Skip to content

Latest commit

 

History

History
23 lines (23 loc) · 2.69 KB

index.md

File metadata and controls

23 lines (23 loc) · 2.69 KB
# Control Domain Abbr. Control Sub-Domain
1 Asset Management ASM Naming Convention, Inventory Assets, Monitor Assets
2 Configuration Management CON Configuration Files, Firmware Updates, Configuration Control, End-of-Life Planning
3 Cloud Services CLS Cloud IAM, Cloud Data Security, Cloud Infrastructure Security, Cloud Monitoring, Cloud API Security
4 Secure Data DAT Data Classification and Taxonomy, Data Cleansing, Encrypted Data at Rest
5 Governance GVN Governance Framework, Regulatory and Legal Requirements, Compliance Management, Privacy, Business Continuity, Safety
6 Identity and Access Management IAM Password Management, Authentication, Authorization, Access Control, Certificate Management, Key Management, Trust Anchor Management, Bootstrap, Account Audit
7 Incident Management IMT Incident Planning, Incident Response, Collaboration, Remediation, Forensics, Automation
8 IoT Device Security IOT Certified Devices, Secure Platform, Secure Configuration
9 Legal LGL Legal Assessment, Legal Implementation Plan, Document Measures for Legal Purposes, Terms & Conditions & Privacy Policy, Contracts, Disclaimers, Disclosures, Notifications, Waivers, Liability, Data Transfer
10 Monitoring and Logging MON Threat Intelligence, Threat Hunting, Automated Malware, Log Management, Analytics, Attack Sensing, RF Monitoring, Network Visualization
11 Operational Availability OPA Maintenance, Fail-over, DDoS Protection, Service Level Agreements
12 Physical Security PHY Physical Access Controls
13 Policy POL Policy Definition, Acquisition Security Policy, Secure Disposition
14 Risk Management RSM Risk Management Strategy, Risk Management Execution, Limit Liability
15 Secure Applications SAP Mobile Applications, ICS/IIoT, Autonomous Systems, Vehicles, Medical Devices
16 Secure System Development Lifecycle SDV Process Security, Supply Chain/ Acquisition, Secure Development Practices
17 Secure Networks SNT Secure Messaging, Secure Discovery, Automation, Encryption, Segmentation/VLANs, Network Access Control, Software-Defined Networking (SDP), Hardening, Single Packet Authentication, Secure Messaging, Whitelisting
18 Secure Wireless SWS Wireless Architecture, Bluetooth Security, NFC Security, Zigbee Security, ZWave Security, LoRaWAN Security, Cellular Security, Satellite Security, WiFi Security, Wireless Availability
19 Training TRN Administrator Training, User Training
20 Vulnerability Management VLN Responsible Disclosure Program, Vulnerability Scanning, Updates, and Patches
21 Security Testing SET Assessment Scoping and Planning, Penetration Testing, Red Teaming, Third-Party Assessments, Bug Bounty, IoT Applications and Services (Internally Developed)