framework-mcp 2.4.3 → 2.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1974,19 +1974,17 @@ export class SafeguardManager {
1974
1974
  title: "Establish and Maintain a Secure Configuration Process",
1975
1975
  description: "Establish and maintain a documented secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
1976
1976
  implementationGroup: "IG1",
1977
- assetType: ["end-user devices", "network devices", "IoT devices", "servers", "Software"],
1977
+ assetType: ["Docuemntation"],
1978
1978
  securityFunction: ["Govern"],
1979
1979
  governanceElements: [
1980
1980
  "Establish",
1981
1981
  "Maintain",
1982
- "Documented Secure Configuration Process",
1983
1982
  "Review and update documentation",
1984
1983
  "Annually",
1985
1984
  "When significant enterprise changes occur that could impact this Safeguard"
1986
1985
  ],
1987
1986
  coreRequirements: [
1988
- "documented secure configuration process for enterprise assets",
1989
- "documented secure configuration process for software"
1987
+ "documented secure configuration process"
1990
1988
  ],
1991
1989
  subTaxonomicalElements: [
1992
1990
  "Enterprise assets",
@@ -1996,12 +1994,9 @@ export class SafeguardManager {
1996
1994
  "Portable",
1997
1995
  "Non-computing/IoT devices",
1998
1996
  "Servers",
1999
- "OS",
2000
- "Software"
1997
+ "OS"
2001
1998
  ],
2002
- implementationSuggestions: [
2003
- "Secure Configuration Policy / Process",
2004
- "Configuration Management Tool"
1999
+ implementationSuggestions: [ // Gray - Implementation suggestions
2005
2000
  ],
2006
2001
  relatedSafeguards: ["1.1", "2.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8", "4.9", "4.10", "4.11", "4.12"],
2007
2002
  systemPromptFull: {
@@ -2055,25 +2050,22 @@ export class SafeguardManager {
2055
2050
  title: "Establish and Maintain a Secure Configuration Process for Network Infrastructure",
2056
2051
  description: "Establish and maintain a documented secure configuration process for network devices. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
2057
2052
  implementationGroup: "IG1",
2058
- assetType: ["network devices"],
2053
+ assetType: ["Documentation"],
2059
2054
  securityFunction: ["Govern"],
2060
2055
  governanceElements: [
2061
2056
  "Establish",
2062
2057
  "Maintain",
2063
- "Documented Secure Network Configuration Process",
2064
2058
  "Review and update documentation",
2065
2059
  "Annually",
2066
2060
  "When significant enterprise changes occur that could impact this Safeguard"
2067
2061
  ],
2068
2062
  coreRequirements: [
2069
- "documented secure configuration process for network devices"
2063
+ "documented secure configuration process"
2070
2064
  ],
2071
2065
  subTaxonomicalElements: [
2072
2066
  "Network devices"
2073
2067
  ],
2074
- implementationSuggestions: [
2075
- "Secure Configuration Policy / Process",
2076
- "Configuration Management Tool"
2068
+ implementationSuggestions: [ // Gray - Implementation suggestions
2077
2069
  ],
2078
2070
  relatedSafeguards: ["1.1", "2.1", "3.10", "4.1", "6.4", "8.1", "12.1", "12.2", "12.3", "12.4", "12.5", "13.3", "13.4", "13.6", "13.8", "13.9", "13.10"],
2079
2071
  systemPromptFull: {
@@ -2127,7 +2119,7 @@ export class SafeguardManager {
2127
2119
  title: "Configure Automatic Session Locking on Enterprise Assets",
2128
2120
  description: "Configure automatic session locking on enterprise assets after a defined period of inactivity. For general purpose operating systems, the period Must Not Exceed 15 minutes. For mobile end-user devices, the period must not exceed 2 minutes.",
2129
2121
  implementationGroup: "IG1",
2130
- assetType: ["devices"],
2122
+ assetType: ["Devices"],
2131
2123
  securityFunction: ["Protect"],
2132
2124
  governanceElements: [
2133
2125
  "Configure",
@@ -2135,18 +2127,14 @@ export class SafeguardManager {
2135
2127
  "Period must not exceed for 2 Minutes"
2136
2128
  ],
2137
2129
  coreRequirements: [
2138
- "automatic session locking on enterprise assets after a defined period of inactivity",
2139
- "general purpose operating systems",
2140
- "mobile end-user devices"
2130
+ "automatic session locking on enterprise assets"
2141
2131
  ],
2142
2132
  subTaxonomicalElements: [
2143
- "Automatic Session Locking",
2144
2133
  "Period of inactivity",
2145
2134
  "General Purpose OSs",
2146
2135
  "Mobile end-user devices"
2147
2136
  ],
2148
- implementationSuggestions: [
2149
- "Configuration Management Tool"
2137
+ implementationSuggestions: [ // Gray - Implementation suggestions
2150
2138
  ],
2151
2139
  relatedSafeguards: ["4.1"],
2152
2140
  systemPromptFull: {
@@ -2200,7 +2188,7 @@ export class SafeguardManager {
2200
2188
  title: "Implement and Manage a Firewall on Servers",
2201
2189
  description: "Implement and manage a firewall on servers, where supported. Example implementations include a virtual firewall, operating system firewall, or a third-party firewall agent.",
2202
2190
  implementationGroup: "IG1",
2203
- assetType: ["devices"],
2191
+ assetType: ["Devices"],
2204
2192
  securityFunction: ["Protect"],
2205
2193
  governanceElements: [
2206
2194
  "Implement",
@@ -2217,8 +2205,6 @@ export class SafeguardManager {
2217
2205
  "Virtual Firewall",
2218
2206
  "OS Firewall",
2219
2207
  "Third Party Firewall",
2220
- "Firewall",
2221
- "Configuration Management Tool"
2222
2208
  ],
2223
2209
  relatedSafeguards: ["4.1"],
2224
2210
  systemPromptFull: {
@@ -2272,21 +2258,18 @@ export class SafeguardManager {
2272
2258
  title: "Implement and Manage a Firewall on End-User Devices",
2273
2259
  description: "Implement and manage a host-based firewall or port-filtering tool on end-user devices, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.",
2274
2260
  implementationGroup: "IG1",
2275
- assetType: ["devices"],
2261
+ assetType: ["Devices"],
2276
2262
  securityFunction: ["Protect"],
2277
2263
  governanceElements: [
2278
2264
  "Implement",
2279
- "Manage",
2280
- "Default deny rule that drops all traffic",
2281
- "Except Explicitly Allowed"
2265
+ "Manage"
2282
2266
  ],
2283
2267
  coreRequirements: [
