test calculaion

Job ID: test-calculaion-082225020046 2025-08-22 Completed

Upload Documents

Overall Alignment

91.1%

Excellent Coverage

Controls Aligned

400 / 439

400 out of 439 controls found

Frameworks

CIS NIST

Assessment frameworks applied

Key Controls

100 / 103

Critical controls identified

Overall Alignment

Framework Breakdown

Key Controls Status

Framework Compliance Overview

Framework	Total Controls	Aligned	Gaps	Compliance Progress
CIS	45	41	4	91.11% Excellent
NIST	394	359	35	91.12% Excellent
OVERALL	439	400	39	91.1%

Document Analysis Details

anonymized_6.0_IS_Data_Security_Policy_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	7	15.56%
NIST	394	81	20.56%

anonymized_7.0_IS_Asset_Management_Policy.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	9	20.0%
NIST	394	128	32.49%

anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	7	15.56%
NIST	394	82	20.81%

anonymized_7.1_IS_Asset_Management_Standard.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	6	13.33%
NIST	394	40	10.15%

anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	2	4.44%
NIST	394	66	16.75%

anonymized_6.1_IS_Data_Security_Standards.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	11	24.44%
NIST	394	75	19.04%

anonymized_11.0_IS_Operations_Security_Policy.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	12	26.67%
NIST	394	100	25.38%

anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	7	15.56%
NIST	394	63	15.99%

anonymized_2.1_IS_Acceptable_Use_Standard.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	3	6.67%
NIST	394	61	15.48%

anonymized_2.0_IS_Acceptable_Use_Policy.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	2	4.44%
NIST	394	52	13.2%

anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	9	20.0%
NIST	394	81	20.56%

anonymized_7.2_IS_End_User_Device_Standard.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	6	13.33%
NIST	394	56	14.21%

anonymized_3.0_IS_Information_Security_Policy_2.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	4	8.89%
NIST	394	94	23.86%

anonymized_9.1_IS_Cryptography_Standards.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	5	11.11%
NIST	394	63	15.99%

anonymized_14.0_IS_Supplier_Management_Policy_2.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	3	6.67%
NIST	394	92	23.35%

anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	3	6.67%
NIST	394	33	8.38%

anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	12	26.67%
NIST	394	150	38.07%

anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	7	15.56%
NIST	394	74	18.78%

anonymized_14.1_IS_Supplier_Relationship_Standards.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	2	4.44%
NIST	394	46	11.68%

anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	3	6.67%
NIST	394	37	9.39%

anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	3	6.67%
NIST	394	65	16.5%

anonymized_9.0_IS_Cryptography_Policy_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	4	8.89%
NIST	394	77	19.54%

anonymized_15.0_IS_Incident_Management_Policy_1.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	1	2.22%
NIST	394	46	11.68%

anonymized_20.0_IS_Risk_Management_Policy_2.pdf 2 frameworks

Framework	Total	Aligned	Coverage
CIS	45	0	0.0%
NIST	394	48	12.18%

45 Total Controls

Control ID	Control Name	Status	Evidence Section	Document
1.1	Establish and Maintain Detailed Enterprise Asset Inventory Key Control	Aligned	Asset Management – Establishes controls for asset identifica...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
1.1	Establish and Maintain Detailed Enterprise Asset Inventory Key Control	Aligned	Assets should be classified in terms of business criticality...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
1.2	Address Unauthorized Assets	Aligned	Asset Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
1.2	Address Unauthorized Assets	Aligned	1.2 REQUIREMENTS - Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
1.2	Address Unauthorized Assets	Aligned	Access rights to the Test information resources should be re...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
1.3	Utilize an Active Discovery Tool	Gap	Utilize an active discovery tool to identify assets connected to the enterprise’s network. Configure...
1.4	Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory	Aligned	MAINTAINANCE...	anonymized_7.1_IS_Asset_Management_Standard.pdf
1.5	Use a Passive Asset Discovery Tool	Aligned	Assets should be classified in terms of business criticality...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
2.1	Establish and Maintain a Software Inventory Key Control	Aligned	Inventory of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
2.1	Establish and Maintain a Software Inventory Key Control	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
2.1	Establish and Maintain a Software Inventory Key Control	Aligned	Inventory and Control of Software Assets...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
2.2	Ensure Authorized Software is Currently Supported Key Control	Aligned	Section 1.7 - EXCEPTION...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
2.2	Ensure Authorized Software is Currently Supported Key Control	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
2.3	Address Unauthorized Software	Aligned	Software...	anonymized_6.1_IS_Data_Security_Standards.pdf
2.4	Utilize Automated Software Inventory Tools	Aligned	Inventory of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
2.4	Utilize Automated Software Inventory Tools	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
2.7	Allowlist Authorized Scripts	Gap	Use technical controls, such as digital signatures and version control, to ensure that only authoriz...
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	1.8 DATA RETENTION and 1.9 ROLES & RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	User Access Authorization Process...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	Definition of data governance and data privacy...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
3.1	Establish and Maintain a Data Management Process Key Control	Aligned	Data Management Process...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
3.2	Establish and Maintain a Data Inventory	Aligned	DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
3.3	Configure Data Access Control Lists	Aligned	1.3 DATA OWNER RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
3.3	Configure Data Access Control Lists	Aligned	Access Control Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
3.3	Configure Data Access Control Lists	Aligned	b) Information owners should only grant privileged access to...	anonymized_11.0_IS_Operations_Security_Policy.pdf
3.3	Configure Data Access Control Lists	Aligned	Access Limitation...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
3.3	Configure Data Access Control Lists	Aligned	System and Application Access Control - Information Access R...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
3.3	Configure Data Access Control Lists	Aligned	Define desktop and end-user device security access controls....	anonymized_7.2_IS_End_User_Device_Standard.pdf
3.3	Configure Data Access Control Lists	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
3.3	Configure Data Access Control Lists	Aligned	1.2.1 Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
3.3	Configure Data Access Control Lists	Aligned	Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
3.4	Enforce Data Retention	Aligned	1.8 DATA RETENTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
3.4	Enforce Data Retention	Aligned	DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
3.4	Enforce Data Retention	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.4	Enforce Data Retention	Aligned	Logging and Monitoring...	anonymized_11.0_IS_Operations_Security_Policy.pdf
3.4	Enforce Data Retention	Aligned	Evidence of account and privilege reviews should document th...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
3.4	Enforce Data Retention	Aligned	Data Retention and Disposal...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
3.4	Enforce Data Retention	Aligned	Evidence Retention and Documentation...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
3.5	Securely Dispose of Data Key Control	Aligned	Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
3.5	Securely Dispose of Data Key Control	Aligned	DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
3.5	Securely Dispose of Data Key Control	Aligned	IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
3.5	Securely Dispose of Data Key Control	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.5	Securely Dispose of Data Key Control	Aligned	Section discussing data protection and disposal methods....	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
3.5	Securely Dispose of Data Key Control	Aligned	V. Bring Your Own Device...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
3.5	Securely Dispose of Data Key Control	Aligned	Plan detailing disposal of Test data while contract off-boar...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
3.5	Securely Dispose of Data Key Control	Aligned	Data Governance...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
3.5	Securely Dispose of Data Key Control	Aligned	Supplier Relationship Standard and Data Security Policy...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
3.6	Encrypt Data on End-User Devices	Aligned	Encrypt data on end-user devices containing sensitive data...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.6	Encrypt Data on End-User Devices	Aligned	Devices should be password-protected and encrypted....	anonymized_7.2_IS_End_User_Device_Standard.pdf
3.6	Encrypt Data on End-User Devices	Aligned	Only USB sticks and other removable devices that have been a...	anonymized_7.2_IS_End_User_Device_Standard.pdf
3.6	Encrypt Data on End-User Devices	Aligned	Confidential, Restricted information or applications that re...	anonymized_9.1_IS_Cryptography_Standards.pdf
3.6	Encrypt Data on End-User Devices	Aligned	vi. Encryption is to be used to protect the confidentiality ...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
3.6	Encrypt Data on End-User Devices	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
3.6	Encrypt Data on End-User Devices	Aligned	vii. Digital signature certificates should be used to verify...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
3.6	Encrypt Data on End-User Devices	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
3.6	Encrypt Data on End-User Devices	Aligned	ix. Encryption algorithms, keys, and software solutions shou...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	1.5 DATA CLASSIFICATION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	DOCUMENT CLASSIFICATION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	Data Classification Policy...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	Incident Categorization...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
3.7	Establish and Maintain a Data Classification Scheme	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
3.8	Document Data Flows Key Control	Gap	Document data flows. Data flow documentation includes service provider data flows and should be base... Critical Gap - Key Control Missing
3.9	Encrypt Data on Removable Media	Aligned	Encrypt data on removable media...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.9	Encrypt Data on Removable Media	Aligned	Communications Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
3.9	Encrypt Data on Removable Media	Aligned	1.3 RULES OF BEHAVIOR (ROB) - Acceptable Use...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
3.9	Encrypt Data on Removable Media	Aligned	Removable Storage Devices...	anonymized_7.2_IS_End_User_Device_Standard.pdf
3.9	Encrypt Data on Removable Media	Aligned	Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
3.9	Encrypt Data on Removable Media	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
3.11	Encrypt Sensitive Data at Rest	Aligned	Encrypt sensitive data at rest on servers, applications, and...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.11	Encrypt Sensitive Data at Rest	Aligned	a) All data provided by Test should be encrypted using AES-1...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
3.11	Encrypt Sensitive Data at Rest	Aligned	Devices should be password-protected and encrypted....	anonymized_7.2_IS_End_User_Device_Standard.pdf
3.11	Encrypt Sensitive Data at Rest	Aligned	Cryptography...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
3.11	Encrypt Sensitive Data at Rest	Aligned	Confidential, Restricted information or applications that re...	anonymized_9.1_IS_Cryptography_Standards.pdf
3.11	Encrypt Sensitive Data at Rest	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
3.12	Segment Data Processing and Storage Based on Sensitivity	Aligned	Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.13	Deploy a Data Loss Prevention Solution	Aligned	d) A data loss prevention (DLP) mechanism should be implemen...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
3.13	Deploy a Data Loss Prevention Solution	Aligned	Inventory of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
3.13	Deploy a Data Loss Prevention Solution	Aligned	DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
3.13	Deploy a Data Loss Prevention Solution	Aligned	b) To protect data Integrity, data should be hashed using SH...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
3.13	Deploy a Data Loss Prevention Solution	Aligned	DLP Data loss prevention (DLP) software detects potential da...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	1.3 IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	d) Resource Administrators should regularly review the logs ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	e) Event logs can contain sensitive data and personally iden...	anonymized_11.0_IS_Operations_Security_Policy.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	Control of sensitive data access and masking procedures....	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	1.2 GOVERNANCE - Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	Evidence Handling and Chain of Custody...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	Access Control and Logging Policies...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
3.14	Log Sensitive Data Access Key Control	Aligned	Record Retention...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
4.1	Establish and Maintain a Secure Configuration Process Key Control	Aligned	Secure Configuration of Enterprise Assets & Software...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
4.1	Establish and Maintain a Secure Configuration Process Key Control	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
4.1	Establish and Maintain a Secure Configuration Process Key Control	Aligned	Configuration management database should maintain the versio...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
4.2	Establish and Maintain a Secure Configuration Process for Network Infrastructure	Aligned	1.11 MAINTENANCE...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
4.2	Establish and Maintain a Secure Configuration Process for Network Infrastructure	Aligned	Network Monitoring & Defense...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
4.3	Configure Automatic Session Locking on Enterprise Assets	Aligned	Session Locking Policy...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
4.4	Implement and Manage a Firewall on Servers	Aligned	Firewall Security...	anonymized_11.0_IS_Operations_Security_Policy.pdf
4.4	Implement and Manage a Firewall on Servers	Aligned	Section 6: Personal Firewalls...	anonymized_7.2_IS_End_User_Device_Standard.pdf
4.5	Implement and Manage a Firewall on End-User Devices	Aligned	Section 6: Personal firewalls software should be installed a...	anonymized_7.2_IS_End_User_Device_Standard.pdf
4.6	Securely Manage Enterprise Assets and Software	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
4.6	Securely Manage Enterprise Assets and Software	Aligned	Management of program source code libraries and configuratio...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
4.6	Securely Manage Enterprise Assets and Software	Aligned	Asset Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
4.7	Manage Default Accounts on Enterprise Assets and Software	Aligned	Privileged Access Management...	anonymized_11.0_IS_Operations_Security_Policy.pdf
4.7	Manage Default Accounts on Enterprise Assets and Software	Aligned	User ID Management and Default Account Handling...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
4.7	Manage Default Accounts on Enterprise Assets and Software	Aligned	Service Accounts...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
4.9	Configure Trusted DNS Servers on Enterprise Assets	Gap	Configure trusted DNS servers on network infrastructure. Example implementations include configuring...
4.11	Enforce Remote Wipe Capability on Portable End-User Devices Key Control	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
4.11	Enforce Remote Wipe Capability on Portable End-User Devices Key Control	Aligned	Secure disposal of records...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
4.11	Enforce Remote Wipe Capability on Portable End-User Devices Key Control	Aligned	V. Bring Your Own Device...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
4.12	Separate Enterprise Workspaces on Mobile End-User Devices	Aligned	Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
5.1	Establish and Maintain an Inventory of Accounts Key Control	Aligned	Assets ownership and responsibilities...	anonymized_7.0_IS_Asset_Management_Policy.pdf
5.1	Establish and Maintain an Inventory of Accounts Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
5.1	Establish and Maintain an Inventory of Accounts Key Control	Aligned	Management of Privileged Access Rights...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
5.1	Establish and Maintain an Inventory of Accounts Key Control	Aligned	Service Accounts...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
5.1	Establish and Maintain an Inventory of Accounts Key Control	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
5.2	Access Control Review	Aligned	Assets ownership and responsibilities...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-2	Configuration Management	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-2	Configuration Management	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-2	Configuration Management	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PR.IP-1	Asset Management	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PR.IP-1	Asset Management	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CIS CSC 4	Secure Configuration of Enterprise Assets and Software	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Policy...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.4.1	Information Access Restriction	Aligned	Information Access Restriction...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.4.1	Information Access Restriction	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.8.2.2	Labeling of Information	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.1_IS_Cryptography_Standards.pdf
ID.AM-1	Asset Inventory	Aligned	Assets should be classified in terms of business criticality...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.AM-1	Asset Inventory	Aligned	A complete inventory of business-critical assets located at ...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.AM-2	Asset Inventory	Aligned	Assets should be classified in terms of business criticality...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.AM-2	Asset Inventory	Aligned	assigned ownership by defined roles and responsibilities....	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.AM-5	Asset Inventory	Aligned	Assets should be classified in terms of business criticality...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.AM-5	Asset Inventory	Aligned	their usage over time should be maintained and updated regul...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
1.2.3	Access to Networks, Network Services	Aligned	Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf

