Transcription
Contact rgsoc@msisac.org518.266.3460In an effort to assist State, Local, Tribal & Territorial(SLTT) governments in advancing their cybersecuritypractices, the Multi-State Information Sharing & AnalysisCenter (MS‑ISAC) has mapped the following services andresources to the NIST Cybersecurity Framework (NIST CSF):MS‑ISAC Services, CIS Services, FedVTE Training, SANSPolicy Templates, and additional open source documents.Some services and resources are free to MS-ISAC members(MS‑ISAC membership is always free to all SLTTs) andothers are affordable for-fee services for SLTTs availablethrough CIS Services and CIS CyberMarket.MS‑ISAC is offering this guide to the SLTT community, as aresource to assist with the application and advancementof establishing best practices, implementing cybersecuritypolicies, and increasing overall cybersecurity maturity.
Functions KeyIdentify FunctionThe activities under this functional area are key for an organization’s understanding of their current internal culture,infrastructure, and risk tolerance. This functional area tends to be one of the lowest-rated functions for manyorganizations. Immature capabilities in the Identify Function may hinder an organization’s ability to effectively applyrisk management principles for cybersecurity. By incorporating sound risk management principles into cybersecurityprograms, organizations will be able to continuously align their efforts towards protecting their most valuable assetsagainst the most relevant risks.Protect FunctionThe activities under the Protect Function pertain to different methods and activities that reduce the likelihoodof cybersecurity events from happening and ensure that the appropriate controls are in place to deliver criticalservices. These controls are focused on preventing cybersecurity events from occurring through common attackvectors, including attacks targeting users and attacks leveraging inherent weakness in applications and networkcommunication.Detect FunctionThe quicker an organization is able to detect a cybersecurity incident, the better positioned it is to be able to remediatethe problem and reduce the consequences of the event. Activities found within the Detect Function pertain to anorganization’s ability to identify incidents. These controls are becoming more important as the quantity of logs andevents occurring within an environment can be overwhelming to handle and can make it difficult to identify the keyconcerns. This function continues to represent the largest maturity gap between state and local governments.Respond FunctionAn organization’s ability to quickly and appropriately respond to an incident plays a large role in reducing the incident’sconsequences. As such, the activities within the Respond Function examine how an organization plans, analyzes,communicates, mitigates, and improves its response capabilities. For many organizations, integration and cooperationwith other entities is key. Many organizations do not have the internal resources to handle all components of incidentresponse. One example is the ability to conduct forensics after an incident, which helps organizations identify andremediate the original attack vector. This gap can be addressed through resource sharing within the SLTT communityand leveraging organizations such as MS-ISAC and DHS’s National Cybersecurity and Communications IntegrationCenter (NCCIC), which have dedicated resources to provide incident response at no cost to the victim.Recover FunctionActivities within the Recover Function pertain to an organization’s ability to return to its baseline after an incidenthas occurred. Such controls are focused not only on activities to recover from the incident, but also on many of thecomponents dedicated to managing response plans throughout their lifecycle.Resource Guidewww.cisecurity.org/ms-isacPage 2