2284
2268
  "host-based firewall or port-filtering tool on end-user devices"
2285
2269
  ],
2286
2270
  subTaxonomicalElements: [
2287
- "Host-based Firewall",
2288
- "Port Filtering Tool",
2289
- "End User Devices",
2271
+ "Default Deny Rule that drops all traffic",
2272
+ "Except Explicitly Allowed",
2290
2273
  "Services",
2291
2274
  "Ports"
2292
2275
  ],
@@ -2346,7 +2329,7 @@ export class SafeguardManager {
2346
2329
  title: "Securely Manage Enterprise Assets and Software",
2347
2330
  description: "Securely manage enterprise assets and software. Example implementations include managing configuration through version-controlled- Infrastructure-as-Code (IaC) and accessing administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). Do not use insecure management protocols, such as Telnet (Teletype Network) and HTTP, unless operationally essential.",
2348
2331
  implementationGroup: "IG1",
2349
- assetType: ["devices", "Software"],
2332
+ assetType: ["Devices"],
2350
2333
  securityFunction: ["Protect"],
2351
2334
  governanceElements: [
2352
2335
  "Do not use insecure management protocols",
@@ -2356,16 +2339,14 @@ export class SafeguardManager {
2356
2339
  "Securely manage enterprise assets and software"
2357
2340
  ],
2358
2341
  subTaxonomicalElements: [
2359
- "Securely manage enterprise assets and software"
2342
+ "Securely manage enterprise assets and software",
2343
+ "Do not use insecure management protocols unless operationally essential"
2360
2344
  ],
2361
2345
  implementationSuggestions: [
2362
2346
  "Manage configuration through version-controlled Infrastructure-as-Code (IaC)",
2363
2347
  "Accessing administrative interfaces over secure network protocols",
2364
- "SSH",
2365
- "HTTPS",
2366
- "Telnet (Teletype Network)",
2367
- "HTTP",
2368
- "Configuration Management Tool"
2348
+ "SSH instead of TELNET",
2349
+ "HTTPS instead of HTTP",
2369
2350
  ],
2370
2351
  relatedSafeguards: ["4.1", "12.3"],
2371
2352
  systemPromptFull: {
@@ -2419,26 +2400,22 @@ export class SafeguardManager {
2419
2400
  title: "Manage Default Accounts on Enterprise Assets and Software",
2420
2401
  description: "Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.",
2421
2402
  implementationGroup: "IG1",
2422
- assetType: ["devices", "Software", "users"],
2403
+ assetType: ["Users"],
2423
2404
  securityFunction: ["Protect"],
2424
2405
  governanceElements: [
2425
2406
  "Manage"
2426
2407
  ],
2427
2408
  coreRequirements: [
2428
- "default accounts on enterprise assets and software"
2409
+ "default accounts"
2429
2410
  ],
2430
2411
  subTaxonomicalElements: [
2431
- "Default accounts",
2432
2412
  "Enterprise assets",
2433
- "Software",
2434
- "Root",
2435
- "Administrator",
2436
- "Other pre-configured vendor accounts"
2413
+ "Software"
2437
2414
  ],
2438
2415
  implementationSuggestions: [
2439
- "Disabling",
2440
- "Unusable",
2441
- "Configuration Management Tool"
2416
+ "Disabling them",
2417
+ "making them Unusable",
2418
+ "Root, Administrator, or other pre-configured vendor accounts"
2442
2419
  ],
2443
2420
  relatedSafeguards: ["4.1"],
2444
2421
  systemPromptFull: {
@@ -2492,25 +2469,23 @@ export class SafeguardManager {
2492
2469
  title: "Uninstall or Disable Unnecessary Services on Enterprise Assets and Software",
2493
2470
  description: "Uninstall or disable unnecessary services on enterprise assets and software, such as an unused file sharing service, web application module, or service function.",
2494
2471
  implementationGroup: "IG2",
2495
- assetType: ["devices", "Software"],
2472
+ assetType: ["Devices", "Software"],
2496
2473
  securityFunction: ["Protect"],
2497
2474
  governanceElements: [
2498
2475
  "Uninstall",
2499
2476
  "Disable"
2500
2477
  ],
2501
2478
  coreRequirements: [
2502
- "unnecessary services on enterprise assets and software"
2479
+ "unnecessary services"
2503
2480
  ],
2504
2481
  subTaxonomicalElements: [
2505
- "Unnecessary Services",
2506
2482
  "Enterprise assets",
2507
- "Software",
2508
- "Unused file sharing service",
2509
- "Web application module",
2510
- "Service function"
2483
+ "Software"
2511
2484
  ],
2512
2485
  implementationSuggestions: [
2513
- "Configuration Management Tool"
2486
+ "Unused File Sharing Services",
2487
+ "Web Application Module",
2488
+ "Service Function"
2514
2489
  ],
2515
2490
  relatedSafeguards: ["4.1"],
2516
2491
  systemPromptFull: {
@@ -2564,22 +2539,20 @@ export class SafeguardManager {
2564
2539
  title: "Configure Trusted DNS Servers on Enterprise Assets",
2565
2540
  description: "Configure trusted DNS servers on enterprise assets. Example implementations include: configuring assets to use enterprise-controlled DNS servers and/or reputable externally accessible DNS servers.",
2566
2541
  implementationGroup: "IG2",
2567
- assetType: ["devices"],
2542
+ assetType: ["Devices"],
2568
2543
  securityFunction: ["Protect"],
2569
2544
  governanceElements: [
2570
2545
  "Configure"
2571
2546
  ],
2572
2547
  coreRequirements: [
2573
- "trusted DNS servers on enterprise assets"
2548
+ "trusted DNS servers"
2574
2549
  ],
2575
2550
  subTaxonomicalElements: [
2576
- "Trusted DNS Servers",
2577
2551
  "Enterprise assets"
2578
2552
  ],
2579
2553
  implementationSuggestions: [
2580
2554
  "Configuring assets to use enterprise-controlled DNS servers",
2581
- "Reputable externally accessible DNS servers",
2582
- "Configuration Management Tool"
2555
+ "Reputable externally accessible DNS servers"
2583
2556
  ],
2584
2557
  relatedSafeguards: ["4.1", "8.6", "9.2"],
2585
2558
  systemPromptFull: {
@@ -2633,7 +2606,7 @@ export class SafeguardManager {
2633
2606
  title: "Enforce Automatic Device Lockout on Portable End-User Devices",
2634
2607
  description: "Enforce automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices, where supported. For laptops, do not allow more than 20 failed authentication attempts; for tablets and smartphones, no more than 10 failed authentication attempts. Example implementations include Microsoft® InTune Device Lock and Apple® Configuration Profile maxFailedAttempts.",