394 Total Controls

Control ID	Control Name	Status	Evidence Section	Document
AC-1	Policy and Procedures	Aligned	1.9 ROLES & RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy and Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-1	Policy and Procedures	Aligned	Control: AC-1: Access control policy and procedures address ...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Section 1.6 - Access Control Policy and Procedures...	anonymized_7.1_IS_Asset_Management_Standard.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy and Procedures...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Access control policy and procedures...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy and Procedures...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	1.2.1 Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	The purpose of this policy is to provide requirements contro...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Ensure that information access controls are implemented to m...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	g. Ensure that information access controls are implemented t...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	The purpose of this policy is to provide requirements contro...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	g. Ensure that information access controls are implemented t...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Information access controls...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy and Procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-1	Policy and Procedures	Aligned	Access Control Policy and Procedures...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-1	Policy and Procedures	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-1	Policy and Procedures	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-1	Policy and Procedures	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-1	Policy and Procedures	Aligned	Access control should be supported by regular reviews to ens...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-1	Policy and Procedures	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-1	Policy and Procedures	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	User Accounts should have the least amount of privilege requ...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	User Accounts should have the least amount of privilege requ...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-1	Policy and Procedures	Aligned	Access control policy and procedures...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	Policies and procedures contribute to security and privacy a...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	Cloud Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	Cloud Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	Cloud Policy - Establishes controls that define the requirem...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-1	Policy and Procedures	Aligned	Defining and periodically reviewing access restrictions and ...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-1	Policy and Procedures	Aligned	Acceptable Use of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-1	Policy and Procedures	Aligned	Listing of individuals or groups who are authorized to acces...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-1	Policy and Procedures	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.2.1 Access Control...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AC-1	Policy and Procedures	Aligned	7. EXCEPTION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AC-1	Policy and Procedures	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-1	Policy and Procedures	Aligned	User access policies and procedures should be established, a...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-1	Policy and Procedures	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-1	Policy and Procedures	Aligned	organization’s information systems should be appropriately s...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-10	Concurrent Session Control	Aligned	Simultaneous logins to a system by one User ID from differen...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-11	Device Lock Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
AC-11	Device Lock Key Control	Aligned	Devices should be password-protected and encrypted....	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-11	Device Lock Key Control	Aligned	User accounts, including privileged user accounts, should be...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-11	Device Lock Key Control	Aligned	f) Ensure that screen lock is properly functioning on all ac...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-12	Session Termination	Aligned	Leaving Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-12	Session Termination	Aligned	Human Resources Department controls employee terminations...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-12	Session Termination	Aligned	k) Access control systems should ensure that session activit...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-14	Permitted Actions Without Identification or Authentication Key Control	Aligned	Access Control \| Permitted Actions without Identification or...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-14	Permitted Actions Without Identification or Authentication Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-14	Permitted Actions Without Identification or Authentication Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-14	Permitted Actions Without Identification or Authentication Key Control	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-14	Permitted Actions Without Identification or Authentication Key Control	Aligned	Access Control \| Permitted Actions without Identification or...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-16	Security and Privacy Attributes Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-16	Security and Privacy Attributes Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-16	Security and Privacy Attributes Key Control	Aligned	Access Control \| Security and Privacy Attributes...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-17	Remote Access	Aligned	Monitoring devices are typically employed at the managed int...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-17	Remote Access	Aligned	1.10 REMOTE ACCESS TO Test’s SYSTEMS...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-17	Remote Access	Aligned	Data transmission should be encrypted....	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-17	Remote Access	Aligned	1.2 SYSTEM USE NOTIFICATION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-17	Remote Access	Aligned	A.9.4.4 Access to Networks & Network Services...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-17	Remote Access	Aligned	Control: AC-17: Remote access is access to organizational sy...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-17	Remote Access	Aligned	Monitoring devices are typically employed at the managed int...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-17	Remote Access	Aligned	1.2 REQUIREMENT...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-17	Remote Access	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-17	Remote Access	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-17	Remote Access	Aligned	Remote access should be configured to use a strong authentic...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-17	Remote Access	Aligned	Test restricts remote access to many types of confidential i...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-17	Remote Access	Aligned	All external connections to Test networks or Information Res...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-17	Remote Access	Aligned	Cloud Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-17	Remote Access	Aligned	End-user Device Security Policy - Establishes controls that ...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-17	Remote Access	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-17	Remote Access	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-17	Remote Access	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-18	Wireless Access	Aligned	Service Set Identifier (SSID)...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-18	Wireless Access	Aligned	Wireless technologies and access control mechanisms...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	1.14 BRING YOUR OWN DEVICE (BYOD)...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	Control of mobile devices and their usage restrictions...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	Mobile Device Management and Reporting Procedures...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	implementation and operation of information security within ...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	business unit security officers to ensure that help desk and...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	Overview, Scope & Applicability...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	Section 4.6 - Access Control Measures...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	Access Control for Portable and Mobile Devices...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-19	Access Control for Mobile Devices Key Control	Aligned	1.2. Hardware, Software, Applications and Data - Inventory o...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-2	Account Management Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Account Management Requirements...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-2	Account Management Key Control	Aligned	1.6 ENFORCEMENT/COMPLIANCE...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-2	Account Management Key Control	Aligned	Control: AC-2...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Account Management...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
AC-2	Account Management Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Leaving Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Leaving Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Section 1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.2 REQUIREMENT...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-2	Account Management Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-2	Account Management Key Control	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-2	Account Management Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Account Management and Local Administrative Rights...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-2	Account Management Key Control	Aligned	Information Access Controls...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Definition of User, Privileged User, User Account, Service A...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	General User Account...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	vi. Authorization process is developed and implemented to en...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Access is based on an employee/contractor’s role and should ...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Term Definition...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Access is based on an employee/contractor’s role and should ...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	i. Privileged users should understand their roles and respon...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	i. Privileged users should understand their roles and respon...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-2	Account Management Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-2	Account Management Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-2	Account Management Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-2	Account Management Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-2	Account Management Key Control	Aligned	Management of Privileged Access Rights...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-2	Account Management Key Control	Aligned	Management of Privileged Access Rights...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-2	Account Management Key Control	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-2	Account Management Key Control	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-2	Account Management Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-2	Account Management Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-2	Account Management Key Control	Aligned	Access Control...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-2	Account Management Key Control	Aligned	End-user Device Security Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-2	Account Management Key Control	Aligned	End-user Device Security Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-2	Account Management Key Control	Aligned	Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-2	Account Management Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-2	Account Management Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-2	Account Management Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-2	Account Management Key Control	Aligned	Access Control \| Account Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-2	Account Management Key Control	Aligned	Control: AC-2...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-2	Account Management Key Control	Aligned	User access policies and procedures should be established....	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-20	Use of External Systems	Aligned	Adequate security for mobile devices...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-20	Use of External Systems	Aligned	External systems used to access public interfaces to organiz...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-20	Use of External Systems	Aligned	Mobile Device Management and Reporting Procedures...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-20	Use of External Systems	Aligned	Access Control \| Use of External Systems...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-20	Use of External Systems	Aligned	Adequate security for mobile devices goes beyond the require...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-21	Information Sharing Key Control	Aligned	Restricted Data...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-21	Information Sharing Key Control	Aligned	Information Sharing and Data Security Classification Policy...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-21	Information Sharing Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-21	Information Sharing Key Control	Aligned	Classification of Information...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-21	Information Sharing Key Control	Aligned	Access Control Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-21	Information Sharing Key Control	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
AC-21	Information Sharing Key Control	Aligned	1.2.1 Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-21	Information Sharing Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-21	Information Sharing Key Control	Aligned	User Access Authorization and Information Owner Responsibili...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-21	Information Sharing Key Control	Aligned	IS Risk Management Policy...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
AC-21	Information Sharing Key Control	Aligned	Personnel Access Rights for BC/DR Events...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-21	Information Sharing Key Control	Aligned	data privacy governs how data is collected, shared, and used...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-22	Publicly Accessible Content	Aligned	Public Data and Internal Use Only Data...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-22	Publicly Accessible Content	Aligned	proprietary information, trade secrets or any other sensitiv...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-22	Publicly Accessible Content	Aligned	Internet Use Restrictions...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-22	Publicly Accessible Content	Aligned	4.0 Organization of Information Security Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-22	Publicly Accessible Content	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-22	Publicly Accessible Content	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-22	Publicly Accessible Content	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-22	Publicly Accessible Content	Aligned	1.0 PURPOSE...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
AC-22	Publicly Accessible Content	Aligned	organization’s information systems should be appropriately s...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-23	Data Mining Protection	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-23	Data Mining Protection	Aligned	Resource Administrators should regularly review the logs (au...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-23	Data Mining Protection	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-23	Data Mining Protection	Aligned	Data Mining Protection...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-23	Data Mining Protection	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-23	Data Mining Protection	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-23	Data Mining Protection	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AC-24	Access Control Decisions	Aligned	1.3 DATA OWNER RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-24	Access Control Decisions	Aligned	1.6 ENFORCEMENT/COMPLIANCE...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-24	Access Control Decisions	Aligned	Access Control Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-24	Access Control Decisions	Aligned	1.2.1 Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-24	Access Control Decisions	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-24	Access Control Decisions	Aligned	1.2.3 System and Application Access Control - Information Ac...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-24	Access Control Decisions	Aligned	1.2.3 System and Application Access Control - Information Ac...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-24	Access Control Decisions	Aligned	1.2.3 System and Application Access Control - Information Ac...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-24	Access Control Decisions	Aligned	Access Control...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-24	Access Control Decisions	Aligned	Defining and periodically reviewing access restrictions and ...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-24	Access Control Decisions	Aligned	Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-24	Access Control Decisions	Aligned	Access Control \| Access Control Decisions...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-24	Access Control Decisions	Aligned	Definition of access control and authorization...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-25	Reference Monitor Key Control	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-25	Reference Monitor Key Control	Aligned	1.2 REQUIREMENT...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-25	Reference Monitor Key Control	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-25	Reference Monitor Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-25	Reference Monitor Key Control	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-25	Reference Monitor Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-25	Reference Monitor Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-25	Reference Monitor Key Control	Aligned	Term Definition...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	d) Authorizing access to Information Assets....	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	e) Reviewing and approving all modifications to owned applic...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2 GENERAL USER RESPONSIBILITIES...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Should obtain approval from Data Owner prior to sending....	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control \| Remote Access, Access Control \| Access Cont...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-3	Access Enforcement Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-3	Access Enforcement Key Control	Aligned	1.6 ENFORCEMENT/COMPLIANCE...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	A.9.4.4 Access to Networks & Network Services...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Control: AC-2...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	Enforcing access restrictions for remote access is addressed...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access privileges of employees should be removed from all sy...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Overview, Scope & Applicability...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	1.1.3 Laptops...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	ENFORCEMENT/COMPLIANCE...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
AC-3	Access Enforcement Key Control	Aligned	Physical Access Management...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Controls such as file access limitation, time limit for acce...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Control over User access to information services...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.1 Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	iv. Control over User access to information services is enfo...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access to Networks & Network Services...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access to Information Resources should be controlled through...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control \| Separation of Duties and Least Privilege...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control to Program Source Code...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control to Program Source Code...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
AC-3	Access Enforcement Key Control	Aligned	Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2.3 Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-3	Access Enforcement Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-3	Access Enforcement Key Control	Aligned	Role Functional Activities...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	1.5 CLOUD SECURITY MANAGEMENT...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AC-3	Access Enforcement Key Control	Aligned	8. ENFORCEMENT/COMPLIANCE...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control \| Access Enforcement...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	Definition of access control and access management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	access restricted to prevent inappropriate disclosure and ta...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	Access Control \| Access Enforcement...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	User access policies and procedures should be established, a...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-3	Access Enforcement Key Control	Aligned	Definition of access control...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Data Custodian...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Control baselines are predefined sets of controls specifical...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	NIST CSF Subcategory Control Reference Control Name...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	c. Internet Use Restrictions...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	A.9.4.1 - A.13.2.1...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Control: AC-4: Information flow control regulates where info...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Firewall Security...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Access Control \| Information Flow Enforcement...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Access Control \| Information Flow Enforcement...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	User access authorization forms and responsibilities of Info...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	8. ENFORCEMENT/COMPLIANCE...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Access Control \| Information Flow Enforcement...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Access Control \| Information Flow Enforcement...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	organization’s information systems should be appropriately s...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-4	Information Flow Enforcement Key Control	Aligned	Data and objects containing data should be assigned a classi...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-5	Separation of Duties Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Account Management and User Responsibilities...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AC-5	Separation of Duties Key Control	Aligned	Data Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-5	Separation of Duties Key Control	Aligned	The selection of a control baseline is determined by the nee...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-5	Separation of Duties Key Control	Aligned	NIST CSF Subcategory Control Reference Control Name...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-5	Separation of Duties Key Control	Aligned	1.3 SEGREGATION OF DUTIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Segregation of duties...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Scope & Applicability...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-5	Separation of Duties Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	General User Account...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Access Control \| Separation of Duties...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-5	Separation of Duties Key Control	Aligned	Access Control \| Separation of Duties...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-5	Separation of Duties Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-5	Separation of Duties Key Control	Aligned	Management of Privileged Access Rights...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-5	Separation of Duties Key Control	Aligned	Access Control \| Separation of Duties...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-5	Separation of Duties Key Control	Aligned	User access policies and procedures should be established, a...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-5	Separation of Duties Key Control	Aligned	Access Control \| Separation of Duties...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-6	Least Privilege	Aligned	1.3 DATA OWNER RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AC-6	Least Privilege	Aligned	Baselines represent a starting point for the protection of i...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-6	Least Privilege	Aligned	NIST CSF Subcategory Control Reference Control Name...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-6	Least Privilege	Aligned	Controls are selected and implemented in order to satisfy sy...	anonymized_6.1_IS_Data_Security_Standards.pdf