IDENTIFYFunction CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEID.AM-1Physical devices and systemswithin the organization areinventoried Nmap OpenVAS SnipeIT ID.AM-2Software platforms andapplications within theorganization are inventoried SnipeIT Draw.io Cyber Risk Management for Managers;CMaaS Overview;CMaaS Technical Overview Course;CMaaS Transition Classroom Sessions;D B Evaluations using AppDetectivePro & dbProtect;Dynamic Testing using HPE WebInspect;Static Code Analysis using HPE Fortify;Static Code Analysis using Synopsis Coverity;ISACA Certified Information Security Manager (CISM)Prep;(ISC)2 (TM) CAP Certification Prep Self Study 2014;CDM Module 3: Software Asset Management;(ISC)2 (TM) CISSP (R) Certification Prep 2018;(ISC)2(TM) Systems Security Certified Practitioner; Cyber Risk Management for Managers;CompTIA Advanced Security Practitioner;Cisco CCENT Self-Study Prep;(ISC)2 (TM) CISSP (R) Certification Prep 2018;(ISC)2 (TM) CISSP Concentration: ISSEP Prep;ID.AM-3Organizationalcommunication and dataflows are mappedID.AM-4External information systemsare catalogued Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2(TM) Systems Security Certified Practitioner;ID.AM-5Resources (e.g., hardware,devices, data, and software)are prioritized based on theirclassification, criticality, andbusiness value Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CDM Module 2: Hardware Asset; CDM Module 3: Software Asset Management; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep;Cybersecurity roles andresponsibilities for the entireworkforce and third-partystakeholders (e.g., suppliers,customers, partners) areestablished The Election Official as IT Manager; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;ID.AM-6Resource Guidewww.cisecurity.org/ms-isacPolicy TemplateCyber Risk Management for Managers;CMaaS Overview;CMaaS Technical Overview Course;CMaaS Transition Classroom Sessions;ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner; SANS: AcquisitionAssessmentPage 3
IDENTIFYFunction CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEID.BE-1The organization’s role inthe supply chain is identifiedand communicated ISACA Certified Information Security Manager (CISM)Prep;ID.BE-2The organization’s place incritical infrastructure and itsindustry sector is identifiedand communicated 101 - Critical Infrastructure Protection;ID.BE-3Priorities for organizationalmission, objectives, andactivities are establishedand communicated Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; 101 - Critical Infrastructure Protection; Cybersecurity Overview for Managers; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;ID.BE-4Dependencies and criticalfunctions for deliveryof critical services areestablished Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; 101 - Critical Infrastructure Protection; CompTIA Security ; (ISC)2 (TM) CISSP Concentration: ISSEP Prep;ID.BE-5Resilience requirements tosupport delivery of criticalservices are established 101 - Critical Infrastructure Protection; CompTIA Security ; (ISC)2 (TM) CISSP Concentration: ISSEP Prep;ID.GV-1Organizational informationsecurity policy is established ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; Emerging Cybersecurity Threats; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;ID.GV-2Information security roles& responsibilities arecoordinated and alignedwith internal roles andexternal partnersResource Guide Eramba GRCwww.cisecurity.org/ms-isacPolicy Template Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; 101 - Critical Infrastructure Protection; Cybersecurity Overview for Managers; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;Page 4
IDENTIFYFunction CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEID.GV-3Legal and regulatoryrequirements regardingcybersecurity, includingprivacy and civil libertiesobligations, are understoodand managed Eramba GRC EC-Council Certified Ethical Hacker (CEHv9) Self-StudyPrep; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; Emerging Cybersecurity Threats; 101 Reverse Engineering; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;ID.GV-4Governace and riskmanagement processesaddress cybersecurity risks Eramba GRC Cyber Risk Management for Technicians; Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; CompTIA Advanced Security Practitioner; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018; (ISC)2 (TM) Systems Security Certified Practitioner;ID.RA-1Asset vulnerabilities areidentified and documented Nmap OpenVAS Cyber Risk Management for Technicians; Cyber Risk Management for Managers; EC-Council Certified Ethical Hacker (CEHv9) Self-StudyPrep; CMaaS Overview; CMaaS Technical Overview Course; CMaaS Transition