2635
2608
  implementationGroup: "IG2",
2636
- assetType: ["devices"],
2609
+ assetType: ["Devices"],
2637
2610
  securityFunction: ["Protect"],
2638
2611
  governanceElements: [
2639
2612
  "Enforce",
@@ -2642,14 +2615,13 @@ export class SafeguardManager {
2642
2615
  "No more than 10 Failed Authentication Attempts"
2643
2616
  ],
2644
2617
  coreRequirements: [
2645
- "automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices"
2618
+ "automatic device lockout"
2646
2619
  ],
2647
2620
  subTaxonomicalElements: [
2648
- "Automatic Device Lockout",
2649
- "Predetermined threshold of local failed authentication attempts",
2650
- "Portable end-user devices",
2651
- "Laptops",
2652
- "Tablets and smartphones"
2621
+ "After a Predetermined threshold of local failed authentication attempts",
2622
+ "On Portable end-user devices",
2623
+ "Such as Laptops",
2624
+ "Such as Tablets and smartphones"
2653
2625
  ],
2654
2626
  implementationSuggestions: [
2655
2627
  "Microsoft® InTune Device Lock",
@@ -2708,24 +2680,22 @@ export class SafeguardManager {
2708
2680
  title: "Enforce Remote Wipe Capability on Portable End-User Devices",
2709
2681
  description: "Remotely wipe enterprise data from enterprise-owned portable end-user devices when deemed appropriate such as lost or stolen devices, or when an individual no longer supports the enterprise.",
2710
2682
  implementationGroup: "IG2",
2711
- assetType: ["devices"],
2683
+ assetType: ["Devices"],
2712
2684
  securityFunction: ["Protect"],
2713
2685
  governanceElements: [
2714
2686
  "When deemed appropriate"
2715
2687
  ],
2716
2688
  coreRequirements: [
2717
- "Remotely wipe enterprise data from enterprise-owned portable end-user devices"
2689
+ "Remotely wipe enterprise data"
2718
2690
  ],
2719
2691
  subTaxonomicalElements: [
2720
- "Remotely Wipe enterprise data",
2721
- "Portable end-user devices",
2692
+ "Portable end-user devices"
2693
+ ],
2694
+ implementationSuggestions: [
2722
2695
  "Lost devices",
2723
2696
  "Stolen devices",
2724
2697
  "When an individual no longer supports the enterprise"
2725
2698
  ],
2726
- implementationSuggestions: [
2727
- "Configuration Management Tool"
2728
- ],
2729
2699
  relatedSafeguards: ["4.1"],
2730
2700
  systemPromptFull: {
2731
2701
  role: "Vendor Description Assistant and expert on CIS Controls",
@@ -2778,7 +2748,7 @@ export class SafeguardManager {
2778
2748
  title: "Separate Enterprise Workspaces on Mobile End-User Devices",
2779
2749
  description: "Ensure separate enterprise workspaces are used on mobile end-user devices, where supported. Example implementations include using an Apple® Configuration Profile or AndroidTM Work Profile to separate enterprise applications and data from personal applications and data.",
2780
2750
  implementationGroup: "IG3",
2781
- assetType: ["devices", "Data"],
2751
+ assetType: ["Data"],
2782
2752
  securityFunction: ["Protect"],
2783
2753
  governanceElements: [
2784
2754
  "Ensure",
@@ -2788,17 +2758,12 @@ export class SafeguardManager {
2788
2758
  "separate enterprise workspaces are used on mobile end-user devices"
2789
2759
  ],
2790
2760
  subTaxonomicalElements: [
2791
- "Separate enterprise workspaces",
2792
- "On Mobile Devices",
2793
- "Enterprise Applications",
2794
- "Enterprise Data",
2795
- "Personal Applications",
2796
- "Personal Data"
2761
+ "Enterprise Applications and Enterprise Data",
2762
+ "Seperate from Personal Applications and Personal Data"
2797
2763
  ],
2798
2764
  implementationSuggestions: [
2799
2765
  "Apple® Configuration Profile",
2800
- "AndroidTM Work Profile",
2801
- "Configuration Management Tool"
2766
+ "AndroidTM Work Profile"
2802
2767
  ],
2803
2768
  relatedSafeguards: ["4.1"],
2804
2769
  systemPromptFull: {
@@ -2852,7 +2817,7 @@ export class SafeguardManager {
2852
2817
  title: "Establish and Maintain an Inventory of Accounts",
2853
2818
  description: "Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory, at a minimum, should contain the person's name, username, start/stop dates, and department. Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.",
2854
2819
  implementationGroup: "IG1",
2855
- assetType: ["users"],
2820
+ assetType: ["Users"],
2856
2821
  securityFunction: ["Identify"],
2857
2822
  governanceElements: [
2858
2823
  "Establish and maintain an inventory of all accounts managed in the enterprise",
@@ -2935,7 +2900,7 @@ export class SafeguardManager {
2935
2900
  title: "Use Unique Passwords",
2936
2901
  description: "Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using Multi-Factor Authentication (MFA) and a 14-character password for accounts not using MFA.",
2937
2902
  implementationGroup: "IG1",
2938
- assetType: ["users"],
2903
+ assetType: ["Users"],
2939
2904
  securityFunction: ["Protect"],
2940
2905
  governanceElements: [
2941
2906
  "Use unique passwords for all enterprise assets",
@@ -3007,7 +2972,7 @@ export class SafeguardManager {
3007
2972
  title: "Disable Dormant Accounts",
3008
2973
  description: "Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported.",
3009
2974
  implementationGroup: "IG1",
3010
- assetType: ["users"],
2975
+ assetType: ["Users"],
3011
2976
  securityFunction: ["Protect"],
3012
2977
  governanceElements: [
3013
2978
  "Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported"
@@ -3077,7 +3042,7 @@ export class SafeguardManager {
3077
3042
  title: "Restrict Administrator Privileges to Dedicated Administrator Accounts",
3078
3043
  description: "Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user's primary, non-privileged account.",
3079
3044
  implementationGroup: "IG1",
3080
- assetType: ["users"],
3045
+ assetType: ["Users"],
3081
3046
  securityFunction: ["Protect"],
3082
3047
  governanceElements: [
3083
3048
  "Restrict administrator privileges to dedicated administrator accounts on enterprise assets",
@@ -3153,7 +3118,7 @@ export class SafeguardManager {
3153
3118
  title: "Establish and Maintain an Inventory of Service Accounts",
3154
3119
  description: "Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.",
3155