AC-6	Least Privilege	Aligned	Control: AC-2...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-6	Least Privilege	Aligned	Access Control \| Least Privilege...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AC-6	Least Privilege	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-6	Least Privilege	Aligned	SCOPE & APPLICABILITY...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-6	Least Privilege	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-6	Least Privilege	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AC-6	Least Privilege	Aligned	1.1.3 Laptops...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AC-6	Least Privilege	Aligned	Privileged (Application Administration) Account...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-6	Least Privilege	Aligned	Users are provided access only to those services...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-6	Least Privilege	Aligned	1.2.1 Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-6	Least Privilege	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-6	Least Privilege	Aligned	Access is based on an employee/contractor’s role and should ...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-6	Least Privilege	Aligned	Access Control \| Least Privilege...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-6	Least Privilege	Aligned	Access Control \| Least Privilege...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-6	Least Privilege	Aligned	Access Control \| Least Privilege...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-6	Least Privilege	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-6	Least Privilege	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-6	Least Privilege	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-6	Least Privilege	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AC-6	Least Privilege	Aligned	1.11 ROLES & RESPONSIBILITIES...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AC-6	Least Privilege	Aligned	Access Control \| Least Privilege...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-6	Least Privilege	Aligned	Access Control \| Least Privilege...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-6	Least Privilege	Aligned	Definition of access management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-7	Unsuccessful Logon Attempts	Aligned	It also includes the periodic review of information system a...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-7	Unsuccessful Logon Attempts	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-7	Unsuccessful Logon Attempts	Aligned	g) All systems should require at a minimum a username and pa...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-7	Unsuccessful Logon Attempts	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-8	System Use Notification	Aligned	1.2 SYSTEM USE NOTIFICATION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-8	System Use Notification	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AC-8	System Use Notification	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AC-8	System Use Notification	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-8	System Use Notification	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AC-8	System Use Notification	Aligned	VII. Test adopts the NIST CSF and ISO 27001 standards as the...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AC-8	System Use Notification	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AC-9	Previous Logon Notification	Aligned	1.2 SYSTEM USE NOTIFICATION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-9	Previous Logon Notification	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	1.7 INFORMATION SECURITY EDUCATION & TRAINING...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	INFORMATION SECURITY AWARENESS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	Awareness and Training Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	Privileged users understanding roles and responsibilities...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	Information Security Awareness, Education and Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-1	Policy and Procedures Key Control	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AT-1	Policy and Procedures Key Control	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AT-1	Policy and Procedures Key Control	Aligned	Awareness and training policy and procedures address the con...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AT-1	Policy and Procedures Key Control	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
AT-1	Policy and Procedures Key Control	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AT-2	Literacy Training and Awareness	Aligned	1.7 INFORMATION SECURITY EDUCATION & TRAINING...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AT-2	Literacy Training and Awareness	Aligned	1.7 INFORMATION SECURITY EDUCATION & TRAINING...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AT-2	Literacy Training and Awareness	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AT-2	Literacy Training and Awareness	Aligned	Awareness & Training \| Role-based Training...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AT-2	Literacy Training and Awareness	Aligned	i. Privileged users should understand their roles and respon...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AT-2	Literacy Training and Awareness	Aligned	Information Security Awareness, Education and Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-2	Literacy Training and Awareness	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AT-2	Literacy Training and Awareness	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AT-2	Literacy Training and Awareness	Aligned	System & Information Integrity \| System Monitoring...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AT-2	Literacy Training and Awareness	Aligned	Information Security Awareness, Education and Training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AT-2	Literacy Training and Awareness	Aligned	1.6 CLOUD SECURITY TRAINING & AWARENESS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AT-2	Literacy Training and Awareness	Aligned	Security Awareness & Skills Training...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AT-2	Literacy Training and Awareness	Aligned	Security Awareness & Skills Training...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Security Awareness & Skills Training...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Security Awareness & Skills Training...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	1.7 INFORMATION SECURITY EDUCATION & TRAINING...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	1.3 ROLES AND RESPONSIBILITIES...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AT-3	Role-based Training Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Incident Response \| Incident Response Training...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Information Security Awareness, Education and Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	Information Security Awareness, Education and Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	Information Security Awareness, Education and Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
AT-3	Role-based Training Key Control	Aligned	SUPPLIER AND/OR CONTRACTOR/CONTRCTOR SECURITY REQUIREMENTS...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AT-3	Role-based Training Key Control	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AT-3	Role-based Training Key Control	Aligned	Information Security Awareness, Education and Training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AT-3	Role-based Training Key Control	Aligned	Awareness & Training \| Role-based Training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AT-3	Role-based Training Key Control	Aligned	Personnel Security \| External Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AT-3	Role-based Training Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Scope...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AT-3	Role-based Training Key Control	Aligned	1.11 ROLES & RESPONSIBILITIES...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AT-3	Role-based Training Key Control	Aligned	Security Awareness & Skills Training...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AT-3	Role-based Training Key Control	Aligned	Personnel Security \| External Personnel Security...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AT-4	Training Records	Aligned	1.8 DATA RETENTION and 1.9 ROLES & RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AT-4	Training Records	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AT-6	Training Feedback	Aligned	Training and testing shall include lessons learned from prev...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AU-1	Policy and Procedures Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-1	Policy and Procedures Key Control	Aligned	Role Responsibility Information Technology Department...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AU-1	Policy and Procedures Key Control	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AU-1	Policy and Procedures Key Control	Aligned	1.6 Exception...	anonymized_7.1_IS_Asset_Management_Standard.pdf
AU-1	Policy and Procedures Key Control	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AU-1	Policy and Procedures Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-1	Policy and Procedures Key Control	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AU-1	Policy and Procedures Key Control	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_9.1_IS_Cryptography_Standards.pdf
AU-1	Policy and Procedures Key Control	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AU-1	Policy and Procedures Key Control	Aligned	An audit log should be maintained of all access to program s...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AU-1	Policy and Procedures Key Control	Aligned	Ensuring the resolution of information security-related audi...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-1	Policy and Procedures Key Control	Aligned	Performance will be identified and measured by: ......	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
AU-1	Policy and Procedures Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-1	Policy and Procedures Key Control	Aligned	Cloud security audit plans, activities, and operational acti...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
AU-1	Policy and Procedures Key Control	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AU-1	Policy and Procedures Key Control	Aligned	Audit and accountability policy and procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AU-10	Non-repudiation	Aligned	Activity...	anonymized_6.1_IS_Data_Security_Standards.pdf
AU-10	Non-repudiation	Aligned	iii. Non-repudiation services should be used to resolve a di...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AU-10	Non-repudiation	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
AU-11	Audit Record Retention Key Control	Aligned	1.8 DATA RETENTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-11	Audit Record Retention Key Control	Aligned	Evidence of account and privilege reviews should document th...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AU-11	Audit Record Retention Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-11	Audit Record Retention Key Control	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AU-12	Audit Record Generation	Gap	Audit records can be generated from many different system components. The event types specified in A...
AU-13	Monitoring for Information Disclosure	Aligned	Organizations monitor systems by observing audit activities ...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Restricted Data...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-13	Monitoring for Information Disclosure	Aligned	System monitoring is an integral part of organizational cont...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Data Security classification policy...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Term Definitions...	anonymized_6.1_IS_Data_Security_Standards.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Documentation provides user and administrator guidance for t...	anonymized_6.1_IS_Data_Security_Standards.pdf
AU-13	Monitoring for Information Disclosure	Aligned	2.1 Acceptable Use Standard...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Monitoring of User’s device...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AU-13	Monitoring for Information Disclosure	Aligned	DOCUMENT CLASSIFICATION...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Organizations monitor systems by observing audit activities ...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AU-13	Monitoring for Information Disclosure	Aligned	DOCUMENT CLASSIFICATION and restrictions on information use...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Detailed analysis of these logs should be used to update and...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Section e) Event logs can contain sensitive data and persona...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-13	Monitoring for Information Disclosure	Aligned	IS Cryptography Policy...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
AU-13	Monitoring for Information Disclosure	Aligned	DOCUMENT CLASSIFICATION...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
AU-13	Monitoring for Information Disclosure	Aligned	DOCUMENT CLASSIFICATION...	anonymized_9.1_IS_Cryptography_Standards.pdf
AU-13	Monitoring for Information Disclosure	Aligned	DOCUMENT CLASSIFICATION...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Definition of Confidentiality...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AU-13	Monitoring for Information Disclosure	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-13	Monitoring for Information Disclosure	Aligned	16.0 Maintaining Security during BC/DR Policy...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
AU-13	Monitoring for Information Disclosure	Aligned	1.2 GOVERNANCE Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-14	Session Audit Key Control	Aligned	Monitoring Internet usage and employee privacy expectations...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AU-14	Session Audit Key Control	Aligned	Monitoring of User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AU-14	Session Audit Key Control	Aligned	Section d) Resource Administrators should regularly review t...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-14	Session Audit Key Control	Aligned	Audit & Accountability \| Cross-Organizational Audit Logging...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-14	Session Audit Key Control	Aligned	Definition of Information Security...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
AU-14	Session Audit Key Control	Aligned	Audit & Accountability \| Session Audit...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AU-16	Cross-organizational Audit Logging Key Control	Aligned	1.7 PROTECTION OF LOG INFORMATION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-16	Cross-organizational Audit Logging Key Control	Aligned	d) Resource Administrators should regularly review the logs ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-16	Cross-organizational Audit Logging Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-16	Cross-organizational Audit Logging Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-16	Cross-organizational Audit Logging Key Control	Aligned	Audit & Accountability \| Session Audit...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AU-2	Event Logging Key Control	Aligned	1.7 PROTECTION OF LOG INFORMATION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-2	Event Logging Key Control	Aligned	d) Resource Administrators should regularly review the logs ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-2	Event Logging Key Control	Aligned	Section d) Resource Administrators should regularly review t...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-2	Event Logging Key Control	Aligned	The privileged account holders should be prevented from mani...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AU-2	Event Logging Key Control	Aligned	An audit log should be maintained of all access to program s...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AU-2	Event Logging Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-2	Event Logging Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-2	Event Logging Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-2	Event Logging Key Control	Aligned	Event Logging...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AU-2	Event Logging Key Control	Aligned	Higher levels of assurance are required for protection, rete...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AU-3	Content of Audit Records Key Control	Aligned	Section d) Resource Administrators should regularly review t...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-3	Content of Audit Records Key Control	Aligned	Section e) Event logs can contain sensitive data and persona...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-3	Content of Audit Records Key Control	Aligned	Section e) Event logs can contain sensitive data and persona...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-3	Content of Audit Records Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-3	Content of Audit Records Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-3	Content of Audit Records Key Control	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AU-4	Audit Log Storage Capacity Key Control	Aligned	1.7 PROTECTION OF LOG INFORMATION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-4	Audit Log Storage Capacity Key Control	Aligned	Automated tools (e.g., security information and event manage...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-4	Audit Log Storage Capacity Key Control	Aligned	Section d) Resource Administrators should regularly review t...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-4	Audit Log Storage Capacity Key Control	Aligned	e) An audit log should be maintained of all access to progra...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AU-5	Response to Audit Logging Process Failures Key Control	Aligned	1.7 PROTECTION OF LOG INFORMATION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-5	Response to Audit Logging Process Failures Key Control	Aligned	This includes security related events, capacity or performan...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-5	Response to Audit Logging Process Failures Key Control	Aligned	d) Resource Administrators should regularly review the logs ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-5	Response to Audit Logging Process Failures Key Control	Aligned	Section d) Resource Administrators should regularly review t...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	Role Responsibility Information Technology Department...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	Monitoring of User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	d) Resource Administrators should regularly review the logs ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	Voice Communications Equipment protection measures...	anonymized_7.2_IS_End_User_Device_Standard.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	Evidence Collection and Preservation...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	Ensuring the resolution of information security-related audi...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	Audit & Accountability \| Audit Review, Analysis, And Reporti...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AU-6	Audit Record Review, Analysis, and Reporting Key Control	Aligned	Audit & Accountability \| Session Audit...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
AU-7	Audit Record Reduction and Report Generation Key Control	Aligned	Audit & Accountability \| Session Audit...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-8	Time Stamps	Aligned	External and internal requirements for time representation, ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-8	Time Stamps	Aligned	Test’s approach to obtaining a reference time from external ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-9	Protection of Audit Information Key Control	Aligned	1.7 PROTECTION OF LOG INFORMATION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
AU-9	Protection of Audit Information Key Control	Aligned	Audit & Accountability \| Session Audit...	anonymized_11.0_IS_Operations_Security_Policy.pdf
AU-9	Protection of Audit Information Key Control	Aligned	Audit and Accountability...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
AU-9	Protection of Audit Information Key Control	Aligned	Management of User Authentication...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
AU-9	Protection of Audit Information Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CA-1	Policy and Procedures Key Control	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
CA-1	Policy and Procedures Key Control	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
CA-1	Policy and Procedures Key Control	Aligned	Section 1.6 - EXCEPTION...	anonymized_7.1_IS_Asset_Management_Standard.pdf
CA-1	Policy and Procedures Key Control	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
CA-1	Policy and Procedures Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CA-1	Policy and Procedures Key Control	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CA-1	Policy and Procedures Key Control	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CA-1	Policy and Procedures Key Control	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CA-1	Policy and Procedures Key Control	Aligned	Assessment, authorization, and monitoring policy and procedu...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CA-1	Policy and Procedures Key Control	Aligned	Assessment, authorization, and monitoring policy and procedu...	anonymized_9.1_IS_Cryptography_Standards.pdf
CA-1	Policy and Procedures Key Control	Aligned	Assessment, authorization, and monitoring policy and procedu...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CA-1	Policy and Procedures Key Control	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-1	Policy and Procedures Key Control	Aligned	1.1 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
CA-1	Policy and Procedures Key Control	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
CA-1	Policy and Procedures Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CA-1	Policy and Procedures Key Control	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CA-1	Policy and Procedures Key Control	Aligned	Audit plans should be developed and maintained...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CA-1	Policy and Procedures Key Control	Aligned	Control Assessment...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CA-2	Control Assessments Key Control	Aligned	DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CA-2	Control Assessments Key Control	Aligned	Assessment, Authorization, and Monitoring \| Control Assessme...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CA-2	Control Assessments Key Control	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
CA-2	Control Assessments Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CA-2	Control Assessments Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CA-2	Control Assessments Key Control	Aligned	1.11 ROLES & RESPONSIBILITIES...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CA-2	Control Assessments Key Control	Aligned	Assessment of & Decision on Information Security Events...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CA-2	Control Assessments Key Control	Aligned	Control Assessment...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CA-3	Information Exchange Key Control	Aligned	Data transmission...	anonymized_6.1_IS_Data_Security_Standards.pdf
CA-3	Information Exchange Key Control	Aligned	A.9.4.1 - A.13.2.1...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
CA-3	Information Exchange Key Control	Aligned	External connections to Test networks or Information Resourc...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CA-3	Information Exchange Key Control	Aligned	Encryption is to be used to protect the confidentiality of r...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CA-3	Information Exchange Key Control	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-3	Information Exchange Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CA-5	Plan of Action and Milestones	Aligned	Eradication Plan and Approval Process...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CA-5	Plan of Action and Milestones	Aligned	Account Remediation Project Plans...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CA-6	Authorization Key Control	Aligned	Authorization levels should be defined and documented....	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
CA-6	Authorization Key Control	Aligned	Roles and Responsibilities...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CA-6	Authorization Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CA-6	Authorization Key Control	Aligned	Authorization and Approval Procedures...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CA-6	Authorization Key Control	Aligned	Access Authorization Process...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CA-6	Authorization Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Monitoring of User’s device...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Continuous Monitoring of Systems...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Overview and Scope & Applicability...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CA-7	Continuous Monitoring Key Control	Aligned	SUSPECTED AND ACTUAL DATA BREACH AND NOTIFICATION...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Continuous monitoring requirements...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Network Monitoring & Defense...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Assessment, Authorization, and Monitoring \| Continuous Monit...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Assessment, Authorization, and Monitoring \| Continuous Monit...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Performance will be identified and measured by...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
CA-7	Continuous Monitoring Key Control	Aligned	1.2 GOVERNANCE Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CA-7	Continuous Monitoring Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Assessment of & Decision on Information Security Events...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CA-7	Continuous Monitoring Key Control	Aligned	Assessment of & Decision on Information Security Events...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CA-7	Continuous Monitoring Key Control	Aligned	System & Information Integrity \| Security Alerts, Advisories...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CA-7	Continuous Monitoring Key Control	Aligned	System & Information Integrity \| Security Alerts, Advisories...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CA-8	Penetration Testing	Aligned	Assessment, Authorization, and Monitoring \| Penetration Test...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CA-8	Penetration Testing	Aligned	The Information Security Team should utilize specialized sof...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CA-9	Internal System Connections Key Control	Aligned	1.2. Hardware, Software, Applications and Data - Inventory o...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-9	Internal System Connections Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-1	Policy and Procedures	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
CM-1	Policy and Procedures	Aligned	Configuration Management Policy and Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
CM-1	Policy and Procedures	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
CM-1	Policy and Procedures	Aligned	Section 1.6 - Configuration Management Policy and Procedures...	anonymized_7.1_IS_Asset_Management_Standard.pdf
CM-1	Policy and Procedures	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
CM-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-1	Policy and Procedures	Aligned	CM-1...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-1	Policy and Procedures	Aligned	1.1 PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CM-1	Policy and Procedures	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CM-1	Policy and Procedures	Aligned	Exceptions...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CM-1	Policy and Procedures	Aligned	Configuration Management Policy and Procedures...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CM-1	Policy and Procedures	Aligned	Configuration Management Policy and Procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
CM-1	Policy and Procedures	Aligned	Configuration management database should maintain the versio...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-1	Policy and Procedures	Aligned	Configuration Management \| Configuration Settings...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-1	Policy and Procedures	Aligned	Security and privacy documentation requirements...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-1	Policy and Procedures	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
CM-1	Policy and Procedures	Aligned	Configuration Management Policy and Procedures...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CM-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CM-1	Policy and Procedures	Aligned	Configuration Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-10	Software Usage Restrictions Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-11	User-installed Software	Aligned	Installation of Software on User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
CM-11	User-installed Software	Aligned	Restrictions on software installations...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-11	User-installed Software	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-12	Information Location	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
CM-12	Information Location	Aligned	Scope...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
CM-12	Information Location	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
CM-12	Information Location	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CM-12	Information Location	Aligned	Perimeter security and restrictions on access to sensitive a...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
