where appropriate and supported.",
4969
4897
  implementationGroup: "IG2",
4970
- assetType: ["enterprise assets", "data"],
4898
+ assetType: ["enterprise assets", "Data"],
4971
4899
  securityFunction: ["Detect"],
4972
4900
  governanceElements: [
4973
4901
  "where appropriate and supported"
@@ -5038,7 +4966,7 @@ export class SafeguardManager {
5038
4966
  title: "Collect Command-Line Audit Logs",
5039
4967
  description: "Collect command-line audit logs. Example implementations include collecting audit logs from PowerShell®, BASH™, and remote administrative terminals.",
5040
4968
  implementationGroup: "IG2",
5041
- assetType: ["data"],
4969
+ assetType: ["Data"],
5042
4970
  securityFunction: ["Detect"],
5043
4971
  governanceElements: [
5044
4972
  "collect command-line audit logs"
@@ -5108,7 +5036,7 @@ export class SafeguardManager {
5108
5036
  title: "Centralize Audit Logs",
5109
5037
  description: "Centralize, to the extent possible, audit log collection and retention across enterprise assets in accordance with the documented audit log management process. Example implementations include leveraging a SIEM tool to centralize multiple log sources.",
5110
5038
  implementationGroup: "IG2",
5111
- assetType: ["enterprise assets", "data"],
5039
+ assetType: ["enterprise assets", "Data"],
5112
5040
  securityFunction: ["Detect"],
5113
5041
  governanceElements: [
5114
5042
  "in accordance with documented audit log management process",
@@ -5180,7 +5108,7 @@ export class SafeguardManager {
5180
5108
  title: "Retain Audit Logs",
5181
5109
  description: "Retain audit logs across enterprise assets for a minimum of 90 days.",
5182
5110
  implementationGroup: "IG2",
5183
- assetType: ["enterprise assets", "data"],
5111
+ assetType: ["enterprise assets", "Data"],
5184
5112
  securityFunction: ["Protect"],
5185
5113
  governanceElements: [
5186
5114
  "minimum of 90 days"
@@ -5247,7 +5175,7 @@ export class SafeguardManager {
5247
5175
  title: "Conduct Audit Log Reviews",
5248
5176
  description: "Conduct reviews of audit logs to detect anomalies or abnormal events that could indicate a potential threat. Conduct reviews on a weekly, or more frequent, basis.",
5249
5177
  implementationGroup: "IG2",
5250
- assetType: ["data"],
5178
+ assetType: ["Data"],
5251
5179
  securityFunction: ["Detect"],
5252
5180
  governanceElements: [
5253
5181
  "conduct reviews on a weekly, or more frequent, basis"
@@ -5317,7 +5245,7 @@ export class SafeguardManager {
5317
5245
  title: "Collect Service Provider Logs",
5318
5246
  description: "Collect service provider logs, where supported. Example implementations include collecting authentication and authorization events, data creation and disposal events, and user management events.",
5319
5247
  implementationGroup: "IG3",
5320
- assetType: ["data"],
5248
+ assetType: ["Data"],
5321
5249
  securityFunction: ["Detect"],
5322
5250
  governanceElements: [
5323
5251
  "where supported"
@@ -5466,7 +5394,7 @@ export class SafeguardManager {
5466
5394
  title: "Use DNS Filtering Services",
5467
5395
  description: "Use DNS filtering services on all end-user devices, including remote and on-premise assets, to block access to known malicious domains",
5468
5396
  implementationGroup: "IG1",
5469
- assetType: ["devices", "network"],
5397
+ assetType: ["Devices", "network"],
5470
5398
  securityFunction: ["Protect"],
5471
5399
  governanceElements: [
5472
5400
  "use DNS filtering services on all end-user devices",
@@ -5938,7 +5866,7 @@ export class SafeguardManager {
5938
5866
  title: "Deploy and Maintain Anti-Malware Software",
5939
5867
  description: "Deploy and maintain anti-malware software on all enterprise assets",
5940
5868
  implementationGroup: "IG1",
5941
- assetType: ["devices"],
5869
+ assetType: ["Devices"],
5942
5870
  securityFunction: ["Detect"],
5943
5871
  governanceElements: [
5944
5872
  "deploy anti-malware software",
@@ -6017,7 +5945,7 @@ export class SafeguardManager {
6017
5945
  title: "Configure Automatic Anti-Malware Signature Updates",
6018
5946
  description: "Configure automatic updates for anti-malware signature files on all enterprise assets",
6019
5947
  implementationGroup: "IG1",
6020
- assetType: ["devices"],
5948
+ assetType: ["Devices"],
6021
5949
  securityFunction: ["Protect"],
6022
5950
  governanceElements: [
6023
5951
  "configure automatic updates",
@@ -6091,7 +6019,7 @@ export class SafeguardManager {
6091
6019
  title: "Disable Autorun and Autoplay for Removable Media",