3120
  implementationGroup: "IG2",
3156
- assetType: ["users"],
3121
+ assetType: ["Users"],
3157
3122
  securityFunction: ["Identify"],
3158
3123
  governanceElements: [
3159
3124
  "Establish and maintain an inventory of service accounts",
@@ -3232,7 +3197,7 @@ export class SafeguardManager {
3232
3197
  title: "Centralize Account Management",
3233
3198
  description: "Centralize account management through a directory or identity service.",
3234
3199
  implementationGroup: "IG2",
3235
- assetType: ["users"],
3200
+ assetType: ["Users"],
3236
3201
  securityFunction: ["Govern"],
3237
3202
  governanceElements: [
3238
3203
  "Centralize account management through a directory or identity service"
@@ -3302,7 +3267,7 @@ export class SafeguardManager {
3302
3267
  title: "Establish an Access Granting Process",
3303
3268
  description: "Establish and follow a documented process, preferably automated, for granting access to enterprise assets upon new hire or role change of a user.",
3304
3269
  implementationGroup: "IG1",
3305
- assetType: ["users"],
3270
+ assetType: ["Users"],
3306
3271
  securityFunction: ["Govern"],
3307
3272
  governanceElements: [
3308
3273
  "Establish",
@@ -3379,7 +3344,7 @@ export class SafeguardManager {
3379
3344
  title: "Establish an Access Revoking Process",
3380
3345
  description: "Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.",
3381
3346
  implementationGroup: "IG1",
3382
- assetType: ["users"],
3347
+ assetType: ["Users"],
3383
3348
  securityFunction: ["Govern"],
3384
3349
  governanceElements: [
3385
3350
  "Establish",
@@ -3461,7 +3426,7 @@ export class SafeguardManager {
3461
3426
  title: "Require MFA for Externally-Exposed Applications",
3462
3427
  description: "Require all externally-exposed enterprise or third-party applications to enforce MFA, where supported. Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard.",
3463
3428
  implementationGroup: "IG1",
3464
- assetType: ["users"],
3429
+ assetType: ["Users"],
3465
3430
  securityFunction: ["Protect"],
3466
3431
  governanceElements: [
3467
3432
  "Require",
@@ -3536,7 +3501,7 @@ export class SafeguardManager {
3536
3501
  title: "Require MFA for Remote Network Access",
3537
3502
  description: "Require MFA for remote network access.",
3538
3503
  implementationGroup: "IG1",
3539
- assetType: ["users"],
3504
+ assetType: ["Users"],
3540
3505
  securityFunction: ["Protect"],
3541
3506
  governanceElements: [
3542
3507
  "Require",
@@ -3606,7 +3571,7 @@ export class SafeguardManager {
3606
3571
  title: "Require MFA for Administrative Access",
3607
3572
  description: "Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a service provider.",
3608
3573
  implementationGroup: "IG1",
3609
- assetType: ["users"],
3574
+ assetType: ["Users"],
3610
3575
  securityFunction: ["Protect"],
3611
3576
  governanceElements: [
3612
3577
  "Require",
@@ -3759,7 +3724,7 @@ export class SafeguardManager {
3759
3724
  title: "Centralize Access Control",
3760
3725
  description: "Centralize access control for all enterprise assets through a directory service or SSO provider, where supported.",
3761
3726
  implementationGroup: "IG2",
3762
- assetType: ["users"],
3727
+ assetType: ["Users"],
3763
3728
  securityFunction: ["Protect"],
3764
3729
  governanceElements: [
3765
3730
  "Centralize",
@@ -3837,7 +3802,7 @@ export class SafeguardManager {
3837
3802
  title: "Define and Maintain Role-Based Access Control",
3838
3803
  description: "Define and maintain role-based access control, through determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties. Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule at a minimum annually, or more frequently.",
3839
3804
  implementationGroup: "IG3",
3840
- assetType: ["users"],
3805
+ assetType: ["Users"],
3841
3806
  securityFunction: ["Govern"],
3842
3807
  governanceElements: [
3843
3808
  "Define",
@@ -4087,7 +4052,7 @@ export class SafeguardManager {
4087
4052
  title: "Perform Automated Operating System Patch Management",
4088
4053
  description: "Perform automated operating system patch management on enterprise assets",
4089
4054
  implementationGroup: "IG1",
4090
- assetType: ["devices"],
4055
+ assetType: ["Devices"],
4091
4056
  securityFunction: ["Protect"],
4092
4057
  governanceElements: [
4093
4058
  "perform automated OS patch management",
@@ -4251,7 +4216,7 @@ export class SafeguardManager {
4251
4216
  title: "Perform Automated Vulnerability Scans of Internal Enterprise Assets",
4252
4217
  description: "Perform automated vulnerability scans of internal enterprise assets on a quarterly or more frequent basis",
4253
4218
  implementationGroup: "IG2",
4254
- assetType: ["devices", "Software"],
4219
+ assetType: ["Devices", "Software"],
4255
4220
  securityFunction: ["Detect"],
4256
4221
  governanceElements: [
4257
4222
  "perform automated vulnerability scans",
@@ -4333,7 +4298,7 @@ export class SafeguardManager {
4333
4298
  title: "Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets",
4334
4299
  description: "Perform automated vulnerability scans of externally-exposed enterprise assets using either an internal or external vulnerability scanning service",
4335
4300
  implementationGroup: "IG2",
4336
- assetType: ["devices", "Software"],
4301
+ assetType: ["Devices", "Software"],
4337
4302
  securityFunction: ["Detect"],
4338
4303
  governanceElements: [
4339
4304
  "perform automated vulnerability scans",
@@ -5429,7 +5394,7 @@ export class SafeguardManager {
5429
5394
  title: "Use DNS Filtering Services",
5430
5395
  description: "Use DNS filtering services on all end-user devices, including remote and on-premise assets, to block access to known malicious domains",
5431
5396
  implementationGroup: "IG1",
5432
- assetType: ["devices", "network"],
5397
+ assetType: ["Devices", "network"],
5433
5398
  securityFunction: ["Protect"],
5434
5399
  governanceElements: [
5435
5400
  "use DNS filtering services on all end-user devices",
@@ -5901,7 +5866,7 @@ export class SafeguardManager {
5901
5866
  title: "Deploy and Maintain Anti-Malware Software",