CM-12	Information Location	Aligned	User Access Authorization and Responsibilities...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-12	Information Location	Aligned	Cloud Service Provider physical locations, including data ce...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CM-13	Data Action Mapping	Aligned	1.3 DATA OWNER RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
CM-13	Data Action Mapping	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
CM-13	Data Action Mapping	Aligned	V. Bring Your Own Device...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
CM-13	Data Action Mapping	Aligned	Section d) and e)...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-13	Data Action Mapping	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CM-13	Data Action Mapping	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CM-13	Data Action Mapping	Aligned	Data Governance and Data Privacy...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-14	Signed Components	Aligned	Certificate...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
CM-14	Signed Components	Aligned	Restrictions on software installations...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-14	Signed Components	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-2	Baseline Configuration	Aligned	CM-2...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management \| Configuration Settings...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management \| System Component Inventory...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-2	Baseline Configuration	Aligned	Deviations from baseline configuration...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management \| Configuration Change Control...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-2	Baseline Configuration	Aligned	Configuration Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration Management \| Access Restrictions for Change...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-3	Configuration Change Control Key Control	Aligned	CM-3...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-3	Configuration Change Control Key Control	Aligned	NIST CSF Subcategory Control Reference Control Name...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-3	Configuration Change Control Key Control	Aligned	Internal Change Management implementation....	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CM-3	Configuration Change Control Key Control	Aligned	strict change control procedures need to be followed for any...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration management database should maintain the versio...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration Management \| Configuration Settings...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-3	Configuration Change Control Key Control	Aligned	Controls can include technical, administrative, and physical...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-3	Configuration Change Control Key Control	Aligned	1.14 POLICY CHANGE, REVIEW & UPDATE CHANGE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CM-3	Configuration Change Control Key Control	Aligned	1.15 POLICY COMPLIANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CM-3	Configuration Change Control Key Control	Aligned	1.16 MAINTAINENCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration Change Control...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration Management \| Configuration Change Control...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration Management \| Configuration Change Control...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-3	Configuration Change Control Key Control	Aligned	Configuration Management \| Configuration Change Control...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-4	Impact Analyses	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
CM-4	Impact Analyses	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CM-4	Impact Analyses	Aligned	An analysis of the general information security practices ap...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-4	Impact Analyses	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-4	Impact Analyses	Aligned	Role Functional Activities...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CM-4	Impact Analyses	Aligned	Impact Assessment...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CM-4	Impact Analyses	Aligned	Configuration Management \| Impact Analyses...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-4	Impact Analyses	Aligned	Configuration Management \| Impact Analyses...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-4	Impact Analyses	Aligned	Configuration Management \| Impact Analyses...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-5	Access Restrictions for Change Key Control	Aligned	Access groupings will be developed and tested prior to the i...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
CM-5	Access Restrictions for Change Key Control	Aligned	Refer to the Access Control Policy for additional details....	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
CM-5	Access Restrictions for Change Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-5	Access Restrictions for Change Key Control	Aligned	Section 9: Equipment and media containing confidential infor...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CM-5	Access Restrictions for Change Key Control	Aligned	Change Management implementation....	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CM-5	Access Restrictions for Change Key Control	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-5	Access Restrictions for Change Key Control	Aligned	1.2.3 Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
CM-6	Configuration Settings	Aligned	IV. Maintaining Security while using Organizationally Owned ...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
CM-6	Configuration Settings	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-6	Configuration Settings	Aligned	Section 4.6 - Configuration Settings...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CM-6	Configuration Settings	Aligned	Logical access controls and vendor-supplied defaults...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-6	Configuration Settings	Aligned	End-user Device Security Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-6	Configuration Settings	Aligned	Configuration Management \| Configuration Settings...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-6	Configuration Settings	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-6	Configuration Settings	Aligned	Deviations from baseline configuration defined by the IT Inf...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Least Functionality...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Least Functionality...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
CM-7	Least Functionality	Aligned	f) Logical access controls should be applied to isolate sens...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Least Functionality...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Least Functionality...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Least Functionality...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Least Functionality...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Configuration Settings...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-7	Least Functionality	Aligned	Configuration Management \| Least Functionality...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-8	System Component Inventory Key Control	Aligned	System Component Inventory...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CM-8	System Component Inventory Key Control	Aligned	1.3 SUPPLIER INVENTORY...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CM-8	System Component Inventory Key Control	Aligned	Asset Management – Establishes controls for asset identifica...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-8	System Component Inventory Key Control	Aligned	1.2. Hardware, Software, Applications and Data - Inventory o...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-8	System Component Inventory Key Control	Aligned	Configuration Management \| System Component Inventory...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-8	System Component Inventory Key Control	Aligned	Configuration Management \| System Component Inventory...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-9	Configuration Management Plan	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CM-9	Configuration Management Plan	Aligned	Configuration management database should maintain the versio...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
CM-9	Configuration Management Plan	Aligned	Configuration Management \| Configuration Management Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-9	Configuration Management Plan	Aligned	Configuration Management \| Configuration Management Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-9	Configuration Management Plan	Aligned	Configuration Management \| Configuration Management Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-9	Configuration Management Plan	Aligned	Configuration Management \| Configuration Management Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-9	Configuration Management Plan	Aligned	Configuration Management \| Configuration Management Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CM-9	Configuration Management Plan	Aligned	Configuration Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CM-9	Configuration Management Plan	Aligned	Control ID Security Control Name Requirements...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-1	Policy and Procedures	Aligned	Contingency Planning Policy and Procedures...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
CP-1	Policy and Procedures	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
CP-1	Policy and Procedures	Aligned	Contingency planning policy and procedures...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
CP-1	Policy and Procedures	Aligned	Contingency planning policy and procedures...	anonymized_7.1_IS_Asset_Management_Standard.pdf
CP-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-1	Policy and Procedures	Aligned	Contingency planning policy and procedures...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CP-1	Policy and Procedures	Aligned	Contingency planning policy and procedures...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CP-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
CP-1	Policy and Procedures	Aligned	Contingency Planning Policy and Procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
CP-1	Policy and Procedures	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
CP-1	Policy and Procedures	Aligned	Contingency Planning Policy and Procedures...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CP-1	Policy and Procedures	Aligned	Information Security Aspects of Business Continuity Manageme...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CP-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CP-1	Policy and Procedures	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
CP-1	Policy and Procedures	Aligned	Contingency Planning Policy and Procedures...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-1	Policy and Procedures	Aligned	Contingency planning policy and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CP-1	Policy and Procedures	Aligned	Response to Information Security Incidents...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CP-1	Policy and Procedures	Aligned	Business Continuity Management & Operational Resilience...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-1	Policy and Procedures	Aligned	Contingency Planning Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-1	Policy and Procedures	Aligned	A consistent unified framework for business continuity plann...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-10	System Recovery and Reconstitution	Aligned	Contingency Planning and Recovery Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-10	System Recovery and Reconstitution	Aligned	Recovery...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CP-10	System Recovery and Reconstitution	Aligned	Contingency Planning \| System Recovery and Reconstitution...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CP-10	System Recovery and Reconstitution	Aligned	Contingency Planning \| Alternate Processing Site, Contingenc...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-11	Alternate Communications Protocols	Aligned	Contingency Planning \| Contingency Plan...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CP-11	Alternate Communications Protocols	Aligned	Contingency Planning \| Alternate Communications Protocols...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-11	Alternate Communications Protocols	Aligned	Contingency Planning \| Alternate Communications Protocols...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-11	Alternate Communications Protocols	Aligned	Contingency Planning \| Alternate Communications Protocols...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-12	Safe Mode	Gap	For systems that support critical mission and business functionsâ€šÃ„Ã®including military operations...
CP-13	Alternative Security Mechanisms	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CP-13	Alternative Security Mechanisms	Aligned	Recovery...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CP-13	Alternative Security Mechanisms	Aligned	Information Security Aspects of Business Continuity Manageme...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CP-13	Alternative Security Mechanisms	Aligned	1.2 GOVERNANCE - Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-13	Alternative Security Mechanisms	Aligned	1.2 GOVERNANCE - Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-13	Alternative Security Mechanisms	Aligned	Contingency Planning \| Alternative Security Mechanisms...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-2	Contingency Plan	Aligned	Contingency Planning Policy and Procedures...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
CP-2	Contingency Plan	Aligned	Contingency Planning...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-2	Contingency Plan	Aligned	Contingency planning for systems is part of an overall progr...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CP-2	Contingency Plan	Aligned	Information Security Aspects of Business Continuity Manageme...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CP-2	Contingency Plan	Aligned	Contingency Planning Policy and Procedures...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CP-2	Contingency Plan	Aligned	Information Security Aspects of Business Continuity Manageme...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CP-2	Contingency Plan	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-2	Contingency Plan	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-2	Contingency Plan	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-2	Contingency Plan	Aligned	Contingency planning for systems is part of an overall progr...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CP-2	Contingency Plan	Aligned	Response to Information Security Incidents...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CP-2	Contingency Plan	Aligned	Contingency Planning \| Contingency Plan...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CP-2	Contingency Plan	Aligned	Response to Information Security Incidents...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CP-2	Contingency Plan	Aligned	Contingency Planning \| Contingency Plan...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-2	Contingency Plan	Aligned	Business Continuity Management & Operational Resilience...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-2	Contingency Plan	Aligned	Contingency Planning \| Contingency Plan...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-2	Contingency Plan	Aligned	A consistent unified framework for business continuity plann...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-3	Contingency Training Key Control	Aligned	1.3 ROLES AND RESPONSIBILITIES...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-3	Contingency Training Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CP-3	Contingency Training Key Control	Aligned	Preparation...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CP-3	Contingency Training Key Control	Aligned	Contingency Planning \| Contingency Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
CP-3	Contingency Training Key Control	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
CP-3	Contingency Training Key Control	Aligned	Contingency Planning Policy and Procedures...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
CP-3	Contingency Training Key Control	Aligned	1.1 SCOPE & APPLICABILITY and 1.2 REQUIREMENTS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
CP-3	Contingency Training Key Control	Aligned	Contingency training and incident management training...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
CP-3	Contingency Training Key Control	Aligned	Business Continuity Management & Operational Resilience...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-3	Contingency Training Key Control	Aligned	Contingency training provided by organizations is linked to ...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-4	Contingency Plan Testing	Aligned	Contingency Planning \| Contingency Plan Testing...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-4	Contingency Plan Testing	Aligned	Contingency Planning \| Contingency Plan Testing...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-4	Contingency Plan Testing	Aligned	Contingency Planning \| Contingency Plan Testing...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-4	Contingency Plan Testing	Aligned	Preparation...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
CP-4	Contingency Plan Testing	Aligned	Business Continuity and Disaster Recovery Planning and Testi...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
CP-4	Contingency Plan Testing	Aligned	Business Continuity Planning and Plan Development...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-4	Contingency Plan Testing	Aligned	System change control procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-6	Alternate Storage Site Key Control	Aligned	Contingency Planning \| Alternate Storage Site...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-6	Alternate Storage Site Key Control	Aligned	Contingency Planning \| Alternate Storage Site...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-6	Alternate Storage Site Key Control	Aligned	Contingency Planning \| Alternate Storage Site...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-6	Alternate Storage Site Key Control	Aligned	Contingency Planning \| Alternate Storage Site...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-6	Alternate Storage Site Key Control	Aligned	Restrictions on software installation and System change cont...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-7	Alternate Processing Site Key Control	Aligned	Cloud Service Provider physical locations, including data ce...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
CP-7	Alternate Processing Site Key Control	Aligned	Contingency Planning \| Alternate Processing Site...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-7	Alternate Processing Site Key Control	Aligned	Contingency Planning \| Alternate Processing Site...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-7	Alternate Processing Site Key Control	Aligned	Contingency Planning \| Alternate Processing Site...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-8	Telecommunications Services Key Control	Aligned	Contingency Planning \| Telecommunications Services...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-8	Telecommunications Services Key Control	Aligned	Contingency Planning \| Telecommunications Services...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
CP-9	System Backup Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
CP-9	System Backup Key Control	Aligned	Protection of system backup information while in transit is ...	anonymized_6.1_IS_Data_Security_Standards.pdf
CP-9	System Backup Key Control	Aligned	Contingency Planning \| System Backup...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-9	System Backup Key Control	Aligned	Contingency Planning \| System Backup...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-9	System Backup Key Control	Aligned	Contingency Planning \| System Backup...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-9	System Backup Key Control	Aligned	Data Backup...	anonymized_11.0_IS_Operations_Security_Policy.pdf
CP-9	System Backup Key Control	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
CP-9	System Backup Key Control	Aligned	Data on laptops should be backed up to a server rather than ...	anonymized_7.2_IS_End_User_Device_Standard.pdf
CP-9	System Backup Key Control	Aligned	1.2.1 Backup...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CP-9	System Backup Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-9	System Backup Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-9	System Backup Key Control	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IA-1	Policy and Procedures Key Control	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
IA-1	Policy and Procedures Key Control	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-1	Policy and Procedures Key Control	Aligned	Chunk: 1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
IA-1	Policy and Procedures Key Control	Aligned	Identification and Authentication Policy and Procedures...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-1	Policy and Procedures Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
IA-1	Policy and Procedures Key Control	Aligned	Identification and authentication policy and procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
IA-1	Policy and Procedures Key Control	Aligned	Supplier and/or contractor is required to assess the nature ...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
IA-1	Policy and Procedures Key Control	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-1	Policy and Procedures Key Control	Aligned	Identification and authentication policy and procedures addr...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IA-1	Policy and Procedures Key Control	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
IA-1	Policy and Procedures Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IA-1	Policy and Procedures Key Control	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IA-1	Policy and Procedures Key Control	Aligned	User access policies and procedures should be established, a...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IA-1	Policy and Procedures Key Control	Aligned	Identification and authentication policy and procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IA-10	Adaptive Authentication	Aligned	Section 7.j, 7.k, and 7.l...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-10	Adaptive Authentication	Aligned	1.5 ESTABLISHING TRUST RELATIONSHIPS...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-10	Adaptive Authentication	Aligned	Identification & Authentication \| Adaptive Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-10	Adaptive Authentication	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
IA-10	Adaptive Authentication	Aligned	User Credential Management and Security Practices...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-11	Re-authentication Key Control	Aligned	Section 7, Sub-section j...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-11	Re-authentication Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
IA-11	Re-authentication Key Control	Aligned	Leaving Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-11	Re-authentication Key Control	Aligned	Laptops...	anonymized_7.2_IS_End_User_Device_Standard.pdf
IA-11	Re-authentication Key Control	Aligned	Identification & Authentication \| Re-Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-11	Re-authentication Key Control	Aligned	Identification & Authentication \| Adaptive Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-11	Re-authentication Key Control	Aligned	Identification & Authentication \| Adaptive Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-11	Re-authentication Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
IA-11	Re-authentication Key Control	Aligned	User Credential Management...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-12	Identity Proofing Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
IA-12	Identity Proofing Key Control	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-12	Identity Proofing Key Control	Aligned	Identification & Authentication \| Identity Proofing...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-12	Identity Proofing Key Control	Aligned	Identification & Authentication \| Identity Proofing...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-12	Identity Proofing Key Control	Aligned	Identification & Authentication \| Re-Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-12	Identity Proofing Key Control	Aligned	Identification & Authentication \| Re-Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	1.6 DATA HANDLING...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	1.10 REMOTE ACCESS TO Test’s SYSTEMS and 1.11 USER ID & PASS...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Access Control \| Remote Access...	anonymized_6.1_IS_Data_Security_Standards.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Identification and Authentication Requirements...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Identification and Authentication Requirements...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	ESTABLISHING TRUST RELATIONSHIPS...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Appropriate authentication mechanisms are applied...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	User access to networks and network services...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	administering the network-level permissions granted to each ...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	g) All systems should require at a minimum a username and pa...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	Access to Networks, Network Services...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
IA-2	Identification and Authentication (Organizational Users) Key Control	Aligned	User access policies and procedures should be established, a...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IA-3	Device Identification and Authentication Key Control	Aligned	Service Set Identifier (SSID)...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
IA-3	Device Identification and Authentication Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
IA-3	Device Identification and Authentication Key Control	Aligned	9. Equipment and media containing confidential information s...	anonymized_7.2_IS_End_User_Device_Standard.pdf
IA-3	Device Identification and Authentication Key Control	Aligned	Identifier (SSID)...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-3	Device Identification and Authentication Key Control	Aligned	Relevant functions that ordinary users are not authorized to...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-4	Identifier Management Key Control	Aligned	Service Set Identifier (SSID)...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
IA-4	Identifier Management Key Control	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
IA-4	Identifier Management Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-4	Identifier Management Key Control	Aligned	Term Definition...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-4	Identifier Management Key Control	Aligned	Identification & Authentication \| Identifier Management...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-5	Authenticator Management	Aligned	Account Management and Password Protection...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
IA-5	Authenticator Management	Aligned	Section 7, Sub-section l...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-5	Authenticator Management	Aligned	Section 7: Password Management and Multi-Factor Authenticati...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-5	Authenticator Management	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
IA-5	Authenticator Management	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-5	Authenticator Management	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
IA-5	Authenticator Management	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-5	Authenticator Management	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-5	Authenticator Management	Aligned	1.1.3 Laptops...	anonymized_7.2_IS_End_User_Device_Standard.pdf