Classroom Sessions; DB Evaluations using AppDetectivePro & dbProtect; Dynamic Testing using HPE WebInspect; Introduction to Threat Hunting Teams; Static Code Analysis using HPE Fortify; Static Code Analysis using Synopsis Coverity; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CDM Module 5: Vulnerability Management; CompTIA Advanced Security Practitioner; CompTIA Cybersecurity Analyst (CySA ) Prep; Radio Frequency Identification (RFID) Security; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP: ISSMP Prep 2018;Resource Guide Vulnerability CIS-CAT ProManagement Program(VMP)www.cisecurity.org/ms-isac NetworkPenetrationTest VulnerabilityAssessment WebApplicationPenetrationTestPolicy TemplatePage 5
Function CategorySubcategoryMS-ISAC Service(No Cost)ID.RA-2Threat and vulnerabilityinformation is received frominformation sharing forumsand sources MS-ISAC MembershipID.RA-3Threats, both internal andexternal, are identified anddocumented MS-ISAC MembershipPotential business impactsand likelihoods areidentified MS-ISAC MembershipCIS Service(No Cost)CIS or MS‑ISACService(Fee-Based) NetworkPenetrationTest VulnerabilityAssessmentIDENTIFYID.RA-4Resource GuideOpen Source Nmap OpenVAS CIS-RAM NetworkPenetrationTest VulnerabilityAssessment -isacFedVTE Policy TemplateFoundations of Incident Management;Introduction to Threat Hunting Teams;101 - Critical Infrastructure Protection;CompTIA Cybersecurity Analyst (CySA ) Prep;CDM Module 5: Vulnerability Management;(ISC)2 (TM) CISSP (R) Certification Prep 2018;(ISC)2 (TM) CISSP: ISSMP Prep 2018; Cyber Risk Management for Technicians; Cyber Risk Management for Managers; EC-Council Certified Ethical Hacker; (CEHv9) Self-StudyPrep; CMaaS Overview; CMaaS Technical Overview Course; CMaaS Transition Classroom Sessions; Foundations of Incident Management; Introduction to Threat Hunting Teams; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Cybersecurity Analyst (CySA ) Prep; Cisco CCENT Self-Study Prep; Cisco CCNA Security Self-Study Prep; Cyber Awareness Challenge 2019; CybersecurityOverview for Managers; Emerging CybersecurityThreats; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP: ISSMP Prep 2018; The Election Official as IT Manager; Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; 101 - Critical Infrastructure Protection; CompTIAAdvanced Security Practitioner; Cloud Computing Security; CompTIA Security ; Cybersecurity Overview for Managers; (ISC)2 (TM)CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP: ISSMP Prep 2018;Page 6
Function CategoryIDENTIFYID.RA-5SubcategoryThreats, vulnerabilities,likelihoods, and impacts areused to determine riskMS-ISAC Service(No Cost) MS-ISAC MembershipCIS Service(No Cost) CIS-CAT Pro CISBenchmarks CIS-RAMCIS or MS‑ISACService(Fee-Based) NetworkPenetrationTest VulnerabilityAssessment WebApplicationPenetrationTestOpen SourceFedVTEID.RA-6Risk responses are identifiedand prioritizedID.RM-1Risk managementprocesses are established,managed, and agreed to byorganizational stakeholders The Election Official as IT Manager; Cyber RiskManagement for Managers; ISACA CertifiedInformation Security Manager (CISM) Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; CompTIAAdvanced Security Practitioner; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;ID.RM-2Organizational risk toleranceis determined and clearlyexpressed The Election Official as IT Manager; Cyber RiskManagement for Managers; ISACA CertifiedInformation Security Manager (CISM) Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; CompTIAAdvanced Security Practitioner; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;ID.RM-3The organization'sdetermination of risktolderance is informed by itsrole in critical infrastructureand sector specific riskanalysis The Election Official as IT Manager; Cyber RiskManagement for Managers; ISACA CertifiedInformation Security Manager (CISM) Prep; 101 - Critical Infrastructure Protection; CompTIAAdvanced Security Practitioner; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep;Resource Guidewww.cisecurity.org/ms-isacPolicy Template The Election Official as IT Manager; Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cloud Computing Security; CompTIA Security ; Cybersecurity Overview for Managers; EmergingCybersecurity Threats; 101 - Critical Infrastructure Protection; CompTIAAdvanced Security Practitioner; CompTIA Cybersecurity Analyst (CySA ) Prep; (ISC)2 (TM) CISSP (R) Certification Prep 2018; The Election Official as IT Manager; Cyber RiskManagement for Managers; ISACA CertifiedInformation Security Manager (CISM) Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Advanced Security Practitioner; CompTIA Cybersecurity Analyst (CySA ) Prep; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP: ISSMP Prep 2018;Page 7