6092
6020
  description: "Disable autorun and autoplay auto-execute functionality for removable media",
6093
6021
  implementationGroup: "IG1",
6094
- assetType: ["devices"],
6022
+ assetType: ["Devices"],
6095
6023
  securityFunction: ["Protect"],
6096
6024
  governanceElements: [
6097
6025
  "disable autorun functionality",
@@ -6170,7 +6098,7 @@ export class SafeguardManager {
6170
6098
  title: "Configure Automatic Anti-Malware Scanning of Removable Media",
6171
6099
  description: "Configure anti-malware software to automatically scan removable media",
6172
6100
  implementationGroup: "IG2",
6173
- assetType: ["devices"],
6101
+ assetType: ["Devices"],
6174
6102
  securityFunction: ["Detect"],
6175
6103
  governanceElements: [
6176
6104
  "configure anti-malware software",
@@ -6248,7 +6176,7 @@ export class SafeguardManager {
6248
6176
  title: "Enable Anti-Exploitation Features",
6249
6177
  description: "Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™",
6250
6178
  implementationGroup: "IG2",
6251
- assetType: ["devices"],
6179
+ assetType: ["Devices"],
6252
6180
  securityFunction: ["Protect"],
6253
6181
  governanceElements: [
6254
6182
  "enable anti-exploitation features",
@@ -6328,7 +6256,7 @@ export class SafeguardManager {
6328
6256
  title: "Centrally Manage Anti-Malware Software",
6329
6257
  description: "Centrally manage anti-malware software",
6330
6258
  implementationGroup: "IG2",
6331
- assetType: ["devices"],
6259
+ assetType: ["Devices"],
6332
6260
  securityFunction: ["Protect"],
6333
6261
  governanceElements: [
6334
6262
  "centrally manage anti-malware",
@@ -6404,7 +6332,7 @@ export class SafeguardManager {
6404
6332
  title: "Use Behavior-Based Anti-Malware Software",
6405
6333
  description: "Use behavior-based anti-malware software",
6406
6334
  implementationGroup: "IG2",
6407
- assetType: ["devices"],
6335
+ assetType: ["Devices"],
6408
6336
  securityFunction: ["Detect"],
6409
6337
  governanceElements: [
6410
6338
  "use behavior-based anti-malware",
@@ -6481,7 +6409,7 @@ export class SafeguardManager {
6481
6409
  title: "Establish and Maintain a Data Recovery Process",
6482
6410
  description: "Establish and maintain a documented data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard",
6483
6411
  implementationGroup: "IG1",
6484
- assetType: ["data"],
6412
+ assetType: ["Data"],
6485
6413
  securityFunction: ["Govern"],
6486
6414
  governanceElements: [
6487
6415
  "establish documented data recovery process",
@@ -6564,7 +6492,7 @@ export class SafeguardManager {
6564
6492
  title: "Perform Automated Backups",
6565
6493
  description: "Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data",
6566
6494
  implementationGroup: "IG1",
6567
- assetType: ["data"],
6495
+ assetType: ["Data"],
6568
6496
  securityFunction: ["Recover"],
6569
6497
  governanceElements: [
6570
6498
  "perform automated backups",
@@ -6645,7 +6573,7 @@ export class SafeguardManager {
6645
6573
  title: "Protect Recovery Data",
6646
6574
  description: "Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements",
6647
6575
  implementationGroup: "IG1",
6648
- assetType: ["data"],
6576
+ assetType: ["Data"],
6649
6577
  securityFunction: ["Protect"],
6650
6578
  governanceElements: [
6651
6579
  "protect recovery data",
@@ -6725,7 +6653,7 @@ export class SafeguardManager {
6725
6653
  title: "Establish and Maintain an Isolated Instance of Recovery Data",
6726
6654
  description: "Establish and maintain an isolated instance of recovery data. Example implementations include version controlling backup destinations through offline, cloud, or off-site systems or services",
6727
6655
  implementationGroup: "IG1",
6728
- assetType: ["data"],
6656
+ assetType: ["Data"],
6729
6657
  securityFunction: ["Recover"],
6730
6658
  governanceElements: [
6731
6659
  "establish isolated instance of recovery data",
@@ -6808,7 +6736,7 @@ export class SafeguardManager {
6808
6736
  title: "Test Data Recovery",
6809
6737
  description: "Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets",
6810
6738
  implementationGroup: "IG2",
6811
- assetType: ["data"],
6739
+ assetType: ["Data"],
6812
6740
  securityFunction: ["Recover"],
6813
6741
  governanceElements: [
6814
6742
  "test backup recovery quarterly or more frequently",
@@ -7372,7 +7300,7 @@ export class SafeguardManager {
7372
7300
  title: "Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise's AAA Infrastructure",
7373
7301