IA-5	Authenticator Management	Aligned	Identification & Authentication \| Adaptive Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-5	Authenticator Management	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
IA-5	Authenticator Management	Aligned	h) The maximum number of sequential failed password attempts...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-5	Authenticator Management	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IA-5	Authenticator Management	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IA-5	Authenticator Management	Aligned	1.5 CLOUD SECURITY MANAGEMENT...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IA-5	Authenticator Management	Aligned	Definition of authentication...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IA-6	Authentication Feedback	Aligned	a) The display and printing of passwords and account numbers...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-7	Cryptographic Module Authentication Key Control	Aligned	Section 7, Sub-section j, k, and l...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-7	Cryptographic Module Authentication Key Control	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-7	Cryptographic Module Authentication Key Control	Aligned	SCOPE & APPLICABILITY...	anonymized_11.0_IS_Operations_Security_Policy.pdf
IA-7	Cryptographic Module Authentication Key Control	Aligned	Authentication Factors...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-7	Cryptographic Module Authentication Key Control	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-7	Cryptographic Module Authentication Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
IA-7	Cryptographic Module Authentication Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	1.10 REMOTE ACCESS TO Test’s SYSTEMS and 1.11 USER ID & PASS...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	User Responsibilities and Password Protection...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	Access Control \| Remote Access...	anonymized_6.1_IS_Data_Security_Standards.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	Password Requirements and Multi-Factor Authentication...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	Identification and Authentication Requirements for Non-Organ...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	1.5 ROLES & RESPONSIBILITIES...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	1.4 NEW HIRE IDS & PASSWORDS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IA-8	Identification and Authentication (Non-organizational Users)	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IA-9	Service Identification and Authentication Key Control	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-9	Service Identification and Authentication Key Control	Aligned	vii. Digital signature certificates should be used to verify...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-9	Service Identification and Authentication Key Control	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IA-9	Service Identification and Authentication Key Control	Aligned	Identification & Authentication \| Adaptive Authentication...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
IA-9	Service Identification and Authentication Key Control	Aligned	FIM Federated Identity Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-1	Policy and Procedures	Aligned	Detailed explanation of why the exception is necessary and D...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
IR-1	Policy and Procedures	Aligned	Detailed explanation of why the exception is necessary....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_7.1_IS_Asset_Management_Standard.pdf
IR-1	Policy and Procedures	Aligned	Detailed explanation of why the exception is necessary....	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_7.2_IS_End_User_Device_Standard.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-1	Policy and Procedures	Aligned	Detailed explanation of why the exception is necessary....	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
IR-1	Policy and Procedures	Aligned	Policy statement requiring the exception....	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
IR-1	Policy and Procedures	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-1	Policy and Procedures	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-1	Policy and Procedures	Aligned	Divisions & Functions Policy Implementation...	anonymized_7.0_IS_Asset_Management_Policy.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
IR-1	Policy and Procedures	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	Changes to cloud security systems and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IR-1	Policy and Procedures	Aligned	1. PURPOSE...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-1	Policy and Procedures	Aligned	Incident Response Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-2	Incident Response Training	Aligned	Incident Response \| Incident Response Training...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IR-2	Incident Response Training	Aligned	Incident Response \| Incident Response Training...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
IR-2	Incident Response Training	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IR-2	Incident Response Training	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
IR-2	Incident Response Training	Aligned	Incident Verification...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-2	Incident Response Training	Aligned	Incident Response \| Incident Response Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
IR-2	Incident Response Training	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
IR-2	Incident Response Training	Aligned	Incident response training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-2	Incident Response Training	Aligned	5. Changes to cloud security systems and procedures should b...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IR-2	Incident Response Training	Aligned	Incident Handling Team (IHT)...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-2	Incident Response Training	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-3	Incident Response Testing	Aligned	Test Cyber Security Incident Response Framework...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-3	Incident Response Testing	Aligned	Events that may precipitate an update to incident response t...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-3	Incident Response Testing	Aligned	Evaluation of Policies Effectiveness...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-3	Incident Response Testing	Aligned	Business Continuity and Disaster Recovery planning, testing,...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
IR-3	Incident Response Testing	Aligned	Changes to cloud security systems and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IR-3	Incident Response Testing	Aligned	Incident Handling Team (IHT)...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-3	Incident Response Testing	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-4	Incident Handling	Aligned	Role Responsibility Information Technology Department and CI...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
IR-4	Incident Handling	Aligned	1.4 CONTACT WITH AUTHORITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IR-4	Incident Handling	Aligned	Incident Response Management...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IR-4	Incident Handling	Aligned	Incident Response \| Incident Handling...	anonymized_11.0_IS_Operations_Security_Policy.pdf
IR-4	Incident Handling	Aligned	Incident Response \| Incident Handling...	anonymized_11.0_IS_Operations_Security_Policy.pdf
IR-4	Incident Handling	Aligned	Incident Verification and Classification...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-4	Incident Handling	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-4	Incident Handling	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-4	Incident Handling	Aligned	Supplier Relationship and Legal Department Responsibilities...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IR-4	Incident Handling	Aligned	Changes to cloud security systems and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IR-4	Incident Handling	Aligned	Response to Information Security Incidents...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-4	Incident Handling	Aligned	Incident Response \| Incident Handling...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-4	Incident Handling	Aligned	Response to Information Security Incidents...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-4	Incident Handling	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-4	Incident Handling	Aligned	Incident Response \| Incident Handling...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-4	Incident Handling	Aligned	Incident Handling...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-4	Incident Handling	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-4	Incident Handling	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-4	Incident Handling	Aligned	Incident Response \| Incident Monitoring...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-4	Incident Handling	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-4	Incident Handling	Aligned	Incident Response \| Incident Handling...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-5	Incident Monitoring	Aligned	Incident Response Management...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IR-5	Incident Monitoring	Aligned	Response to Information Security Incidents...	anonymized_11.0_IS_Operations_Security_Policy.pdf
IR-5	Incident Monitoring	Aligned	Post-mortem analysis of the way an incident was handled...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-5	Incident Monitoring	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-5	Incident Monitoring	Aligned	1.2 GOVERNANCE Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IR-5	Incident Monitoring	Aligned	Section 9: Changes to cloud security systems and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IR-5	Incident Monitoring	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-5	Incident Monitoring	Aligned	Incident Response \| Incident Handling...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-6	Incident Reporting	Aligned	1.4 CONTACT WITH AUTHORITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
IR-6	Incident Reporting	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-6	Incident Reporting	Aligned	Performance will be identified and measured by: Compliance w...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
IR-6	Incident Reporting	Aligned	Changes to cloud security systems and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IR-6	Incident Reporting	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-6	Incident Reporting	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-6	Incident Reporting	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-6	Incident Reporting	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-6	Incident Reporting	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-6	Incident Reporting	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-7	Incident Response Assistance	Aligned	Incident Tracking System (ITS) documentation requirements...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-7	Incident Response Assistance	Aligned	Incident Response \| Incident Handling...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-7	Incident Response Assistance	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-8	Incident Response Plan	Aligned	Incident Response Capabilities...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-8	Incident Response Plan	Aligned	Incident response training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-8	Incident Response Plan	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-8	Incident Response Plan	Aligned	Supplier Relationship Management and Responsibilities...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
IR-8	Incident Response Plan	Aligned	5. Changes to cloud security systems and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
IR-8	Incident Response Plan	Aligned	Response to Information Security Incidents...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-8	Incident Response Plan	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
IR-8	Incident Response Plan	Aligned	Incident Response Plan...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-8	Incident Response Plan	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-8	Incident Response Plan	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-8	Incident Response Plan	Aligned	Incident Response \| Incident Response Plan...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-8	Incident Response Plan	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
IR-9	Information Spillage Response	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
IR-9	Information Spillage Response	Aligned	Containment Plan of Action...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
IR-9	Information Spillage Response	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
IR-9	Information Spillage Response	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
MA-1	Policy and Procedures	Aligned	1.11 MAINTENANCE and 1.12 EXCEPTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MA-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
MA-1	Policy and Procedures	Aligned	Chunk: 1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
MA-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MA-1	Policy and Procedures	Aligned	Chunk: 1.9...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MA-1	Policy and Procedures	Aligned	Exception duration and detailed explanation of why the excep...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
MA-1	Policy and Procedures	Aligned	Maintenance policy and procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
MA-1	Policy and Procedures	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
MA-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
MA-1	Policy and Procedures	Aligned	Maintenance policy and procedures...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
MA-1	Policy and Procedures	Aligned	Maintenance policy and procedures...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
MA-2	Controlled Maintenance Key Control	Aligned	IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
MA-3	Maintenance Tools	Aligned	1.6 MAINTENANCE...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
MA-4	Nonlocal Maintenance	Aligned	1.6 DATA HANDLING...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MA-4	Nonlocal Maintenance	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
MA-5	Maintenance Personnel Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MA-5	Maintenance Personnel Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
MA-5	Maintenance Personnel Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MA-5	Maintenance Personnel Key Control	Aligned	Supplier and/or contractor is required to assess the nature ...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
MA-5	Maintenance Personnel Key Control	Aligned	Personnel Security \| External Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
MA-5	Maintenance Personnel Key Control	Aligned	Identification and Authentication \| Identity Proofing...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
MA-6	Timely Maintenance Key Control	Gap	Organizations specify the system components that result in increased risk to organizational operatio... Critical Gap - Key Control Missing
MA-7	Field Maintenance	Gap	Field maintenance is the type of maintenance conducted on a system or system component after the sys...
MP-1	Policy and Procedures	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MP-1	Policy and Procedures	Aligned	Media Protection \| Media Marking, Media Storage, Media Trans...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
MP-1	Policy and Procedures	Aligned	1.6 EXCEPTION...	anonymized_7.1_IS_Asset_Management_Standard.pdf
MP-1	Policy and Procedures	Aligned	Media protection policy and procedures...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
MP-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-1	Policy and Procedures	Aligned	Media Protection \| Policy & Procedure...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-1	Policy and Procedures	Aligned	Media Protection \| Policy & Procedure...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-1	Policy and Procedures	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MP-1	Policy and Procedures	Aligned	Media protection policy and procedures...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
MP-1	Policy and Procedures	Aligned	Control References...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-1	Policy and Procedures	Aligned	Media protection policy and procedures...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
MP-1	Policy and Procedures	Aligned	Acceptable Use of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
MP-1	Policy and Procedures	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
MP-1	Policy and Procedures	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
MP-2	Media Access	Aligned	1.12 REMOVEABLE STORAGE DEVICES...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
MP-2	Media Access	Aligned	Media Protection \| Media Marking, Media Protection \| Media S...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-2	Media Access	Aligned	1.3 RULES OF BEHAVIOR (ROB) - Acceptable Use...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
MP-2	Media Access	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-2	Media Access	Aligned	Media Protection \| Media Access...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-2	Media Access	Aligned	Media Protection \| Media Access...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-2	Media Access	Aligned	Media Protection \| Media Access...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-2	Media Access	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
MP-2	Media Access	Aligned	Control References...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-2	Media Access	Aligned	Section IV. Communications Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
MP-2	Media Access	Aligned	Media Protection \| Policy & Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
MP-3	Media Marking	Aligned	Media Protection \| Media Marking...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-3	Media Marking	Aligned	Audit & Accountability \| Session Audit...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-3	Media Marking	Aligned	Media Protection \| Media Marking...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-3	Media Marking	Aligned	Media Protection \| Media Marking...	anonymized_11.0_IS_Operations_Security_Policy.pdf
MP-3	Media Marking	Aligned	1.13 CONTROL REFERENCES...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MP-3	Media Marking	Aligned	Media Protection \| Media Marking...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-3	Media Marking	Aligned	Control References...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-3	Media Marking	Aligned	DOCUMENT CLASSIFICATION...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
MP-3	Media Marking	Aligned	Media Protection \| Media Marking...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
MP-4	Media Storage	Aligned	1.12 REMOVEABLE STORAGE DEVICES...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
MP-4	Media Storage	Aligned	Media Protection \| Media Storage...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-4	Media Storage	Aligned	1.3 RULES OF BEHAVIOR (ROB) - Acceptable Use...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
MP-4	Media Storage	Aligned	1.13 CONTROL REFERENCES...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MP-4	Media Storage	Aligned	Media Protection \| Media Storage...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-4	Media Storage	Aligned	Control References...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-4	Media Storage	Aligned	Media Protection...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-4	Media Storage	Aligned	Media Protection and Communications Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
MP-4	Media Storage	Aligned	Asset Management and Access Control...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
MP-4	Media Storage	Aligned	Media Protection \| Media Storage...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
MP-5	Media Transport Key Control	Aligned	Disposal of Media, Physical Media Transfer...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MP-5	Media Transport Key Control	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-5	Media Transport Key Control	Aligned	Required - Encrypt PII/NPI data element under regulatory, le...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-5	Media Transport Key Control	Aligned	1.3 RULES OF BEHAVIOR (ROB) - Acceptable Use...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
MP-5	Media Transport Key Control	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MP-5	Media Transport Key Control	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MP-5	Media Transport Key Control	Aligned	Only USB sticks and other removable devices that have been a...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-5	Media Transport Key Control	Aligned	Media Protection \| Media Transport...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-5	Media Transport Key Control	Aligned	Media Protection...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-5	Media Transport Key Control	Aligned	IV. Communications Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
MP-5	Media Transport Key Control	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
MP-5	Media Transport Key Control	Aligned	Media Protection \| Media Transport...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
MP-6	Media Sanitization	Aligned	Continuous Vulnerability Management...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MP-6	Media Sanitization	Aligned	Secure Disposal or Re-Use of Equipment...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MP-6	Media Sanitization	Aligned	Media Protection \| Media Sanitization...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MP-6	Media Sanitization	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-6	Media Sanitization	Aligned	IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
MP-6	Media Sanitization	Aligned	Leaving Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
MP-6	Media Sanitization	Aligned	Media Protection \| Media Sanitization...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-6	Media Sanitization	Aligned	Media Protection \| Media Sanitization...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-6	Media Sanitization	Aligned	Media Protection...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-6	Media Sanitization	Aligned	Secure disposal of records...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
MP-6	Media Sanitization	Aligned	1.2.2 Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
MP-6	Media Sanitization	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
MP-6	Media Sanitization	Aligned	Media Protection \| Policy & Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
MP-7	Media Use Key Control	Aligned	Disposal of Media, Physical Media Transfer...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
MP-7	Media Use Key Control	Aligned	1.12 REMOVEABLE STORAGE DEVICES...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
MP-7	Media Use Key Control	Aligned	Media use protections also apply to mobile devices with info...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-7	Media Use Key Control	Aligned	1.3 RULES OF BEHAVIOR (ROB) - Acceptable Use...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
MP-7	Media Use Key Control	Aligned	1.13 CONTROL REFERENCES...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
MP-7	Media Use Key Control	Aligned	Media Protection \| Media Use...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-7	Media Use Key Control	Aligned	Media Protection \| Media Use...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-7	Media Use Key Control	Aligned	Media Protection \| Media Use...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
MP-8	Media Downgrading	Aligned	Media Protection \| Media Downgrading...	anonymized_6.1_IS_Data_Security_Standards.pdf
MP-8	Media Downgrading	Aligned	Media Protection \| Media Downgrading...	anonymized_7.2_IS_End_User_Device_Standard.pdf
MP-8	Media Downgrading	Aligned	Media Protection \| Media Downgrading...	anonymized_9.1_IS_Cryptography_Standards.pdf
MP-8	Media Downgrading	Aligned	Secure disposal of records...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
MP-8	Media Downgrading	Aligned	1.2.2 Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
MP-8	Media Downgrading	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
MP-8	Media Downgrading	Aligned	Media Protection \| Media Downgrading...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PE-1	Policy and Procedures	Aligned	1.11 MAINTENANCE and 1.12 EXCEPTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PE-1	Policy and Procedures	Aligned	Policy Exception Process...	anonymized_6.1_IS_Data_Security_Standards.pdf
PE-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
PE-1	Policy and Procedures	Aligned	1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
PE-1	Policy and Procedures	Aligned	Section 1.12 - EXCEPTION...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PE-1	Policy and Procedures	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PE-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PE-1	Policy and Procedures	Aligned	Ensure that physical access to assets is managed and protect...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	Physical and Environmental Security Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	h. Should ensure that physical access to assets is managed a...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	h. Should ensure that physical access to assets is managed a...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	h. Should ensure that physical access to assets is managed a...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	Physical access to assets...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-1	Policy and Procedures	Aligned	Physical and Environmental Protection Policy and Procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
PE-1	Policy and Procedures	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-1	Policy and Procedures	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-1	Policy and Procedures	Aligned	1.6 EXCEPTION...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PE-1	Policy and Procedures	Aligned	Physical and Environmental Protection Policy and Procedures...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PE-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PE-1	Policy and Procedures	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PE-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PE-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PE-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
PE-10	Emergency Shutoff	Gap	Emergency power shutoff primarily applies to organizational facilities that contain concentrations o...
PE-11	Emergency Power	Gap	An uninterruptible power supply (UPS) is an electrical system or mechanism that provides emergency p...
PE-12	Emergency Lighting	Aligned	Contingency Planning \| Alternate Processing Site...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PE-13	Fire Protection	Gap	The provision of fire detection and suppression systems applies primarily to organizational faciliti...
PE-14	Environmental Controls	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-14	Environmental Controls	Aligned	Physical & Environmental Protection...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PE-15	Water Damage Protection	Gap	The provision of water damage protection primarily applies to organizational facilities that contain...