IDENTIFYFunction CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEPolicy TemplateID.SC-1Cyber supply chain riskmanagement processesare identified, established,assessed, managed, andagreed to by organizationalstakeholders The Election Official as IT Manager; Cyber RiskManagement for Managers; ISACA CertifiedInformation Security Manager (CISM) Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Advanced Security Practitioner; Cyber Supply Chain Risk Management; (ISC)2 (TM)CISSP Concentration: ISSEP Prep;ID.SC-2Suppliers and third partypartners of informationsystems, components, andservices are identified,prioritized, and assessedusing a cyber supply chainrisk assessment process CompTIA Advanced Security Practitioner; Cyber Supply Chain Risk Management; (ISC)2 (TM)CISSP Concentration: ISSEP Prep;ID.SC-3Contracts with suppliers andthird-party partners are usedto implement appropriatemeasures designed tomeet the objectives of anorganization’s cybersecurityprogram and Cyber SupplyChain Risk ManagementPlan. Cyber Supply Chain Risk Management; (ISC)2 (TM)CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018;ID.SC-4Suppliers and third-partypartners are routinelyassessed using audits, testresults, or other forms ofevaluations to confirm theyare meeting their contractualobligations. EC-Council Certified Ethical Hacker (CEHv9) Self-StudyPrep; Cyber Supply Chain Risk Management; CompTIAAdvanced Security Practitioner; Supply Chain Assurance using Sonatype Nexus; SANS: AcquisitionResponse and recoveryplanning and testing areconducted with suppliersand third-party providers Foundations of Incident Management; CompTIAAdvanced Security Practitioner; Cyber Supply Chain Risk Management; (ISC)2 (TM)CISSP Concentration: ISSEP Prep; SANS: SecurityID.SC-5Resource Guidewww.cisecurity.org/ms-isac SANS: AcquisitionAssessmentAssessmentResponse PlanPage 8
Function CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEIdentities and credentialsare managed for authorizeddevices and users Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Advanced Security Practitioner; SecuringInfrastructure Devices; Cisco CCNA Security Self-StudyPrep; CompTIA Security ; Windows Operating System Security; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner; (ISC)2(TM) Systems Security Certified Practitioner; Linux Operating System Security;PR.AC-2Physical access to assets ismanaged and protected Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Advanced Security Practitioner; CompTIA A 220-902 Certification Prep; CDM Module 2: Hardware Asset; Securing Infrastructure Devices; CompTIA Security ; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner; (ISC)2(TM) Systems Security Certified Practitioner; Mobile and Device Security;PR.AC-3Remote access is managedPROTECTPR.AC-1Resource Guide OpenVPNwww.cisecurity.org/ms-isac CMaaS Technical Overview Course; Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Advanced Security Practitioner; CompTIANetwork N10-007; Cisco CCNA Security Self-Study Prep; CompTIA Security ; Cybersecurity Overview for Managers; EmergingCybersecurity Threats; Windows Operating System Security; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner; (ISC)2(TM) Systems Security Certified Practitioner; Mobile and Device Security;Policy Template SANS: Remote AccessPage 9