  description: "Require users to authenticate to enterprise-managed VPN and authentication services prior to accessing enterprise resources on end-user devices",
7374
7302
  implementationGroup: "IG2",
7375
- assetType: ["devices"],
7303
+ assetType: ["Devices"],
7376
7304
  securityFunction: ["Protect"],
7377
7305
  governanceElements: [
7378
7306
  "require users to authenticate to enterprise-managed VPN",
@@ -7452,7 +7380,7 @@ export class SafeguardManager {
7452
7380
  title: "Establish and Maintain Dedicated Computing Resources for All Administrative Work",
7453
7381
  description: "Establish and maintain dedicated computing resources, either physically or logically separated, for all administrative tasks or tasks requiring administrative access. The computing resources should be segmented from the enterprise's primary network and not be allowed internet access",
7454
7382
  implementationGroup: "IG3",
7455
- assetType: ["devices"],
7383
+ assetType: ["Devices"],
7456
7384
  securityFunction: ["Protect"],
7457
7385
  governanceElements: [
7458
7386
  "establish dedicated computing resources for administrative work",
@@ -7534,7 +7462,7 @@ export class SafeguardManager {
7534
7462
  title: "Centralize Security Event Alerting",
7535
7463
  description: "Centralize security event alerting across enterprise assets for log correlation and analysis. Security event alerting includes, at a minimum, active exploitation attempts of enterprise assets",
7536
7464
  implementationGroup: "IG2",
7537
- assetType: ["network", "devices"],
7465
+ assetType: ["network", "Devices"],
7538
7466
  securityFunction: ["Detect"],
7539
7467
  governanceElements: [
7540
7468
  "centralize security event alerting across enterprise assets",
@@ -7613,7 +7541,7 @@ export class SafeguardManager {
7613
7541
  title: "Deploy a Host-Based Intrusion Detection Solution",
7614
7542
  description: "Deploy a host-based intrusion detection solution on enterprise assets, where technically feasible",
7615
7543
  implementationGroup: "IG2",
7616
- assetType: ["devices"],
7544
+ assetType: ["Devices"],
7617
7545
  securityFunction: ["Detect"],
7618
7546
  governanceElements: [
7619
7547
  "deploy host-based intrusion detection solution",
@@ -7839,7 +7767,7 @@ export class SafeguardManager {
7839
7767
  title: "Manage Access Control for Remote Assets",
7840
7768
  description: "Manage access control for assets remotely connecting to enterprise networks. Determine amount of access to the enterprise network based on: up-to-date anti-malware software, up-to date system patches, up-to-date host-based firewall, and up-to-date host-based intrusion detection or intrusion prevention system",
7841
7769
  implementationGroup: "IG2",
7842
- assetType: ["devices", "network"],
7770
+ assetType: ["Devices", "network"],
7843
7771
  securityFunction: ["Protect"],
7844
7772
  governanceElements: [
7845
7773
  "manage access control for assets remotely connecting to enterprise networks",
@@ -7993,7 +7921,7 @@ export class SafeguardManager {
7993
7921
  title: "Deploy a Host-Based Intrusion Prevention Solution",
7994
7922
  description: "Deploy a host-based intrusion prevention solution on enterprise assets, where technically feasible",
7995
7923
  implementationGroup: "IG3",
7996
- assetType: ["devices"],
7924
+ assetType: ["Devices"],
7997
7925
  securityFunction: ["Respond"],
7998
7926
  governanceElements: [
7999
7927
  "deploy host-based intrusion prevention solution",
@@ -8294,7 +8222,7 @@ export class SafeguardManager {
8294
8222
  title: "Tune Security Event Alerting Thresholds",
8295
8223
  description: "Tune security event alerting thresholds monthly, or more frequently",
8296
8224
  implementationGroup: "IG3",
8297
- assetType: ["network", "devices"],
8225
+ assetType: ["network", "Devices"],
8298
8226
  securityFunction: ["Detect"],
8299
8227
  governanceElements: [
8300
8228
  "tune security event alerting thresholds",
@@ -8368,7 +8296,7 @@ export class SafeguardManager {
8368
8296
  title: "Establish and Maintain a Security Awareness Program",
8369
8297
  description: "Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise's workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard",
8370
8298
  implementationGroup: "IG1",
8371
- assetType: ["users"],
8299
+ assetType: ["Users"],
8372
8300
  securityFunction: ["Govern"],
8373
8301
  governanceElements: [
8374
8302
  "establish and maintain a security awareness program",
@@ -8450,7 +8378,7 @@ export class SafeguardManager {