PE-16	Delivery and Removal Key Control	Aligned	Leaving Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PE-16	Delivery and Removal Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PE-16	Delivery and Removal Key Control	Aligned	User access to networks and network services...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-16	Delivery and Removal Key Control	Aligned	Perimeter security and restrictions on access to sensitive a...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-16	Delivery and Removal Key Control	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PE-16	Delivery and Removal Key Control	Aligned	Physical and Environmental Security...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PE-16	Delivery and Removal Key Control	Aligned	Restricted Area Access Procedures...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-17	Alternate Work Site Key Control	Aligned	Contingency Planning \| Alternate Processing Site...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PE-18	Location of System Components Key Control	Aligned	Protecting Against External & Environmental Threats...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-18	Location of System Components Key Control	Aligned	Perimeter security and access restrictions...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-19	Information Leakage	Aligned	Confidential Data...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PE-19	Information Leakage	Aligned	Perimeter security and Communications Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Physical and Environmental Security...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Personnel Security \| External Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Physical Access Authorizations for Restricted Areas...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Physical & Environmental Protection \| Physical Access Author...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PE-2	Physical Access Authorizations Key Control	Aligned	Identification and Authentication \| Identity Proofing...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PE-20	Asset Monitoring and Tracking Key Control	Aligned	Section f, g, and h regarding physical access and security c...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-21	Electromagnetic Pulse Protection	Gap	An electromagnetic pulse (EMP) is a short burst of electromagnetic energy that is spread over a rang...
PE-22	Component Marking Key Control	Aligned	Scope and Applicability...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PE-22	Component Marking Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PE-22	Component Marking Key Control	Aligned	Overview and Scope & Applicability...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PE-23	Facility Location	Gap	Physical and environmental hazards include floods, fires, tornadoes, earthquakes, hurricanes, terror...
PE-3	Physical Access Control Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PE-3	Physical Access Control Key Control	Aligned	h. Should ensure that physical access to assets is managed a...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	Securing Offices, Rooms & Facilities...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	Access Control \| Separation of Duties and Access Control \| L...	anonymized_9.1_IS_Cryptography_Standards.pdf
PE-3	Physical Access Control Key Control	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-3	Physical Access Control Key Control	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-3	Physical Access Control Key Control	Aligned	Physical and Environmental Security...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PE-3	Physical Access Control Key Control	Aligned	Physical and Environmental Security...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PE-3	Physical Access Control Key Control	Aligned	a. The facilities where BC/DR related activities are taking ...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	b. In the event that the badge entry system is not functiona...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	c. All personnel wishing to enter the restricted area should...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	d. Only personnel participating the in BC/DR event will be a...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	e. All personnel entering the facility should swipe their ba...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	f. Test issued ID badges should be worn and visible at all t...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	g. No furniture should be removed from restricted areas with...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-3	Physical Access Control Key Control	Aligned	h. No computing assets should be removed from restricted are...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-4	Access Control for Transmission	Aligned	Perimeter security and restrictions on access to sensitive a...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-4	Access Control for Transmission	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PE-5	Access Control for Output Devices Key Control	Aligned	a) Perimeter security, b) Restrictions on access to sensitiv...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-6	Monitoring Physical Access Key Control	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PE-6	Monitoring Physical Access Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PE-6	Monitoring Physical Access Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PE-6	Monitoring Physical Access Key Control	Aligned	Application Software Security...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PE-8	Visitor Access Records	Gap	Visitor access records include the names and organizations of individuals visiting, visitor signatur...
PE-9	Power Equipment and Cabling	Aligned	NIST CSF...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PE-9	Power Equipment and Cabling	Aligned	Securing Offices, Rooms & Facilities...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PE-9	Power Equipment and Cabling	Aligned	Physical & Environmental Protection \| Power Equipment & Cabl...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PE-9	Power Equipment and Cabling	Aligned	Physical & Environmental Protection \| Power Equipment & Cabl...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PL-1	Policy and Procedures	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PL-1	Policy and Procedures	Aligned	Policy Exception Process...	anonymized_6.1_IS_Data_Security_Standards.pdf
PL-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
PL-1	Policy and Procedures	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PL-1	Policy and Procedures	Aligned	1.6 EXCEPTION...	anonymized_7.1_IS_Asset_Management_Standard.pdf
PL-1	Policy and Procedures	Aligned	Chunk: 1.12...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PL-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PL-1	Policy and Procedures	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PL-1	Policy and Procedures	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PL-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PL-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_9.1_IS_Cryptography_Standards.pdf
PL-1	Policy and Procedures	Aligned	Risk Policy, Cloud Policy, End-user Device Security Policy, ...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PL-1	Policy and Procedures	Aligned	Compliance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PL-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PL-1	Policy and Procedures	Aligned	1.1 Applicability...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PL-1	Policy and Procedures	Aligned	SCOPE & APPLICABILITY...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PL-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PL-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
PL-10	Baseline Selection	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PL-10	Baseline Selection	Aligned	Control baselines are predefined sets of controls specifical...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PL-10	Baseline Selection	Aligned	Control References...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PL-10	Baseline Selection	Aligned	Information Security Risk – Supplier Risk Matrix...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PL-10	Baseline Selection	Aligned	Baseline security control requirements should be established...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PL-11	Baseline Tailoring	Aligned	Control: PL-11...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PL-11	Baseline Tailoring	Aligned	Control: PL-11...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PL-11	Baseline Tailoring	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PL-11	Baseline Tailoring	Aligned	Control: PL-11...	anonymized_9.1_IS_Cryptography_Standards.pdf
PL-11	Baseline Tailoring	Aligned	Tailoring Actions and Control Baselines...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PL-11	Baseline Tailoring	Aligned	Control: PL-11...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PL-2	System Security and Privacy Plans	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PL-2	System Security and Privacy Plans	Aligned	Section 1.4 - REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PL-2	System Security and Privacy Plans	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PL-4	Rules of Behavior Key Control	Aligned	1.3 DATA OWNER RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PL-4	Rules of Behavior Key Control	Aligned	Rules of behavior for organizational users...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PL-4	Rules of Behavior Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PL-4	Rules of Behavior Key Control	Aligned	1.1.3 Laptops...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PL-4	Rules of Behavior Key Control	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PL-4	Rules of Behavior Key Control	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PL-4	Rules of Behavior Key Control	Aligned	SCOPE & APPLICABILITY...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PL-4	Rules of Behavior Key Control	Aligned	VII. Test adopts the NIST CSF and ISO 27001 standards as the...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PL-4	Rules of Behavior Key Control	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PL-7	Concept of Operations	Gap	The CONOPS may be included in the security or privacy plans for the system or in other system develo...
PL-8	Security and Privacy Architectures	Aligned	1.2.3 System and Application Access Control...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PL-8	Security and Privacy Architectures	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PL-8	Security and Privacy Architectures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PL-8	Security and Privacy Architectures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PL-8	Security and Privacy Architectures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PL-8	Security and Privacy Architectures	Aligned	1.12 GOVERNANCE...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PL-9	Central Management Key Control	Aligned	Central management refers to organization-wide management an...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PL-9	Central Management Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PL-9	Central Management Key Control	Aligned	Control ID Security Control Name Requirements...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-1	Information Security Program Plan	Aligned	Program Management \| Information Security Program Plan...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-1	Information Security Program Plan	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-1	Information Security Program Plan	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PM-1	Information Security Program Plan	Aligned	Control: PM-1...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PM-1	Information Security Program Plan	Aligned	Information Security Program Plan...	anonymized_9.1_IS_Cryptography_Standards.pdf
PM-1	Information Security Program Plan	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PM-1	Information Security Program Plan	Aligned	Security and privacy programs collaborate on the development...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-1	Information Security Program Plan	Aligned	Information Security Program Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-1	Information Security Program Plan	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-1	Information Security Program Plan	Aligned	Role Functional Activities...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-1	Information Security Program Plan	Aligned	Control ID Security Control Name Requirements...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-1	Information Security Program Plan	Aligned	Program Management \| Information Security Program Plan...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-10	Authorization Process Key Control	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-10	Authorization Process Key Control	Aligned	Role Responsibility Information Technology...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PM-10	Authorization Process Key Control	Aligned	User access authorization processes...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PM-10	Authorization Process Key Control	Aligned	1.5 ROLES & RESPONSIBILITIES...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-10	Authorization Process Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PM-10	Authorization Process Key Control	Aligned	1.11 ROLES & RESPONSIBILITIES...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	1.0 PURPOSE...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	User Access Authorization and Information Security Responsib...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	Definition of Protection Needs...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PM-11	Mission and Business Process Definition Key Control	Aligned	Functional Activities...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-12	Insider Threat Program	Aligned	Program Management \| Information Security Program Leadership...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-12	Insider Threat Program	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-12	Insider Threat Program	Aligned	System & Information Integrity \| System Monitoring...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PM-12	Insider Threat Program	Aligned	Personnel Security \| External Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PM-12	Insider Threat Program	Aligned	Incident Monitoring and Incident Detection...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
PM-12	Insider Threat Program	Aligned	Security Awareness and Skills Training...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security Awareness & Skills Training...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	i) Company personnel should be trained in the proper procedu...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Information Security Awareness, Education and Training...	anonymized_9.1_IS_Cryptography_Standards.pdf
PM-13	Security and Privacy Workforce	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PM-13	Security and Privacy Workforce	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PM-13	Security and Privacy Workforce	Aligned	Information Security Awareness, Education and Training...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-13	Security and Privacy Workforce	Aligned	1.6 CLOUD SECURITY TRAINING & AWARENESS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-14	Testing, Training, and Monitoring	Aligned	1.2 GENERAL USER RESPONSIBILITIES...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PM-14	Testing, Training, and Monitoring	Aligned	1.7 INFORMATION SECURITY EDUCATION & TRAINING...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PM-14	Testing, Training, and Monitoring	Aligned	h) Business unit security officers and IT team are responsib...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PM-14	Testing, Training, and Monitoring	Aligned	i) Company personnel should be trained in the proper procedu...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PM-14	Testing, Training, and Monitoring	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-14	Testing, Training, and Monitoring	Aligned	Overview, Scope & Applicability...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PM-14	Testing, Training, and Monitoring	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.1_IS_Cryptography_Standards.pdf
PM-14	Testing, Training, and Monitoring	Aligned	Information Security & Privacy Awareness for contractor/cons...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PM-14	Testing, Training, and Monitoring	Aligned	1.3 MANAGEMENT DIRECTION FOR INFORMATION SECURITY...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-14	Testing, Training, and Monitoring	Aligned	Requirements for maintaining Test’s cybersecurity posture du...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PM-14	Testing, Training, and Monitoring	Aligned	1.2 GOVERNANCE Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-14	Testing, Training, and Monitoring	Aligned	1.5 CLOUD SECURITY MANAGEMENT...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-14	Testing, Training, and Monitoring	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
PM-15	Security and Privacy Groups and Associations	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-15	Security and Privacy Groups and Associations	Aligned	Security Awareness and Skills Training...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-15	Security and Privacy Groups and Associations	Aligned	Security Awareness and Skills Training...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-16	Threat Awareness Program	Aligned	Security Awareness and Skills Training...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-17	Protecting Controlled Unclassified Information on External Systems	Aligned	1.0 PURPOSE...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PM-17	Protecting Controlled Unclassified Information on External Systems	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PM-18	Privacy Program Plan	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-18	Privacy Program Plan	Aligned	Privacy Program Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-19	Privacy Program Leadership Role	Gap	The privacy officer is an organizational official. For federal agenciesâ€šÃ„Ã®as defined by applicab...
PM-2	Information Security Program Leadership Role	Aligned	Role Responsibility Information Technology Department...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PM-2	Information Security Program Leadership Role	Aligned	Program Management \| Information Security Program Leadership...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-2	Information Security Program Leadership Role	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-2	Information Security Program Leadership Role	Aligned	Roles and Responsibilities of Cybersecurity Leadership...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
PM-2	Information Security Program Leadership Role	Aligned	Scope and Applicability...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PM-2	Information Security Program Leadership Role	Aligned	1.5 ROLES & RESPONSIBILITIES...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-2	Information Security Program Leadership Role	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-2	Information Security Program Leadership Role	Aligned	Personnel Security \| External Personnel Security...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-20	Dissemination of Privacy Program Information	Gap	For federal agencies, the webpage is located at www.[agency].gov/privacy. Federal agencies include p...
PM-21	Accounting of Disclosures Key Control	Aligned	d) Resource Administrators should regularly review the logs ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PM-21	Accounting of Disclosures Key Control	Aligned	e) Event logs can contain sensitive data and personally iden...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PM-22	Personally Identifiable Information Quality Management	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PM-22	Personally Identifiable Information Quality Management	Aligned	Section 1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PM-22	Personally Identifiable Information Quality Management	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-23	Data Governance Body Key Control	Aligned	1.3 DATA OWNER RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PM-23	Data Governance Body Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PM-23	Data Governance Body Key Control	Aligned	1.12 GOVERNANCE...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-23	Data Governance Body Key Control	Aligned	Data Governance...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-24	Data Integrity Board	Gap	A Data Integrity Board is the board of senior officials designated by the head of a federal agency a...
PM-25	Minimization of Personally Identifiable Information Used in Testing, Training, and Research	Aligned	Confidential Data...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PM-25	Minimization of Personally Identifiable Information Used in Testing, Training, and Research	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PM-26	Complaint Management	Gap	Complaints, concerns, and questions from individuals can serve as valuable sources of input to organ...
PM-27	Privacy Reporting	Aligned	1.4 CONTACT WITH AUTHORITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-27	Privacy Reporting	Aligned	Documentation of personal data breaches and post-incident an...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
PM-27	Privacy Reporting	Aligned	Performance will be identified and measured by...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-28	Risk Framing	Aligned	Program Management \| Risk Framing...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-29	Risk Management Program Leadership Roles	Aligned	Risk Management Activities...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PM-29	Risk Management Program Leadership Roles	Aligned	Role Responsibility...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-3	Information Security and Privacy Resources	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-3	Information Security and Privacy Resources	Aligned	1.5 ROLES & RESPONSIBILITIES...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-3	Information Security and Privacy Resources	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-3	Information Security and Privacy Resources	Aligned	1.11 ROLES & RESPONSIBILITIES...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-3	Information Security and Privacy Resources	Aligned	Program Management \| Information Security and Privacy Resour...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-30	Supply Chain Risk Management Strategy	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PM-30	Supply Chain Risk Management Strategy	Aligned	diligence questionnaire, or a subset of the full worksheet f...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PM-30	Supply Chain Risk Management Strategy	Aligned	Vendor Risk Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-30	Supply Chain Risk Management Strategy	Aligned	Risk Management Performance...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-30	Supply Chain Risk Management Strategy	Aligned	1.4 SUPPLIER RISK MANAGEMENT PROGRAM...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-30	Supply Chain Risk Management Strategy	Aligned	Risk Assessment \| System Development Life Cycle...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-31	Continuous Monitoring Strategy	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PM-31	Continuous Monitoring Strategy	Aligned	Continuous monitoring at the organization level...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PM-31	Continuous Monitoring Strategy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PM-31	Continuous Monitoring Strategy	Aligned	Performance will be identified and measured by...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-31	Continuous Monitoring Strategy	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-31	Continuous Monitoring Strategy	Aligned	Assessment of & Decision on Information Security Events...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
PM-31	Continuous Monitoring Strategy	Aligned	System & Information Integrity \| Security Alerts, Advisories...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-32	Purposing	Aligned	1.0 PURPOSE...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
PM-4	Plan of Action and Milestones Process	Aligned	diligence questionnaire, or a subset of the full worksheet f...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PM-4	Plan of Action and Milestones Process	Aligned	Control: PM-4...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-4	Plan of Action and Milestones Process	Aligned	Assessment, Authorization & Monitoring \| Plan of Action & Pr...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-5	System Inventory	Aligned	Record maintenance requirements...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PM-5	System Inventory	Aligned	1.2. Hardware, Software, Applications and Data - Inventory o...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PM-5	System Inventory	Aligned	Program Management \| System Inventory...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-5	System Inventory	Aligned	Program Management \| System Inventory...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PM-6	Measures of Performance	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PM-6	Measures of Performance	Aligned	Performance will be identified and measured by...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-6	Measures of Performance	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-7	Enterprise Architecture	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-7	Enterprise Architecture	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-7	Enterprise Architecture	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-7	Enterprise Architecture	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PM-8	Critical Infrastructure Plan	Aligned	NIST CSF...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PM-8	Critical Infrastructure Plan	Aligned	Risk Assessment Policy/Plan...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-9	Risk Management Strategy	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PM-9	Risk Management Strategy	Aligned	Risk Management Strategy and Supplier Risk Assessment...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PM-9	Risk Management Strategy	Aligned	Risk Policy - Establishes controls to ensure identification,...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-9	Risk Management Strategy	Aligned	Vendor Risk Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PM-9	Risk Management Strategy	Aligned	Performance will be identified and measured by...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PM-9	Risk Management Strategy	Aligned	1.11 ROLES & RESPONSIBILITIES...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PM-9	Risk Management Strategy	Aligned	Program Management \| Risk Management Strategy...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PS-1	Policy and Procedures Key Control	Aligned	Policy Exception Process...	anonymized_6.1_IS_Data_Security_Standards.pdf
PS-1	Policy and Procedures Key Control	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
PS-1	Policy and Procedures Key Control	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PS-1	Policy and Procedures Key Control	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PS-1	Policy and Procedures Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PS-1	Policy and Procedures Key Control	Aligned	Exceptions...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PS-1	Policy and Procedures Key Control	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_9.1_IS_Cryptography_Standards.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PS-1	Policy and Procedures Key Control	Aligned	Personnel Security \| External Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.2 APPLICABILITY...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.17 EXCEPTION...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PS-1	Policy and Procedures Key Control	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PS-1	Policy and Procedures Key Control	Aligned	Personnel Security \| External Personnel Security...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PS-2	Position Risk Designation Key Control	Aligned	Personnel Security \| Position Descriptions...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PS-2	Position Risk Designation Key Control	Aligned	Personnel Security \| Position Risk Designation...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PS-2	Position Risk Designation Key Control	Aligned	Personnel Security \| Position Risk Designation...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PS-2	Position Risk Designation Key Control	Aligned	Personnel Security \| Position Descriptions...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-2	Position Risk Designation Key Control	Aligned	Personnel Security \| Position Descriptions...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PS-3	Personnel Screening Key Control	Aligned	1.2 SCOPE & APPLICABILITY...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PS-3	Personnel Screening Key Control	Aligned	1.3 BACKGROUND CHECKS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PS-3	Personnel Screening Key Control	Aligned	1.2 SCOPE & APPLICABILITY...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PS-3	Personnel Screening Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PS-3	Personnel Screening Key Control	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PS-3	Personnel Screening Key Control	Aligned	Personnel Security \| Personnel Screening...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PS-3	Personnel Screening Key Control	Aligned	Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-3	Personnel Screening Key Control	Aligned	Physical & Environmental Protection \| Personnel Screening...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PS-3	Personnel Screening Key Control	Aligned	Physical & Environmental Protection \| Personnel Screening...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PS-4	Personnel Termination Key Control	Aligned	1.5 ENFORCEMENT/COMPLIANCE...	anonymized_7.1_IS_Asset_Management_Standard.pdf