Function CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEAccess permissions aremanaged, incorporating theprinciples of least privilegeand separation of duties OpenNAC PacketFence Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Advanced Security Practitioner; CompTIANetwork N10-007; Securing Infrastructure Devices; Cisco CCNA Security Self-Study Prep; CompTIA Security ; Cybersecurity Overview for Managers; WindowsOperating System Security; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner; (ISC)2(TM) Systems Security Certified Practitioner; Linux Operating System Security; Mobile and Device Security;PR.AC-5Network integrity isprotected, incorporatingnetwork segregation whereappropriate pfSense Snort Suricata OpenNAC PacketFence CMaaS Technical Overview Course, CMaaS Overview; CMaaS Technical Overview Course; CMaaS Transition Classroom Sessions; DemilitarizedZone (DMZ) with IDS/IPS; DNSSEC Training Workshop;IPv6 Security Essentials Course; ISACA Certified Information Security Manager (CISM)Prep; Cyber Risk Management for Managers; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Security ; Cybersecurity Overview for Managers; EmergingCybersecurity Threats; Advanced PCAP Analysis and Signature Development(APA); CompTIA Advanced Security Practitioner; Securing theNetwork Perimeter; (ISC)2 (TM) CISSP (R) Certification Prep 2018; LANSecurity Using Switch Features;PROTECTPR.AC-4PR.AC-6Identities are proofed andbound to credentials andasserted in interactionsResource GuidePolicy Template SANS: Lab Security SANS: Router andSwitch Security ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Windows Operating System Security; CompTIA Advanced Security Practitioner; (ISC)2 (TM)CISSP (R) Certification Prep 2018; (ISC)2 (TM) SystemsSecurity Certified Practitioner; (ISC)2(TM) Systems Security Certified Practitioner; Linux Operating System Security;www.cisecurity.org/ms-isacPage 10
PROTECTFunction CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEPR.AC-7Users, devices, and otherassets are authenticated(e.g., single-factor, multifactor) commensurate withthe risk of the transaction(e.g., individuals’ securityand privacy risks and otherorganizational risks)PR.AT-1All users are informed andtrainedPR.AT-2Privileged users understandroles & responsibilitiesPR.AT-3Third-party stakeholders(e.g., suppliers, customers,partners) understand roles &responsibilitiesPR.AT-4Senior executivesunderstand roles &responsibilities Eramba GRC The Election Official as IT Manager; Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; Cybersecurity Overview for Managers; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM)CISSP: ISSMP Prep 2018;PR.AT-5Physical and informationsecurity personnelunderstand roles &responsibilities Eramba GRC The Election Official as IT Manager; Cyber Risk Management for Managers; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM)CISSP: ISSMP Prep 2018;Resource GuidePolicy Template ISACA Certified Information Security Manager (CISM)Prep; Cyber Risk Management for Managers; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Security ; Cybersecurity Overview for Managers; EmergingCybersecurity Threats; CDM Module 2: Hardware Asset; CompTIA A 220-902 Certification Prep; CompTIAAdvanced Security Practitioner; (ISC)2 (TM) CISSP (R)Certification Prep 2018; (ISC)2 (TM) Systems SecurityCertified Practitioner; MS-ISAC Membership Foundations of Incident Management; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cyber Awareness Challenge 2019; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP: ISSMP Prep 2018; Eramba GRC ISACA Certified Information Security Manager (CISM)Prep; Cybersecurity Overview for Managers; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM)CISSP: ISSMP Prep 2018; ISACA Certified Information Security Manager (CISM)Prep; Cybersecurity Overview for Managers; (ISC)2 (TM) CISSP Concentration: ISSEP Prep;www.cisecurity.org/ms-isac SANS: Router andSwitch SecurityPage 11
Function CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEData-at-rest is protected DB Evaluations using AppDetectivePro & dbProtect; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; CompTIA Advanced Security Practitioner; CompTIASecurity ; Windows Operating System Security; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner;PR.DS-2Data-in-transit is protected IPv6 Security Essentials Course; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Advanced PCAP Analysis and Signature Development(APA); Analysis Pipeline; CompTIA Advanced Security Practitioner; CompTIANetwork N10-007; Cloud Computing Security; CompTIA Security ; Emerging Cybersecurity Threats; Windows Operating System Security; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner; LAN Security Using Switch Features;PR.DS-3Assets