8450
8378
  title: "Train Workforce Members to Recognize Social Engineering Attacks",
8451
8379
  description: "Train workforce members to recognize social engineering attacks, such as phishing, business email compromise (BEC), pretexting, and tailgating",
8452
8380
  implementationGroup: "IG1",
8453
- assetType: ["users"],
8381
+ assetType: ["Users"],
8454
8382
  securityFunction: ["Protect"],
8455
8383
  governanceElements: [
8456
8384
  "train workforce members to recognize social engineering attacks",
@@ -8529,7 +8457,7 @@ export class SafeguardManager {
8529
8457
  title: "Train Workforce Members on Authentication Best Practices",
8530
8458
  description: "Train workforce members on authentication best practices. Example topics include MFA, password composition, and credential management",
8531
8459
  implementationGroup: "IG1",
8532
- assetType: ["users"],
8460
+ assetType: ["Users"],
8533
8461
  securityFunction: ["Protect"],
8534
8462
  governanceElements: [
8535
8463
  "train workforce members on authentication best practices",
@@ -8606,7 +8534,7 @@ export class SafeguardManager {
8606
8534
  title: "Train Workforce on Data Handling Best Practices",
8607
8535
  description: "Train workforce members on how to identify and properly store, transfer, archive, and destroy sensitive data. This also includes training workforce members on clear screen and desk best practices, such as locking their screen when they step away from their enterprise asset, erasing physical and virtual whiteboards at the end of meetings, and storing data and assets securely",
8608
8536
  implementationGroup: "IG1",
8609
- assetType: ["users"],
8537
+ assetType: ["Users"],
8610
8538
  securityFunction: ["Protect"],
8611
8539
  governanceElements: [
8612
8540
  "train workforce members on how to identify and properly store, transfer, archive, and destroy sensitive data",
@@ -8691,7 +8619,7 @@ export class SafeguardManager {
8691
8619
  title: "Train Workforce Members on Causes of Unintentional Data Exposure",
8692
8620
  description: "Train workforce members to be aware of causes for unintentional data exposure. Example topics include mis-delivery of sensitive data, losing a portable end-user device, or publishing data to unintended audiences",
8693
8621
  implementationGroup: "IG1",
8694
- assetType: ["users"],
8622
+ assetType: ["Users"],
8695
8623
  securityFunction: ["Protect"],
8696
8624
  governanceElements: [
8697
8625
  "train workforce members to be aware of causes for unintentional data exposure",
@@ -8768,7 +8696,7 @@ export class SafeguardManager {
8768
8696
  title: "Train Workforce Members on Recognizing and Reporting Security Incidents",
8769
8697
  description: "Train workforce members to be able to recognize a potential incident and be able to report such an incident",
8770
8698
  implementationGroup: "IG1",
8771
- assetType: ["users"],
8699
+ assetType: ["Users"],
8772
8700
  securityFunction: ["Protect"],
8773
8701
  governanceElements: [
8774
8702
  "train workforce members to be able to recognize a potential incident",
@@ -8843,7 +8771,7 @@ export class SafeguardManager {
8843
8771
  title: "Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates",
8844
8772
  description: "Train workforce to understand how to verify and report out-of-date software patches or any failures in automated processes and tools. Part of this training should include notifying IT personnel of any failures in automated processes and tools",
8845
8773
  implementationGroup: "IG1",
8846
- assetType: ["users"],
8774
+ assetType: ["Users"],
8847
8775
  securityFunction: ["Protect"],
8848
8776
  governanceElements: [
8849
8777
  "train workforce to understand how to verify and report out-of-date software patches",
@@ -8924,7 +8852,7 @@ export class SafeguardManager {
8924
8852
  title: "Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks",
8925
8853
  description: "Train workforce members on the dangers of connecting to, and transmitting data over, insecure networks for enterprise activities. If the enterprise has remote workers, training must include guidance to ensure that all users securely configure their home network infrastructure",
8926
8854
  implementationGroup: "IG1",
8927
- assetType: ["users"],
8855
+ assetType: ["Users"],
8928
8856
  securityFunction: ["Protect"],
8929
8857
  governanceElements: [
8930
8858
  "train workforce members on dangers of connecting to and transmitting data over insecure networks",