PS-4	Personnel Termination Key Control	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PS-4	Personnel Termination Key Control	Aligned	User accounts management upon employment status changes...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PS-4	Personnel Termination Key Control	Aligned	Immediate locking of user accounts upon termination...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PS-4	Personnel Termination Key Control	Aligned	Timely execution of user account management after terminatio...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PS-4	Personnel Termination Key Control	Aligned	Human Resource Security Policy and Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PS-4	Personnel Termination Key Control	Aligned	Return of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-4	Personnel Termination Key Control	Aligned	Return of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-4	Personnel Termination Key Control	Aligned	Termination of workforce personnel and/or expiration of exte...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PS-5	Personnel Transfer	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PS-5	Personnel Transfer	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PS-5	Personnel Transfer	Aligned	User accounts, including privileged user accounts, entitleme...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PS-5	Personnel Transfer	Aligned	Employee/Contractor’s managers should immediately notify the...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PS-5	Personnel Transfer	Aligned	Personnel Security \| External Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-5	Personnel Transfer	Aligned	Upon termination of workforce personnel and/or expiration of...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PS-6	Access Agreements	Aligned	Personnel Security \| Monitoring Physical Access...	anonymized_9.1_IS_Cryptography_Standards.pdf
PS-6	Access Agreements	Aligned	Access Control & Identity Management policy...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PS-7	External Personnel Security Key Control	Aligned	Data transmission should be encrypted....	anonymized_6.1_IS_Data_Security_Standards.pdf
PS-7	External Personnel Security Key Control	Aligned	Coordination and oversight of third-party relationships...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PS-7	External Personnel Security Key Control	Aligned	Change Management implementation....	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
PS-7	External Personnel Security Key Control	Aligned	Term Definitions and Related Documents...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PS-7	External Personnel Security Key Control	Aligned	Personnel Security \| Personnel Sanctions...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-7	External Personnel Security Key Control	Aligned	Personnel Security \| Personnel Sanctions...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-7	External Personnel Security Key Control	Aligned	Personnel Security \| External Personnel Security...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-7	External Personnel Security Key Control	Aligned	Supplier Relationship Management...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PS-7	External Personnel Security Key Control	Aligned	Cloud Service Provider...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PS-7	External Personnel Security Key Control	Aligned	Organization Protocols...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
PS-8	Personnel Sanctions	Aligned	1.10 ENFORCEMENT...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PS-8	Personnel Sanctions	Aligned	1.6 ENFORCEMENT/COMPLIANCE...	anonymized_6.1_IS_Data_Security_Standards.pdf
PS-8	Personnel Sanctions	Aligned	1.6 ENFORCEMENT/COMPLIANCE...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
PS-8	Personnel Sanctions	Aligned	ENFORCEMENT/COMPLIANCE...	anonymized_7.1_IS_Asset_Management_Standard.pdf
PS-8	Personnel Sanctions	Aligned	1.8 DISCIPLINARY PROCESS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PS-8	Personnel Sanctions	Aligned	ENFORCEMENT/COMPLIANCE...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PS-8	Personnel Sanctions	Aligned	1.8 ENFORCEMENT/COMPLIANCE...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PS-8	Personnel Sanctions	Aligned	Section XI and XII regarding disciplinary actions and except...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PS-8	Personnel Sanctions	Aligned	Personnel Security \| Position Descriptions...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-8	Personnel Sanctions	Aligned	Personnel Security \| Personnel Sanctions...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-8	Personnel Sanctions	Aligned	ENFORCEMENT/COMPLIANCE...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-8	Personnel Sanctions	Aligned	1.13 ENFORCEMENT/COMPLIANCE...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PS-8	Personnel Sanctions	Aligned	8. ENFORCEMENT/COMPLIANCE...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
PS-9	Position Descriptions Key Control	Aligned	Role Responsibility Information Technology Department...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PS-9	Position Descriptions Key Control	Aligned	Personnel Security \| Position Descriptions...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PS-9	Position Descriptions Key Control	Aligned	1.3 ROLES AND RESPONSIBILITIES...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PS-9	Position Descriptions Key Control	Aligned	Role Responsibility...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PS-9	Position Descriptions Key Control	Aligned	SUPPLIER AND/OR CONTRACTOR/CONTRCTOR SECURITY REQUIREMENTS...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
PS-9	Position Descriptions Key Control	Aligned	System & Information Integrity \| System Monitoring...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PS-9	Position Descriptions Key Control	Aligned	Information Security Roles & Responsibilities...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PS-9	Position Descriptions Key Control	Aligned	Personnel Security \| Position Descriptions...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-9	Position Descriptions Key Control	Aligned	Personnel Security \| Position Descriptions...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PS-9	Position Descriptions Key Control	Aligned	Role Responsibility...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PS-9	Position Descriptions Key Control	Aligned	Scope...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PS-9	Position Descriptions Key Control	Aligned	Role Functional Activities...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
PT-1	Policy and Procedures	Aligned	Role Responsibility Information Technology Department...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PT-1	Policy and Procedures	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PT-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
PT-1	Policy and Procedures	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
PT-1	Policy and Procedures	Aligned	1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
PT-1	Policy and Procedures	Aligned	1.0 PURPOSE...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
PT-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PT-1	Policy and Procedures	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PT-1	Policy and Procedures	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
PT-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
PT-1	Policy and Procedures	Aligned	Control: PT-1...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
PT-1	Policy and Procedures	Aligned	Access Authorization Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PT-1	Policy and Procedures	Aligned	Acceptable Use of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
PT-1	Policy and Procedures	Aligned	1.4.1 RISK REGISTER...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
PT-1	Policy and Procedures	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
PT-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PT-2	Authority to Process Personally Identifiable Information Key Control	Aligned	1.3 DATA OWNER RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PT-2	Authority to Process Personally Identifiable Information Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PT-2	Authority to Process Personally Identifiable Information Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PT-2	Authority to Process Personally Identifiable Information Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PT-3	Personally Identifiable Information Processing Purposes Key Control	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
PT-4	Consent	Aligned	1.2 GENERAL USER RESPONSIBILITIES...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
PT-5	Privacy Notice	Gap	Privacy notices help inform individuals about how their personally identifiable information is being...
PT-6	System of Records Notice	Gap	The PRIVACT requires that federal agencies publish a system of records notice in the Federal Registe...
PT-7	Specific Categories of Personally Identifiable Information Key Control	Aligned	Restricted Data...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
PT-7	Specific Categories of Personally Identifiable Information Key Control	Aligned	Term Definitions...	anonymized_6.1_IS_Data_Security_Standards.pdf
PT-8	Computer Matching Requirements	Gap	The PRIVACT establishes requirements for federal and non-federal agencies if they engage in a matchi...
RA-1	Policy and Procedures	Aligned	1.1 SCOPE & APPLICABILITY...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
RA-1	Policy and Procedures	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-1	Policy and Procedures	Aligned	Policy Exception Process...	anonymized_6.1_IS_Data_Security_Standards.pdf
RA-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-1	Policy and Procedures	Aligned	Risk Assessment Policy and Procedures...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
RA-1	Policy and Procedures	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
RA-1	Policy and Procedures	Aligned	Chunk: 1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
RA-1	Policy and Procedures	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
RA-1	Policy and Procedures	Aligned	Chunk: 1.4...	anonymized_7.2_IS_End_User_Device_Standard.pdf
RA-1	Policy and Procedures	Aligned	Risk assessment policy and procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
RA-1	Policy and Procedures	Aligned	1.6 EXCEPTION...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
RA-1	Policy and Procedures	Aligned	Risk Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	Risk Policy - Establishes controls to ensure identification,...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	Risk Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	Risk Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	Risk Policy - Establishes controls to ensure identification,...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
RA-1	Policy and Procedures	Aligned	1.4.1 RISK REGISTER...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
RA-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
RA-1	Policy and Procedures	Aligned	Risk assessment policy and procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
RA-10	Threat Hunting	Aligned	Threat Hunting...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
RA-10	Threat Hunting	Aligned	Threat Hunting...	anonymized_11.0_IS_Operations_Security_Policy.pdf
RA-10	Threat Hunting	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
RA-10	Threat Hunting	Aligned	System & Information Integrity \| Security Alerts, Advisories...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
RA-2	Security Categorization	Aligned	1.0 PURPOSE...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
RA-2	Security Categorization	Aligned	Security categorization process as an organization-wide acti...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-2	Security Categorization	Aligned	Risk assessments can also be conducted at various steps in t...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-2	Security Categorization	Aligned	Security Categorization...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-2	Security Categorization	Aligned	Security Categorization...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-2	Security Categorization	Aligned	Risk Assessment \| Security Categorization...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-2	Security Categorization	Aligned	Risk Assessment \| Security Categorization...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-2	Security Categorization	Aligned	Security Categorization...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-2	Security Categorization	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
RA-2	Security Categorization	Aligned	Criticality analysis of information....	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
RA-2	Security Categorization	Aligned	Incident Categorization...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
RA-2	Security Categorization	Aligned	1.11 CONTROL REFERENCES...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
RA-2	Security Categorization	Aligned	Security Categorization Process...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
RA-2	Security Categorization	Aligned	Security Categorization Process...	anonymized_9.1_IS_Cryptography_Standards.pdf
RA-2	Security Categorization	Aligned	VII. Test adopts the NIST CSF and ISO 27001 standards as the...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-2	Security Categorization	Aligned	Such analysis is conducted as part of security categorizatio...	anonymized_7.0_IS_Asset_Management_Policy.pdf
RA-2	Security Categorization	Aligned	Control References...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-2	Security Categorization	Aligned	Security categorization processes facilitate the development...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
RA-3	Risk Assessment Key Control	Aligned	Risk assessments consider threats, vulnerabilities, likeliho...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-3	Risk Assessment Key Control	Aligned	Risk assessments consider threats, vulnerabilities, likeliho...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
RA-3	Risk Assessment Key Control	Aligned	1.3 MANAGEMENT DIRECTION FOR INFORMATION SECURITY...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-3	Risk Assessment Key Control	Aligned	PURPOSE and SCOPE & APPLICABILITY...	anonymized_7.0_IS_Asset_Management_Policy.pdf
RA-3	Risk Assessment Key Control	Aligned	Control References...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-3	Risk Assessment Key Control	Aligned	1.4.1 RISK REGISTER...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-3	Risk Assessment Key Control	Aligned	Risk assessments should be revisited as part of a contract r...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
RA-3	Risk Assessment Key Control	Aligned	Risk Assessment \| System Development Life Cycle...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Vulnerability Monitoring and Analysis...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Risk Assessment \| Security Categorization...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Vulnerability Monitoring and Analysis...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Continuous Vulnerability Management...	anonymized_7.2_IS_End_User_Device_Standard.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Vulnerability Monitoring & Analysis...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Continuous Vulnerability Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Continuous Vulnerability Management...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	The Information Security Team should periodically conduct a ...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	The Information Security Team should periodically conduct a ...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Vulnerability Monitoring & Scanning...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	Events that may precipitate an update to risk assessment pol...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
RA-5	Vulnerability Monitoring and Scanning	Aligned	System & Information Integrity \| Security Alerts, Advisories...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
RA-6	Technical Surveillance Countermeasures Survey	Gap	A technical surveillance countermeasures survey is a service provided by qualified personnel to dete...
RA-7	Risk Response	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
RA-7	Risk Response	Aligned	Preparation...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
RA-7	Risk Response	Aligned	Risk Assessment and Response...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
RA-7	Risk Response	Aligned	Risk Management Performance...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-7	Risk Response	Aligned	Risk assessments should be revisited as part of a contract r...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
RA-7	Risk Response	Aligned	Risk Assessment \| Risk Response...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
RA-8	Privacy Impact Assessments	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
RA-8	Privacy Impact Assessments	Aligned	Privacy Impact Assessment...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-8	Privacy Impact Assessments	Aligned	Privacy Impact Assessment...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
RA-8	Privacy Impact Assessments	Aligned	Privacy Impact Assessment...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
RA-8	Privacy Impact Assessments	Aligned	Privacy Impact Assessment...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
RA-9	Criticality Analysis Key Control	Aligned	Risk assessment is an ongoing activity carried out throughou...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-9	Criticality Analysis Key Control	Aligned	Criticality Analysis...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
RA-9	Criticality Analysis Key Control	Aligned	Risk Assessment \| Security Categorization...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-9	Criticality Analysis Key Control	Aligned	Criticality Analysis...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
RA-9	Criticality Analysis Key Control	Aligned	Criticality analysis and its importance in risk management....	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
RA-9	Criticality Analysis Key Control	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
RA-9	Criticality Analysis Key Control	Aligned	1.3 MANAGEMENT DIRECTION FOR INFORMATION SECURITY...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
RA-9	Criticality Analysis Key Control	Aligned	Criticality analysis is performed when an architecture or de...	anonymized_7.0_IS_Asset_Management_Policy.pdf
RA-9	Criticality Analysis Key Control	Aligned	Risk Assessment Policy/Plan...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-9	Criticality Analysis Key Control	Aligned	Risk Assessment \| Criticality Analysis...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
RA-9	Criticality Analysis Key Control	Aligned	Information Security Risk – Supplier Risk Matrix...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-1	Policy and Procedures	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SA-1	Policy and Procedures	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SA-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SA-1	Policy and Procedures	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SA-1	Policy and Procedures	Aligned	1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SA-1	Policy and Procedures	Aligned	Section 1.12 - Policy Exceptions...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SA-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-1	Policy and Procedures	Aligned	1.9 Exception...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SA-1	Policy and Procedures	Aligned	1.4...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SA-1	Policy and Procedures	Aligned	System and services acquisition policy and procedures...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_9.1_IS_Cryptography_Standards.pdf
SA-1	Policy and Procedures	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SA-1	Policy and Procedures	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SA-1	Policy and Procedures	Aligned	1.1 - Policy Overview...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
SA-1	Policy and Procedures	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
SA-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SA-1	Policy and Procedures	Aligned	Control: SA-1: System and services acquisition policy and pr...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-10	Developer Configuration Management	Aligned	System & Services Acquisition \| Developer Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-10	Developer Configuration Management	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-10	Developer Configuration Management	Aligned	NIST CSF Subcategory Control Reference Control Name...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-10	Developer Configuration Management	Aligned	Access Control to Program Source Code...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SA-10	Developer Configuration Management	Aligned	System & Services Acquisition \| Developer Configuration Mana...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-10	Developer Configuration Management	Aligned	Configuration Management \| Configuration Management Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-10	Developer Configuration Management	Aligned	Deviations from baseline configuration and authorization pro...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-10	Developer Configuration Management	Aligned	System & Services Acquisition \| Developer Configuration...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-10	Developer Configuration Management	Aligned	Configuration Management \| Configuration Change Control...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-11	Developer Testing and Evaluation	Aligned	SCOPE & APPLICABILITY...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SA-11	Developer Testing and Evaluation	Aligned	1.1 SUPPLIER PROVISIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-11	Developer Testing and Evaluation	Aligned	1.2 GOVERNANCE Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-11	Developer Testing and Evaluation	Aligned	Security Team should establish or amend a Test policy for ac...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-11	Developer Testing and Evaluation	Aligned	The Information Security Team should periodically conduct a ...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-11	Developer Testing and Evaluation	Aligned	The Information Security Team should utilize specialized sof...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-11	Developer Testing and Evaluation	Aligned	Developmental Testing and Evaluation...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-15	Development Process, Standards, and Tools	Aligned	Configuration Management \| Configuration Settings, Configura...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-15	Development Process, Standards, and Tools	Aligned	Information Security Risk – Supplier Risk Matrix...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-15	Development Process, Standards, and Tools	Aligned	Risk Assessment \| System Development Life Cycle...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-15	Development Process, Standards, and Tools	Aligned	Risk Assessment \| System Development Life Cycle...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-16	Developer-provided Training	Aligned	1.7 INFORMATION SECURITY EDUCATION & TRAINING...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SA-16	Developer-provided Training	Aligned	Section i) Company personnel should be trained in the proper...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-16	Developer-provided Training	Aligned	SUPPLIER AND/OR CONTRACTOR/CONTRCTOR SECURITY REQUIREMENTS...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SA-16	Developer-provided Training	Aligned	1.6 CLOUD SECURITY TRAINING & AWARENESS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-17	Developer Security and Privacy Architecture and Design	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-2	Allocation of Resources	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-2	Allocation of Resources	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-2	Allocation of Resources	Aligned	Section 4: Procedures should be established, and supporting ...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-20	Customized Development of Critical Components	Aligned	Supply Chain Risk Management Plans...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SA-20	Customized Development of Critical Components	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SA-20	Customized Development of Critical Components	Aligned	Access Control to Program Source Code...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SA-20	Customized Development of Critical Components	Aligned	Supply Chain Risk Management...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SA-21	Developer Screening Key Control	Aligned	1.2 SCOPE & APPLICABILITY...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SA-21	Developer Screening Key Control	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SA-21	Developer Screening Key Control	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-21	Developer Screening Key Control	Aligned	System & Services Acquisition \| Developer Screening...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SA-22	Unsupported System Components Key Control	Aligned	Technical Vulnerability Management...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-22	Unsupported System Components Key Control	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-23	Specialization Key Control	Aligned	iii. Non-repudiation services should be used to resolve a di...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SA-23	Specialization Key Control	Aligned	All external connections to Test networks or Information Res...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SA-23	Specialization Key Control	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
SA-23	Specialization Key Control	Aligned	Information Security Risk – Supplier Risk Matrix...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-3	System Development Life Cycle	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SA-3	System Development Life Cycle	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-3	System Development Life Cycle	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-3	System Development Life Cycle	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
SA-3	System Development Life Cycle	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-3	System Development Life Cycle	Aligned	1.2 GOVERNANCE Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-3	System Development Life Cycle	Aligned	Security Team should establish or amend a Test policy for ac...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-3	System Development Life Cycle	Aligned	System Interconnections...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-3	System Development Life Cycle	Aligned	System Development Life Cycle...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-4	Acquisition Process	Aligned	Security and privacy functional requirements are typically d...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SA-4	Acquisition Process	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SA-4	Acquisition Process	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SA-4	Acquisition Process	Aligned	1.6...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SA-4	Acquisition Process	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-4	Acquisition Process	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SA-4	Acquisition Process	Aligned	Exceptions...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-4	Acquisition Process	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SA-4	Acquisition Process	Aligned	Security and privacy functional requirements...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-4	Acquisition Process	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