5902
5867
  description: "Deploy and maintain anti-malware software on all enterprise assets",
5903
5868
  implementationGroup: "IG1",
5904
- assetType: ["devices"],
5869
+ assetType: ["Devices"],
5905
5870
  securityFunction: ["Detect"],
5906
5871
  governanceElements: [
5907
5872
  "deploy anti-malware software",
@@ -5980,7 +5945,7 @@ export class SafeguardManager {
5980
5945
  title: "Configure Automatic Anti-Malware Signature Updates",
5981
5946
  description: "Configure automatic updates for anti-malware signature files on all enterprise assets",
5982
5947
  implementationGroup: "IG1",
5983
- assetType: ["devices"],
5948
+ assetType: ["Devices"],
5984
5949
  securityFunction: ["Protect"],
5985
5950
  governanceElements: [
5986
5951
  "configure automatic updates",
@@ -6054,7 +6019,7 @@ export class SafeguardManager {
6054
6019
  title: "Disable Autorun and Autoplay for Removable Media",
6055
6020
  description: "Disable autorun and autoplay auto-execute functionality for removable media",
6056
6021
  implementationGroup: "IG1",
6057
- assetType: ["devices"],
6022
+ assetType: ["Devices"],
6058
6023
  securityFunction: ["Protect"],
6059
6024
  governanceElements: [
6060
6025
  "disable autorun functionality",
@@ -6133,7 +6098,7 @@ export class SafeguardManager {
6133
6098
  title: "Configure Automatic Anti-Malware Scanning of Removable Media",
6134
6099
  description: "Configure anti-malware software to automatically scan removable media",
6135
6100
  implementationGroup: "IG2",
6136
- assetType: ["devices"],
6101
+ assetType: ["Devices"],
6137
6102
  securityFunction: ["Detect"],
6138
6103
  governanceElements: [
6139
6104
  "configure anti-malware software",
@@ -6211,7 +6176,7 @@ export class SafeguardManager {
6211
6176
  title: "Enable Anti-Exploitation Features",
6212
6177
  description: "Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™",
6213
6178
  implementationGroup: "IG2",
6214
- assetType: ["devices"],
6179
+ assetType: ["Devices"],
6215
6180
  securityFunction: ["Protect"],
6216
6181
  governanceElements: [
6217
6182
  "enable anti-exploitation features",
@@ -6291,7 +6256,7 @@ export class SafeguardManager {
6291
6256
  title: "Centrally Manage Anti-Malware Software",
6292
6257
  description: "Centrally manage anti-malware software",
6293
6258
  implementationGroup: "IG2",
6294
- assetType: ["devices"],
6259
+ assetType: ["Devices"],
6295
6260
  securityFunction: ["Protect"],
6296
6261
  governanceElements: [
6297
6262
  "centrally manage anti-malware",
@@ -6367,7 +6332,7 @@ export class SafeguardManager {
6367
6332
  title: "Use Behavior-Based Anti-Malware Software",
6368
6333
  description: "Use behavior-based anti-malware software",
6369
6334
  implementationGroup: "IG2",
6370
- assetType: ["devices"],
6335
+ assetType: ["Devices"],
6371
6336
  securityFunction: ["Detect"],
6372
6337
  governanceElements: [
6373
6338
  "use behavior-based anti-malware",
@@ -7335,7 +7300,7 @@ export class SafeguardManager {
7335
7300
  title: "Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise's AAA Infrastructure",
7336
7301
  description: "Require users to authenticate to enterprise-managed VPN and authentication services prior to accessing enterprise resources on end-user devices",
7337
7302
  implementationGroup: "IG2",
7338
- assetType: ["devices"],
7303
+ assetType: ["Devices"],
7339
7304
  securityFunction: ["Protect"],
7340
7305
  governanceElements: [
7341
7306
  "require users to authenticate to enterprise-managed VPN",
@@ -7415,7 +7380,7 @@ export class SafeguardManager {
7415
7380
  title: "Establish and Maintain Dedicated Computing Resources for All Administrative Work",
7416
7381
  description: "Establish and maintain dedicated computing resources, either physically or logically separated, for all administrative tasks or tasks requiring administrative access. The computing resources should be segmented from the enterprise's primary network and not be allowed internet access",
7417
7382
  implementationGroup: "IG3",
7418
- assetType: ["devices"],
7383
+ assetType: ["Devices"],
7419
7384
  securityFunction: ["Protect"],
7420
7385
  governanceElements: [
7421
7386
  "establish dedicated computing resources for administrative work",
@@ -7497,7 +7462,7 @@ export class SafeguardManager {
7497
7462
  title: "Centralize Security Event Alerting",
7498
7463
  description: "Centralize security event alerting across enterprise assets for log correlation and analysis. Security event alerting includes, at a minimum, active exploitation attempts of enterprise assets",
7499
7464
  implementationGroup: "IG2",
7500
- assetType: ["network", "devices"],
7465
+ assetType: ["network", "Devices"],
7501
7466
  securityFunction: ["Detect"],
7502
7467
  governanceElements: [
7503
7468
  "centralize security event alerting across enterprise assets",
@@ -7576,7 +7541,7 @@ export class SafeguardManager {
7576
7541
  title: "Deploy a Host-Based Intrusion Detection Solution",
7577
7542
  description: "Deploy a host-based intrusion detection solution on enterprise assets, where technically feasible",
7578
7543
  implementationGroup: "IG2",
7579
- assetType: ["devices"],
7544
+ assetType: ["Devices"],
7580
7545
  securityFunction: ["Detect"],
7581
7546
  governanceElements: [
7582
7547
  "deploy host-based intrusion detection solution",
@@ -7802,7 +7767,7 @@ export class SafeguardManager {
7802
7767
  title: "Manage Access Control for Remote Assets",
7803
7768
  description: "Manage access control for assets remotely connecting to enterprise networks. Determine amount of access to the enterprise network based on: up-to-date anti-malware software, up-to date system patches, up-to-date host-based firewall, and up-to-date host-based intrusion detection or intrusion prevention system",
7804
7769
  implementationGroup: "IG2",
7805
- assetType: ["devices", "network"],
7770
+ assetType: ["Devices", "network"],
7806
7771
  securityFunction: ["Protect"],
7807
7772
  governanceElements: [
7808
7773
  "manage access control for assets remotely connecting to enterprise networks",