@@ -9004,7 +8932,7 @@ export class SafeguardManager {
9004
8932
  title: "Conduct Role-Specific Security Awareness and Skills Training",
9005
8933
  description: "Conduct role-specific security awareness and skills training. Example implementations include secure system administration courses for IT professionals, OWASP Top 10 vulnerability awareness and prevention training for web application developers, and advanced social engineering awareness training for high-profile roles",
9006
8934
  implementationGroup: "IG2",
9007
- assetType: ["users"],
8935
+ assetType: ["Users"],
9008
8936
  securityFunction: ["Protect"],
9009
8937
  governanceElements: [
9010
8938
  "conduct role-specific security awareness and skills training",
@@ -9082,7 +9010,7 @@ export class SafeguardManager {
9082
9010
  title: "Establish and Maintain an Inventory of Service Providers",
9083
9011
  description: "Establish and maintain an inventory of service providers. The inventory is to list all known service providers, include classification(s), and designate an enterprise contact for each service provider. Review and update the inventory annually, or when significant enterprise changes occur that could impact this Safeguard",
9084
9012
  implementationGroup: "IG1",
9085
- assetType: ["users"],
9013
+ assetType: ["Users"],
9086
9014
  securityFunction: ["Identify"],
9087
9015
  governanceElements: [
9088
9016
  "establish and maintain an inventory of service providers",
@@ -9162,7 +9090,7 @@ export class SafeguardManager {
9162
9090
  title: "Establish and Maintain a Service Provider Management Policy",
9163
9091
  description: "Establish and maintain a service provider management policy. Ensure the policy addresses the classification, inventory, assessment, monitoring, and decommissioning of service providers. Review and update the policy annually, or when significant enterprise changes occur that could impact this Safeguard",
9164
9092
  implementationGroup: "IG2",
9165
- assetType: ["users"],
9093
+ assetType: ["Users"],
9166
9094
  securityFunction: ["Govern"],
9167
9095
  governanceElements: [
9168
9096
  "establish and maintain a service provider management policy",
@@ -9247,7 +9175,7 @@ export class SafeguardManager {
9247
9175
  title: "Classify Service Providers",
9248
9176
  description: "Classify service providers. Classification consideration may include one or more characteristics, such as data sensitivity, data volume, availability requirements, applicable regulations, inherent risk, and mitigated risk. Update and review classifications annually, or when significant enterprise changes occur that could impact this Safeguard",
9249
9177
  implementationGroup: "IG2",
9250
- assetType: ["users"],
9178
+ assetType: ["Users"],
9251
9179
  securityFunction: ["Govern"],
9252
9180
  governanceElements: [
9253
9181
  "classify service providers",
@@ -9330,7 +9258,7 @@ export class SafeguardManager {
9330
9258
  title: "Ensure Service Provider Contracts Include Security Requirements",
9331
9259
  description: "Ensure service provider contracts include security requirements. Example requirements may include minimum security program requirements, security incident and/or data breach notification and response, data encryption requirements, and data disposal commitments. These security requirements must be consistent with the enterprise's service provider management policy. Review service provider contracts annually to ensure contracts are not missing security requirements",
9332
9260
  implementationGroup: "IG2",
9333
- assetType: ["users"],
9261
+ assetType: ["Users"],
9334
9262
  securityFunction: ["Govern"],
9335
9263
  governanceElements: [
9336
9264
  "ensure service provider contracts include security requirements",
@@ -9412,7 +9340,7 @@ export class SafeguardManager {
9412
9340
  title: "Assess Service Providers",
9413
9341
  description: "Assess service providers consistent with the enterprise's service provider management policy. Assessment scope may vary based on classification(s), and may include review of standardized assessment reports, such as Service Organization Control 2 (SOC 2) and Payment Card Industry (PCI) Attestation of Compliance (AoC), customized questionnaires, or other appropriately rigorous processes. Reassess service providers annually, at a minimum, or with new and renewed contracts",
9414
9342
  implementationGroup: "IG3",
9415
- assetType: ["users"],
9343
+ assetType: ["Users"],
9416
9344
  securityFunction: ["Govern"],