are formally managedthroughout removal,transfers, and disposition PROTECTPR.DS-1 PR.DS-4Adequate capacity to ensureavailability is maintainedResource GuideCMaaS Overview;CMaaS Technical Overview Course;CMaaS Transition Classroom Sessions;ISACA Certified Information Security Manager (CISM)Prep;(ISC)2 (TM) CAP Certification Prep Self Study 2014;CDM Module 2: Hardware Asset;(ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM)Systems Security Certified Practitioner;(ISC)2(TM) Systems Security Certified Practitioner;Policy Template SANS: AcquisitionAssessment SANS: TechnologyEquipment Disposal (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP Concentration: ISSEP Prep;www.cisecurity.org/ms-isacPage 12
PROTECTFunction CategorySubcategoryMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTEPolicy TemplatePR.DS-5Protections against dataleaks are implemented OpenDLP PR.DS-6Integrity checkingmechanisms are used toverify software, firmware,and information integrity Tripwire AIDE DNSSEC Training Workshop; Static Code Analysis using HPE Fortify; Static Code Analysis using Synopsis Coverity; ISACACertified Information Security Manager (CISM) Prep; Advanced Windows Scripting; (ISC)2(TM) Systems Security Certified Practitioner;PR.DS-7The development andtesting environment(s) areseparate from the productionenvironment Agnito W3AF Wapiti DB Evaluations using AppDetectivePro & dbProtect;Dynamic Testing using HPE WebInspect;Static Code Analysis using HPE Fortify;Static Code Analysis using Synopsis Coverity; SupplyChain Assurance using Sonatype Nexus; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP: ISSMP Prep 2018; Software Assurance Executive Course (SAE); SANS: Lab Security SANS: Router and (ISC)2(TM) Systems Security Certified Practitioner; SANS: AcquisitionPR.DS-8PR.IP-1Integrity checkingmechanisms are used toverify hardware integrityA baseline configuration ofinformation technology/industrial control systems iscreated and maintainedResource GuideCMaaS Overview;CMaaS Technical Overview Course;CMaaS Transition Classroom Sessions;Static Code Analysis using HPE Fortify;Static Code Analysis using Synopsis Coverity; ISACACertified Information Security Manager (CISM) Prep; Advanced PCAP Analysis and Signature Development(APA); Analysis Pipeline; CompTIA Advanced Security Practitioner; CompTIANetwork N10-007;Switch SecurityAssessment CIS-CAT Prowww.cisecurity.org/ms-isac DMARC CMaaS Overview; CMaaS Technical Overview Course; CMaaS Transition Classroom Sessions; AdvancedWindows Scripting; CompTIA A 220-901 Certification Prep; CompTIAA 220-902 Certification Prep; CompTIA AdvancedSecurity Practitioner; CDM Module 4: Configuration Settings Mgt;Page 13
Function CategorySubcategoryPR.IP-2A System Development LifeCycle to manage systems isimplementedPR.IP-3Configuration change controlprocesses are in placeMS-ISAC Service(No Cost)CIS Service(No Cost)CIS or MS‑ISACService(Fee-Based)Open SourceFedVTE CIS-CAT Pro PROTECT PR.IP-4PR.IP-5CMaaS Overview;CMaaS Technical Overview Course;CMaaS Transition Classroom Sessions;Static Code Analysis using HPE Fortify;Static Code Analysis using Synopsis Coverity; ISACACertified Information Security Manager (CISM) Prep;(ISC)2 (TM) CAP Certification Prep Self Study 2014;Cybersecurity Overview for Managers; CompTIAAdvanced Security Practitioner; SecuringInfrastructure Devices;(ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM)Systems Security Certified Practitioner; (ISC)2(TM)Systems Security Certified Practitioner;Software Assurance Executive Course (SAE);Backups of information areconducted, maintained, andtested periodically Foundations of Incident Management; ISACA Certified Information Security Manager (CISM)Prep; (ISC)2 (TM) CAP Certification Prep Self Study 2014; Cybersecurity Overview for Managers; CompTIASecurity ; CompTIA Network N10-007; (ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2(TM) Systems Security Certified Practitioner;Policy and regulationsregarding the physicaloperating environment fororganizational assets aremet ISA
(ISC)2 (TM) CISSP (R) Certification Prep 2018; (ISC)2 (TM) CISSP Concentration: ISSEP Prep; (ISC)2 (TM) CISSP: ISSMP Prep 2018; ID.GV-2 Information security roles & responsibilities are coordinated and aligned with internal roles and external pa