@@ -7956,7 +7921,7 @@ export class SafeguardManager {
7956
7921
  title: "Deploy a Host-Based Intrusion Prevention Solution",
7957
7922
  description: "Deploy a host-based intrusion prevention solution on enterprise assets, where technically feasible",
7958
7923
  implementationGroup: "IG3",
7959
- assetType: ["devices"],
7924
+ assetType: ["Devices"],
7960
7925
  securityFunction: ["Respond"],
7961
7926
  governanceElements: [
7962
7927
  "deploy host-based intrusion prevention solution",
@@ -8257,7 +8222,7 @@ export class SafeguardManager {
8257
8222
  title: "Tune Security Event Alerting Thresholds",
8258
8223
  description: "Tune security event alerting thresholds monthly, or more frequently",
8259
8224
  implementationGroup: "IG3",
8260
- assetType: ["network", "devices"],
8225
+ assetType: ["network", "Devices"],
8261
8226
  securityFunction: ["Detect"],
8262
8227
  governanceElements: [
8263
8228
  "tune security event alerting thresholds",
@@ -8331,7 +8296,7 @@ export class SafeguardManager {
8331
8296
  title: "Establish and Maintain a Security Awareness Program",
8332
8297
  description: "Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise's workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard",
8333
8298
  implementationGroup: "IG1",
8334
- assetType: ["users"],
8299
+ assetType: ["Users"],
8335
8300
  securityFunction: ["Govern"],
8336
8301
  governanceElements: [
8337
8302
  "establish and maintain a security awareness program",
@@ -8413,7 +8378,7 @@ export class SafeguardManager {
8413
8378
  title: "Train Workforce Members to Recognize Social Engineering Attacks",
8414
8379
  description: "Train workforce members to recognize social engineering attacks, such as phishing, business email compromise (BEC), pretexting, and tailgating",
8415
8380
  implementationGroup: "IG1",
8416
- assetType: ["users"],
8381
+ assetType: ["Users"],
8417
8382
  securityFunction: ["Protect"],
8418
8383
  governanceElements: [
8419
8384
  "train workforce members to recognize social engineering attacks",
@@ -8492,7 +8457,7 @@ export class SafeguardManager {
8492
8457
  title: "Train Workforce Members on Authentication Best Practices",
8493
8458
  description: "Train workforce members on authentication best practices. Example topics include MFA, password composition, and credential management",
8494
8459
  implementationGroup: "IG1",
8495
- assetType: ["users"],
8460
+ assetType: ["Users"],
8496
8461
  securityFunction: ["Protect"],
8497
8462
  governanceElements: [
8498
8463
  "train workforce members on authentication best practices",
@@ -8569,7 +8534,7 @@ export class SafeguardManager {
8569
8534
  title: "Train Workforce on Data Handling Best Practices",
8570
8535
  description: "Train workforce members on how to identify and properly store, transfer, archive, and destroy sensitive data. This also includes training workforce members on clear screen and desk best practices, such as locking their screen when they step away from their enterprise asset, erasing physical and virtual whiteboards at the end of meetings, and storing data and assets securely",
8571
8536
  implementationGroup: "IG1",
8572
- assetType: ["users"],
8537
+ assetType: ["Users"],
8573
8538
  securityFunction: ["Protect"],
8574
8539
  governanceElements: [
8575
8540
  "train workforce members on how to identify and properly store, transfer, archive, and destroy sensitive data",
@@ -8654,7 +8619,7 @@ export class SafeguardManager {
8654
8619
  title: "Train Workforce Members on Causes of Unintentional Data Exposure",
8655
8620
  description: "Train workforce members to be aware of causes for unintentional data exposure. Example topics include mis-delivery of sensitive data, losing a portable end-user device, or publishing data to unintended audiences",
8656
8621
  implementationGroup: "IG1",
8657
- assetType: ["users"],
8622
+ assetType: ["Users"],
8658
8623
  securityFunction: ["Protect"],
8659
8624
  governanceElements: [
8660
8625
  "train workforce members to be aware of causes for unintentional data exposure",
@@ -8731,7 +8696,7 @@ export class SafeguardManager {
8731
8696
  title: "Train Workforce Members on Recognizing and Reporting Security Incidents",
8732
8697
  description: "Train workforce members to be able to recognize a potential incident and be able to report such an incident",
8733
8698
  implementationGroup: "IG1",
8734
- assetType: ["users"],
8699
+ assetType: ["Users"],
8735
8700
  securityFunction: ["Protect"],
8736
8701
  governanceElements: [
8737
8702
  "train workforce members to be able to recognize a potential incident",
@@ -8806,7 +8771,7 @@ export class SafeguardManager {
8806
8771
  title: "Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates",
8807
8772
  description: "Train workforce to understand how to verify and report out-of-date software patches or any failures in automated processes and tools. Part of this training should include notifying IT personnel of any failures in automated processes and tools",
8808
8773
  implementationGroup: "IG1",
8809
- assetType: ["users"],
8774
+ assetType: ["Users"],
8810
8775
  securityFunction: ["Protect"],
8811
8776
  governanceElements: [
8812
8777
  "train workforce to understand how to verify and report out-of-date software patches",
@@ -8887,7 +8852,7 @@ export class SafeguardManager {
8887
8852
  title: "Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks",
8888
8853
  description: "Train workforce members on the dangers of connecting to, and transmitting data over, insecure networks for enterprise activities. If the enterprise has remote workers, training must include guidance to ensure that all users securely configure their home network infrastructure",
8889
8854
  implementationGroup: "IG1",
8890
- assetType: ["users"],
8855
+ assetType: ["Users"],
8891
8856
  securityFunction: ["Protect"],
8892
8857
  governanceElements: [
8893
8858
  "train workforce members on dangers of connecting to and transmitting data over insecure networks",
@@ -8967,7 +8932,7 @@ export class SafeguardManager {
8967
8932
  title: "Conduct Role-Specific Security Awareness and Skills Training",