9417
9345
  governanceElements: [
9418
9346
  "assess service providers consistent with enterprise's service provider management policy",
@@ -9494,7 +9422,7 @@ export class SafeguardManager {
9494
9422
  title: "Monitor Service Providers",
9495
9423
  description: "Monitor service providers consistent with the enterprise's service provider management policy. Monitoring may include periodic reassessment of service provider compliance, monitoring service provider release notes, and dark web monitoring",
9496
9424
  implementationGroup: "IG3",
9497
- assetType: ["data"],
9425
+ assetType: ["Data"],
9498
9426
  securityFunction: ["Govern"],
9499
9427
  governanceElements: [
9500
9428
  "monitor service providers consistent with enterprise's service provider management policy",
@@ -9571,7 +9499,7 @@ export class SafeguardManager {
9571
9499
  title: "Securely Decommission Service Providers",
9572
9500
  description: "Securely decommission service providers. Example considerations include user and service account deactivation, termination of data flows, and secure disposal of enterprise data within service provider systems",
9573
9501
  implementationGroup: "IG3",
9574
- assetType: ["data"],
9502
+ assetType: ["Data"],
9575
9503
  securityFunction: ["Protect"],
9576
9504
  governanceElements: [
9577
9505
  "securely decommission service providers",
@@ -10277,7 +10205,7 @@ export class SafeguardManager {
10277
10205
  title: "Train Developers in Application Security Concepts and Secure Coding",
10278
10206
  description: "Ensure that all software development personnel receive training in writing secure code for their specific development environment and responsibilities. Training can include general security principles and application security standard practices. Conduct training at least annually and design in a way to promote security within the development team, and build a culture of security among the developers",
10279
10207
  implementationGroup: "IG2",
10280
- assetType: ["users"],
10208
+ assetType: ["Users"],
10281
10209
  securityFunction: ["Protect"],
10282
10210
  governanceElements: [
10283
10211
  "ensure that all software development personnel receive training in writing secure code",
@@ -10753,7 +10681,7 @@ export class SafeguardManager {
10753
10681
  title: "Designate Personnel to Manage Incident Handling",
10754
10682
  description: "Designate one key person, and at least one backup, who will manage the enterprise's incident handling process. Management personnel are responsible for the coordination and documentation of incident response and recovery efforts and can consist of employees internal to the enterprise, service providers, or a hybrid approach. If using a service provider, designate at least one person internal to the enterprise to oversee any third-party work. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
10755
10683
  implementationGroup: "IG1",
10756
- assetType: ["users"],
10684
+ assetType: ["Users"],
10757
10685
  securityFunction: ["Respond"],
10758
10686
  governanceElements: [
10759
10687
  "designate one key person and at least one backup who will manage the enterprise's incident handling process",
@@ -10831,7 +10759,7 @@ export class SafeguardManager {
10831
10759
  title: "Establish and Maintain Contact Information for Reporting Security Incidents",
10832
10760
  description: "Establish and maintain contact information for reporting security incidents. This information must be available to all workforce members and should include various contact methods (e.g., phone, email) and be regularly updated. Consider the availability of these contact methods in different circumstances, such as when primary communication systems are compromised",
10833
10761
  implementationGroup: "IG1",
10834
- assetType: ["users"],
10762
+ assetType: ["Users"],
10835
10763
  securityFunction: ["Respond"],
10836
10764
  governanceElements: [
10837
10765
  "establish and maintain contact information for reporting security incidents",
@@ -10907,7 +10835,7 @@ export class SafeguardManager {
10907
10835
  title: "Establish and Maintain an Enterprise Process for Reporting Incidents",
10908
10836
  description: "Establish and maintain an documented enterprise process for the workforce to report security incidents. The process includes reporting timeframe, personnel to report to, mechanism for reporting, and the minimum information to be reported. Ensure the process is publicly available to all of the workforce. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