8968
8933
  description: "Conduct role-specific security awareness and skills training. Example implementations include secure system administration courses for IT professionals, OWASP Top 10 vulnerability awareness and prevention training for web application developers, and advanced social engineering awareness training for high-profile roles",
8969
8934
  implementationGroup: "IG2",
8970
- assetType: ["users"],
8935
+ assetType: ["Users"],
8971
8936
  securityFunction: ["Protect"],
8972
8937
  governanceElements: [
8973
8938
  "conduct role-specific security awareness and skills training",
@@ -9045,7 +9010,7 @@ export class SafeguardManager {
9045
9010
  title: "Establish and Maintain an Inventory of Service Providers",
9046
9011
  description: "Establish and maintain an inventory of service providers. The inventory is to list all known service providers, include classification(s), and designate an enterprise contact for each service provider. Review and update the inventory annually, or when significant enterprise changes occur that could impact this Safeguard",
9047
9012
  implementationGroup: "IG1",
9048
- assetType: ["users"],
9013
+ assetType: ["Users"],
9049
9014
  securityFunction: ["Identify"],
9050
9015
  governanceElements: [
9051
9016
  "establish and maintain an inventory of service providers",
@@ -9125,7 +9090,7 @@ export class SafeguardManager {
9125
9090
  title: "Establish and Maintain a Service Provider Management Policy",
9126
9091
  description: "Establish and maintain a service provider management policy. Ensure the policy addresses the classification, inventory, assessment, monitoring, and decommissioning of service providers. Review and update the policy annually, or when significant enterprise changes occur that could impact this Safeguard",
9127
9092
  implementationGroup: "IG2",
9128
- assetType: ["users"],
9093
+ assetType: ["Users"],
9129
9094
  securityFunction: ["Govern"],
9130
9095
  governanceElements: [
9131
9096
  "establish and maintain a service provider management policy",
@@ -9210,7 +9175,7 @@ export class SafeguardManager {
9210
9175
  title: "Classify Service Providers",
9211
9176
  description: "Classify service providers. Classification consideration may include one or more characteristics, such as data sensitivity, data volume, availability requirements, applicable regulations, inherent risk, and mitigated risk. Update and review classifications annually, or when significant enterprise changes occur that could impact this Safeguard",
9212
9177
  implementationGroup: "IG2",
9213
- assetType: ["users"],
9178
+ assetType: ["Users"],
9214
9179
  securityFunction: ["Govern"],
9215
9180
  governanceElements: [
9216
9181
  "classify service providers",
@@ -9293,7 +9258,7 @@ export class SafeguardManager {
9293
9258
  title: "Ensure Service Provider Contracts Include Security Requirements",
9294
9259
  description: "Ensure service provider contracts include security requirements. Example requirements may include minimum security program requirements, security incident and/or data breach notification and response, data encryption requirements, and data disposal commitments. These security requirements must be consistent with the enterprise's service provider management policy. Review service provider contracts annually to ensure contracts are not missing security requirements",
9295
9260
  implementationGroup: "IG2",
9296
- assetType: ["users"],
9261
+ assetType: ["Users"],
9297
9262
  securityFunction: ["Govern"],
9298
9263
  governanceElements: [
9299
9264
  "ensure service provider contracts include security requirements",
@@ -9375,7 +9340,7 @@ export class SafeguardManager {
9375
9340
  title: "Assess Service Providers",
9376
9341
  description: "Assess service providers consistent with the enterprise's service provider management policy. Assessment scope may vary based on classification(s), and may include review of standardized assessment reports, such as Service Organization Control 2 (SOC 2) and Payment Card Industry (PCI) Attestation of Compliance (AoC), customized questionnaires, or other appropriately rigorous processes. Reassess service providers annually, at a minimum, or with new and renewed contracts",
9377
9342
  implementationGroup: "IG3",
9378
- assetType: ["users"],
9343
+ assetType: ["Users"],
9379
9344
  securityFunction: ["Govern"],
9380
9345
  governanceElements: [
9381
9346
  "assess service providers consistent with enterprise's service provider management policy",
@@ -10240,7 +10205,7 @@ export class SafeguardManager {
10240
10205
  title: "Train Developers in Application Security Concepts and Secure Coding",
10241
10206
  description: "Ensure that all software development personnel receive training in writing secure code for their specific development environment and responsibilities. Training can include general security principles and application security standard practices. Conduct training at least annually and design in a way to promote security within the development team, and build a culture of security among the developers",
10242
10207
  implementationGroup: "IG2",
10243
- assetType: ["users"],
10208
+ assetType: ["Users"],
10244
10209
  securityFunction: ["Protect"],
10245
10210
  governanceElements: [
10246
10211
  "ensure that all software development personnel receive training in writing secure code",
@@ -10716,7 +10681,7 @@ export class SafeguardManager {
10716
10681
  title: "Designate Personnel to Manage Incident Handling",
10717
10682
  description: "Designate one key person, and at least one backup, who will manage the enterprise's incident handling process. Management personnel are responsible for the coordination and documentation of incident response and recovery efforts and can consist of employees internal to the enterprise, service providers, or a hybrid approach. If using a service provider, designate at least one person internal to the enterprise to oversee any third-party work. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
10718
10683
  implementationGroup: "IG1",
10719
- assetType: ["users"],
10684
+ assetType: ["Users"],
10720
10685
  securityFunction: ["Respond"],
10721
10686
  governanceElements: [
10722
10687
  "designate one key person and at least one backup who will manage the enterprise's incident handling process",
@@ -10794,7 +10759,7 @@ export class SafeguardManager {
10794
10759
  title: "Establish and Maintain Contact Information for Reporting Security Incidents",
10795
10760
  description: "Establish and maintain contact information for reporting security incidents. This information must be available to all workforce members and should include various contact methods (e.g., phone, email) and be regularly updated. Consider the availability of these contact methods in different circumstances, such as when primary communication systems are compromised",
10796
10761
  implementationGroup: "IG1",
10797
- assetType: ["users"],
10762
+ assetType: ["Users"],
10798
10763
  securityFunction: ["Respond"],
10799
10764
  governanceElements: [
10800
10765
  "establish and maintain contact information for reporting security incidents",
@@ -10870,7 +10835,7 @@ export class SafeguardManager {
10870
10835
  title: "Establish and Maintain an Enterprise Process for Reporting Incidents",
10871
10836
  description: "Establish and maintain an documented enterprise process for the workforce to report security incidents. The process includes reporting timeframe, personnel to report to, mechanism for reporting, and the minimum information to be reported. Ensure the process is publicly available to all of the workforce. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
10872
10837
  implementationGroup: "IG1",
10873
- assetType: ["users"],
10838
+ assetType: ["Users"],
10874
10839
  securityFunction: ["Govern"],
10875
10840
  governanceElements: [
10876
10841
  "establish and maintain a documented enterprise process for the workforce to report security incidents",
@@ -10948,7 +10913,7 @@ export class SafeguardManager {
10948
10913
  title: "Establish and Maintain an Incident Response Process",
10949
10914
  description: "Establish and maintain a documented incident response process that addresses roles and responsibilities, compliance requirements, and a communication plan. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
10950
10915
  implementationGroup: "IG2",
10951
- assetType: ["users"],
10916
+ assetType: ["Users"],
10952
10917
  securityFunction: ["Govern"],
10953
10918
  governanceElements: [
10954
10919
  "establish and maintain a documented incident response process",
@@ -11023,7 +10988,7 @@ export class SafeguardManager {
11023
10988
  title: "Assign Key Roles and Responsibilities",
11024
10989
  description: "Assign key roles and responsibilities for incident response, including staff from legal, IT, information security, facilities, public relations, human resources, incident responders, and analysts. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
11025
10990
  implementationGroup: "IG2",
11026
- assetType: ["users"],
10991
+ assetType: ["Users"],
11027
10992
  securityFunction: ["Respond"],
11028
10993
  governanceElements: [
11029
10994
  "assign key roles and responsibilities for incident response",
@@ -11101,7 +11066,7 @@ export class SafeguardManager {
11101
11066
  title: "Define Mechanisms for Communicating During Incident Response",
11102
11067
  description: "Determine which primary and secondary mechanisms will be used to communicate and report during a security incident. Mechanisms can include phone calls, emails, secure chat or notification letters. Keep in mind that certain mechanisms, such as emails, can be affected during a security incident. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
11103
11068
  implementationGroup: "IG2",
11104
- assetType: ["users"],
11069
+ assetType: ["Users"],
11105
11070
  securityFunction: ["Respond"],
11106
11071
  governanceElements: [
11107
11072
  "determine which primary and secondary mechanisms will be used to communicate and report during a security incident",
@@ -11178,7 +11143,7 @@ export class SafeguardManager {
11178
11143
  title: "Conduct Routine Incident Response Exercises",
11179
11144
  description: "Plan and conduct routine incident response exercises and scenarios for key personnel involved in the incident response process to prepare for responding to real-world incidents. Exercises need to test communication channels, decision-making, and workflows. Conduct testing on an annual basis, at a minimum",
11180
11145
  implementationGroup: "IG2",
11181
- assetType: ["users"],
11146
+ assetType: ["Users"],
11182
11147
  securityFunction: ["Recover"],
11183
11148
  governanceElements: [
11184
11149
  "plan and conduct routine incident response exercises and scenarios for key personnel involved in the incident response process",
@@ -11255,7 +11220,7 @@ export class SafeguardManager {
11255
11220
  title: "Conduct Post-Incident Reviews",
11256
11221
  description: "Conduct post-incident reviews. Post-incident reviews help prevent incident recurrence through identifying lessons learned and follow-up action",
11257
11222
  implementationGroup: "IG2",
11258
- assetType: ["users"],
11223
+ assetType: ["Users"],
11259
11224
  securityFunction: ["Recover"],
11260
11225
  governanceElements: [
11261
11226
  "conduct post-incident reviews"
@@ -11328,7 +11293,7 @@ export class SafeguardManager {
11328
11293
  title: "Establish and Maintain Security Incident Thresholds",
11329
11294
  description: "Establish and maintain security incident thresholds, including, at a minimum, differentiating between an incident and an event. Examples can include: abnormal activity, security vulnerability, security weakness, data breach, privacy incident, etc. Review annually, or when significant enterprise changes occur that could impact this Safeguard",
11330
11295
  implementationGroup: "IG3",
11331
- assetType: ["users"],
11296
+ assetType: ["Users"],
11332
11297
  securityFunction: ["Recover"],
11333
11298
  governanceElements: [
11334
11299
  "establish and maintain security incident thresholds",