10909
10837
  implementationGroup: "IG1",
10910
- assetType: ["users"],
10838
+ assetType: ["Users"],
10911
10839
  securityFunction: ["Govern"],
10912
10840
  governanceElements: [
10913
10841
  "establish and maintain a documented enterprise process for the workforce to report security incidents",
@@ -10985,7 +10913,7 @@ export class SafeguardManager {
10985
10913
  title: "Establish and Maintain an Incident Response Process",
10986
10914
  description: "Establish and maintain a documented incident response process that addresses roles and responsibilities, compliance requirements, and a communication plan. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
10987
10915
  implementationGroup: "IG2",
10988
- assetType: ["users"],
10916
+ assetType: ["Users"],
10989
10917
  securityFunction: ["Govern"],
10990
10918
  governanceElements: [
10991
10919
  "establish and maintain a documented incident response process",
@@ -11060,7 +10988,7 @@ export class SafeguardManager {
11060
10988
  title: "Assign Key Roles and Responsibilities",
11061
10989
  description: "Assign key roles and responsibilities for incident response, including staff from legal, IT, information security, facilities, public relations, human resources, incident responders, and analysts. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
11062
10990
  implementationGroup: "IG2",
11063
- assetType: ["users"],
10991
+ assetType: ["Users"],
11064
10992
  securityFunction: ["Respond"],
11065
10993
  governanceElements: [
11066
10994
  "assign key roles and responsibilities for incident response",
@@ -11138,7 +11066,7 @@ export class SafeguardManager {
11138
11066
  title: "Define Mechanisms for Communicating During Incident Response",
11139
11067
  description: "Determine which primary and secondary mechanisms will be used to communicate and report during a security incident. Mechanisms can include phone calls, emails, secure chat or notification letters. Keep in mind that certain mechanisms, such as emails, can be affected during a security incident. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
11140
11068
  implementationGroup: "IG2",
11141
- assetType: ["users"],
11069
+ assetType: ["Users"],
11142
11070
  securityFunction: ["Respond"],
11143
11071
  governanceElements: [
11144
11072
  "determine which primary and secondary mechanisms will be used to communicate and report during a security incident",
@@ -11215,7 +11143,7 @@ export class SafeguardManager {
11215
11143
  title: "Conduct Routine Incident Response Exercises",
11216
11144
  description: "Plan and conduct routine incident response exercises and scenarios for key personnel involved in the incident response process to prepare for responding to real-world incidents. Exercises need to test communication channels, decision-making, and workflows. Conduct testing on an annual basis, at a minimum",
11217
11145
  implementationGroup: "IG2",
11218
- assetType: ["users"],
11146
+ assetType: ["Users"],
11219
11147
  securityFunction: ["Recover"],
11220
11148
  governanceElements: [
11221
11149
  "plan and conduct routine incident response exercises and scenarios for key personnel involved in the incident response process",
@@ -11292,7 +11220,7 @@ export class SafeguardManager {
11292
11220
  title: "Conduct Post-Incident Reviews",
11293
11221
  description: "Conduct post-incident reviews. Post-incident reviews help prevent incident recurrence through identifying lessons learned and follow-up action",
11294
11222
  implementationGroup: "IG2",
11295
- assetType: ["users"],
11223
+ assetType: ["Users"],
11296
11224
  securityFunction: ["Recover"],
11297
11225
  governanceElements: [
11298
11226
  "conduct post-incident reviews"
@@ -11365,7 +11293,7 @@ export class SafeguardManager {
11365
11293
  title: "Establish and Maintain Security Incident Thresholds",
11366
11294
  description: "Establish and maintain security incident thresholds, including, at a minimum, differentiating between an incident and an event. Examples can include: abnormal activity, security vulnerability, security weakness, data breach, privacy incident, etc. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
11367
11295
  implementationGroup: "IG3",
11368
- assetType: ["users"],
11296
+ assetType: ["Users"],
11369
11297
  securityFunction: ["Recover"],
11370
11298
  governanceElements: [
11371
11299
  "establish and maintain security incident thresholds",