SA-4	Acquisition Process	Aligned	Exceptions...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
SA-4	Acquisition Process	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-4	Acquisition Process	Aligned	Section 3: A consistent unified framework for cloud-based se...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-4	Acquisition Process	Aligned	System & Services Acquisition \| Acquisition Process...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-4	Acquisition Process	Aligned	Control ID Security Control Name Requirements...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-5	System Documentation	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SA-5	System Documentation	Aligned	Key Lifecycle Management Procedures...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SA-5	System Documentation	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-5	System Documentation	Aligned	Section 5: Baseline security control requirements should be ...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-5	System Documentation	Aligned	1.12 GOVERNANCE...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Systems security and privacy engineering principles are clos...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Systems security and privacy engineering principles are clos...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Control: SA-8: Systems security and privacy engineering prin...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Control: SA-8...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	1.2 GOVERNANCE Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Test System and Application Owners should prepare and record...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Security Team should establish or amend a Test policy for ac...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	Security Engineering Principles...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-8	Security and Privacy Engineering Principles	Aligned	System & Services Acquisition \| Security Engineering Princip...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SA-9	External System Services Key Control	Aligned	Coordination and oversight of third-party relationships...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SA-9	External System Services Key Control	Aligned	1.5 ESTABLISHING TRUST RELATIONSHIPS...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SA-9	External System Services Key Control	Aligned	Change Management implementation....	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SA-9	External System Services Key Control	Aligned	System and services acquisition policy and procedures...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-9	External System Services Key Control	Aligned	System security engineering principles can also be used to p...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-9	External System Services Key Control	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SA-9	External System Services Key Control	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SA-9	External System Services Key Control	Aligned	Vendor Risk Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-9	External System Services Key Control	Aligned	System Acquisition, Development and Maintenance; Vendor Risk...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SA-9	External System Services Key Control	Aligned	Supplier Relationship Owner and Legal Department Responsibil...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SA-9	External System Services Key Control	Aligned	Cloud security procedures should address all Test cloud serv...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SA-9	External System Services Key Control	Aligned	Organization Protocols...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SA-9	External System Services Key Control	Aligned	Governance and Enterprise Risk Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-1	Policy and Procedures	Aligned	1.11 MAINTENANCE and 1.12 EXCEPTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-1	Policy and Procedures	Aligned	1.17 EXCEPTION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SC-1	Policy and Procedures	Aligned	Policy Exception Process...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SC-1	Policy and Procedures	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SC-1	Policy and Procedures	Aligned	1.6 EXCEPTION...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SC-1	Policy and Procedures	Aligned	Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-1	Policy and Procedures	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-1	Policy and Procedures	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-1	Policy and Procedures	Aligned	Initial Analysis Meeting and Containment Plan of Action...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SC-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SC-1	Policy and Procedures	Aligned	System and communications protection policy and procedures...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-1	Policy and Procedures	Aligned	System and communications protection policy and procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-1	Policy and Procedures	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SC-1	Policy and Procedures	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-1	Policy and Procedures	Aligned	Divisions & Functions are free to define and implement stron...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-1	Policy and Procedures	Aligned	Exceptions to this policy can be requested by submitting a p...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-1	Policy and Procedures	Aligned	1.1 Applicability...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
SC-1	Policy and Procedures	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
SC-1	Policy and Procedures	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SC-10	Network Disconnect	Gap	Network disconnect applies to internal and external networks. Terminating network connections associ...
SC-11	Trusted Path	Aligned	NIST SP 800-53 Rev 5...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	9.0 Cryptographic Policy...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	1.4 KEY MANAGEMENT...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	1.4 KEY MANAGEMENT...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	Cryptography...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-12	Cryptographic Key Establishment and Management	Aligned	Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-13	Cryptographic Protection	Aligned	9.0 Cryptographic Policy...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-13	Cryptographic Protection	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-13	Cryptographic Protection	Aligned	vii. Digital signature certificates should be used to verify...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-13	Cryptographic Protection	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-13	Cryptographic Protection	Aligned	ix. Encryption algorithms, keys, and software solutions shou...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-13	Cryptographic Protection	Aligned	x. Legal and Compliance team should handle all legal request...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-13	Cryptographic Protection	Aligned	Encryption is to be used to protect the confidentiality of r...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-13	Cryptographic Protection	Aligned	1.1 APPLICABILITY and 1.2 SUPPORTED CRYPTOGRAPHIC ALGORITHMS...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-13	Cryptographic Protection	Aligned	Data Protection and Security Measures...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SC-13	Cryptographic Protection	Aligned	Cryptography...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-13	Cryptographic Protection	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-13	Cryptographic Protection	Aligned	Management of keys and key management policies...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-15	Collaborative Computing Devices and Applications	Aligned	System & Communications Protection \| Collaborative Computing...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	Restricted Data...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	proprietary information, trade secrets or any other sensitiv...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	Term Definitions...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	Confidentiality or Non-Disclosure Agreements...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	b) Information owners should only grant privileged access to...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	1.2.1 Access Control...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	Assets ownership and responsibilities...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-16	Transmission of Security and Privacy Attributes	Aligned	Term Definition...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-17	Public Key Infrastructure Certificates	Aligned	9.0 Cryptography Policy...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-17	Public Key Infrastructure Certificates	Aligned	Definition of Certificate...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-18	Mobile Code	Aligned	1.4 SECURITY & PROPRIETARY INFORMATION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SC-18	Mobile Code	Aligned	Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SC-18	Mobile Code	Aligned	Section g...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-18	Mobile Code	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-18	Mobile Code	Aligned	Access Control for Portable and Mobile Devices...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-18	Mobile Code	Aligned	Mobile Code Policy and Procedures...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-18	Mobile Code	Aligned	Implementation of security measures on endpoint devices and ...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-18	Mobile Code	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-2	Separation of System and User Functionality	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-2	Separation of System and User Functionality	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-2	Separation of System and User Functionality	Aligned	User access to networks and network services...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-2	Separation of System and User Functionality	Aligned	Access Control for Cloud Systems and Services...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-2	Separation of System and User Functionality	Aligned	Segregation of information systems and access restrictions...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	System & Communications Protection \| Secure Name/Address Res...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	System & Communications Protection\| Secure Name/address Reso...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	System & Communications Protection\| Secure Name/address Reso...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	vii. Digital signature certificates should be used to verify...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	System & Communications Protection \| Secure Name/address Res...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	Control SC-20...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-20	Secure Name/Address Resolution Service (Authoritative Source) Key Control	Aligned	Provisioning for Name/Address Resolution Service...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-21	Secure Name/Address Resolution Service (Recursive or Caching Resolver)	Aligned	System & Communications Protection \| Secure Name/Address Res...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-21	Secure Name/Address Resolution Service (Recursive or Caching Resolver)	Aligned	System & Communications Protection\| Secure Name/address Reso...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-21	Secure Name/Address Resolution Service (Recursive or Caching Resolver)	Aligned	System & Communications Protection\| Secure Name/address Reso...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-21	Secure Name/Address Resolution Service (Recursive or Caching Resolver)	Aligned	System & Communications Protection\| Architecture and Provisi...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-21	Secure Name/Address Resolution Service (Recursive or Caching Resolver)	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-21	Secure Name/Address Resolution Service (Recursive or Caching Resolver)	Aligned	Provisioning for Name/Address Resolution Service...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-22	Architecture and Provisioning for Name/Address Resolution Service	Aligned	Secure Name/Address Resolution (Authoritative Source)...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-22	Architecture and Provisioning for Name/Address Resolution Service	Aligned	System & Communications Protection\| Secure Name/address Reso...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-23	Session Authenticity	Aligned	System & Communications Protection\| Session Authenticity...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-23	Session Authenticity	Aligned	System & Communications Protection\| Session Authenticity...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-23	Session Authenticity	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-23	Session Authenticity	Aligned	All external connections to Test networks or Information Res...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-23	Session Authenticity	Aligned	Confidential, Restricted information or applications that re...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-23	Session Authenticity	Aligned	Secure Log-on Procedures...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-23	Session Authenticity	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-24	Fail in Known State	Aligned	Recovery...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SC-24	Fail in Known State	Aligned	Information Security Aspects of Business Continuity Manageme...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-25	Thin Nodes	Aligned	Limitation of the use of utility programs and ensuring only ...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-26	Decoys	Gap	Decoys (i.e., honeypots, honeynets, or deception nets) are established to attract adversaries and de...
SC-27	Platform-independent Applications	Aligned	Discussion on multi-cloud and application portability...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	1.4 DATA CUSTODIAN RESPONSIBILITIES...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Controls can be viewed as descriptions of the safeguards and...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Encryption of PII/NPI data under regulatory, legal or contra...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Required - Encrypt PII/NPI data element under regulatory, le...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Devices should be password-protected and encrypted....	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Only USB sticks and other removable devices that have been a...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Devices should be password-protected and encrypted....	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Encryption is to be used to protect the confidentiality of r...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	System and Communications Protection...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Communications Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Asset Management, Access Control, Cryptography...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-28	Protection of Information at Rest Key Control	Aligned	Segregation and access restriction of information systems...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-29	Heterogeneity	Gap	Increasing the diversity of information technologies within organizational systems reduces the impac...
SC-3	Security Function Isolation	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-30	Concealment and Misdirection	Gap	Concealment and misdirection techniques can significantly reduce the targeting capabilities of adver...
SC-31	Covert Channel Analysis	Gap	Developers are in the best position to identify potential areas within systems that might lead to co...
SC-32	System Partitioning	Gap	System partitioning is part of a defense-in-depth protection strategy. Organizations determine the d...
SC-34	Non-modifiable Executable Programs	Aligned	Access Control to Program Source Code...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-34	Non-modifiable Executable Programs	Aligned	Section 8: Information Security Team Responsibilities...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-35	External Malicious Code Identification	Aligned	Section 6: Unacceptable Uses of Test's Systems...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SC-35	External Malicious Code Identification	Aligned	Software Monitoring and Cyber Security Incident Response Pla...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-35	External Malicious Code Identification	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-36	Distributed Processing and Storage	Aligned	Multi-cloud involves using multiple cloud services from diff...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-36	Distributed Processing and Storage	Aligned	Data Redundancy and Performance Improvement...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-37	Out-of-band Channels Key Control	Aligned	System & Communications Protection\| Out-of-Band Channels...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-37	Out-of-band Channels Key Control	Aligned	System & Communications Protection\| Out-of-Band Channels...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-37	Out-of-band Channels Key Control	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-37	Out-of-band Channels Key Control	Aligned	Provisioning for Name/Address Resolution Service...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-38	Operations Security	Aligned	Scope and Applicability...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-38	Operations Security	Aligned	Critical/High (inherent) risk and Medium (inherent) risk sec...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SC-38	Operations Security	Aligned	Operations Security...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-38	Operations Security	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-39	Process Isolation	Gap	Systems can maintain separate execution domains for each executing process by assigning each process...
SC-4	Information in Shared System Resources	Aligned	Leaving Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SC-4	Information in Shared System Resources	Aligned	Access Authorization and Information Security Responsibiliti...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-4	Information in Shared System Resources	Aligned	1.2.2 Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-4	Information in Shared System Resources	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-40	Wireless Link Protection	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-40	Wireless Link Protection	Aligned	Section 10 and 11 regarding approved end-user devices and th...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-41	Port and I/O Device Access	Aligned	1.12 REMOVEABLE STORAGE DEVICES...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SC-42	Sensor Capability and Data Key Control	Aligned	b. Monitoring of User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SC-42	Sensor Capability and Data Key Control	Aligned	c. Installation of Software on User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SC-42	Sensor Capability and Data Key Control	Aligned	f. Ensure that the security controls are in place while usin...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-43	Usage Restrictions	Aligned	Usage Restrictions and Compliance...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SC-43	Usage Restrictions	Aligned	1.2 Endpoint Security Device Management...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SC-43	Usage Restrictions	Aligned	REQUIREMENT - Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-43	Usage Restrictions	Aligned	Overview, Scope & Applicability...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-43	Usage Restrictions	Aligned	Limitation of the use of utility programs and authorization ...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-43	Usage Restrictions	Aligned	Acceptable Use of Assets...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-43	Usage Restrictions	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-43	Usage Restrictions	Aligned	Control of mobile code and its execution...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-43	Usage Restrictions	Aligned	The Information Security Team should enforce and comply with...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-44	Detonation Chambers	Aligned	Monitoring for Malicious Code...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-44	Detonation Chambers	Aligned	Implementation of malware prevention on endpoint devices and...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-44	Detonation Chambers	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-45	System Time Synchronization	Aligned	External and internal requirements for time representation, ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-45	System Time Synchronization	Aligned	A network time protocol should be used to keep all the serve...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-46	Cross Domain Policy Enforcement	Aligned	Physical & Environmental Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SC-46	Cross Domain Policy Enforcement	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-47	Alternate Communications Paths	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SC-47	Alternate Communications Paths	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-47	Alternate Communications Paths	Aligned	3. GENERAL PROVISIONS...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SC-47	Alternate Communications Paths	Aligned	Incident Response Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-48	Sensor Relocation	Aligned	Network Administration and its designees will centrally moni...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-49	Hardware-enforced Separation and Policy Enforcement	Gap	System owners may require additional strength of mechanism and robustness to ensure domain separatio...
SC-5	Denial-of-service Protection	Aligned	System & Communications Protection\| Denial-of-Service Protec...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-5	Denial-of-service Protection	Aligned	System & Communications Protection\| Denial-of-Service Protec...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-5	Denial-of-service Protection	Aligned	Containment strategies vary based on the type of incident....	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SC-5	Denial-of-service Protection	Aligned	System & Communications Protection \| Denial-of-Service Prote...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-50	Software-enforced Separation and Policy Enforcement Key Control	Aligned	1.4 MAINTAINANCE and 1.5 EXCEPTIONS...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-50	Software-enforced Separation and Policy Enforcement Key Control	Aligned	Exceptions to the policy...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SC-50	Software-enforced Separation and Policy Enforcement Key Control	Aligned	1.4 EXCEPTION...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-50	Software-enforced Separation and Policy Enforcement Key Control	Aligned	Exceptions...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
SC-50	Software-enforced Separation and Policy Enforcement Key Control	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-51	Hardware-based Protection	Gap	None....
SC-6	Resource Availability	Gap	Priority protection prevents lower-priority processes from delaying or interfering with the system t...
SC-7	Boundary Protection	Aligned	System & Communications Protection\| Boundary Protection...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-7	Boundary Protection	Aligned	System & Communications Protection \| Secure Name/Address Res...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-7	Boundary Protection	Aligned	System monitoring capabilities are achieved through a variet...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-7	Boundary Protection	Aligned	NIST CSF Subcategory Control Reference...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-7	Boundary Protection	Aligned	System & Communications Protection\| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-7	Boundary Protection	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SC-7	Boundary Protection	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-7	Boundary Protection	Aligned	Control: SC-7...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SC-7	Boundary Protection	Aligned	a. Appropriate controls for User access to networks and netw...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-7	Boundary Protection	Aligned	Boundary protection may be implemented as a common control f...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SC-7	Boundary Protection	Aligned	Network and Firewall Security Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SC-7	Boundary Protection	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-7	Boundary Protection	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-7	Boundary Protection	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-7	Boundary Protection	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-7	Boundary Protection	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-7	Boundary Protection	Aligned	Securing Application Services on Public Networks...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-7	Boundary Protection	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-7	Boundary Protection	Aligned	1.2 GOVERNANCE - Implementation...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-7	Boundary Protection	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-7	Boundary Protection	Aligned	Implementation of controls to prevent malware execution...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SC-7	Boundary Protection	Aligned	Access Control \| Access Control Policy and Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	Controls can include technical, administrative, and physical...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	Examples of system security engineering principles include: ...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	Protecting the confidentiality and integrity of transmitted ...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	Control: SC-8: Protecting the confidentiality and integrity ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	vii. Digital signature certificates should be used to verify...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	viii. Authentication and network/transport layer encryption ...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	ix. Encryption algorithms, keys, and software solutions shou...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	NIST SP 800-53 Rev 5...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	Voice Communications Equipment Protection...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	All external connections to Test networks or Information Res...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	IV. Communications Security...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SC-8	Transmission Confidentiality and Integrity	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-1	Policy and Procedures	Aligned	1.11 MAINTENANCE and 1.12 EXCEPTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SI-1	Policy and Procedures	Aligned	Role Responsibility Information Technology Department...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SI-1	Policy and Procedures	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-1	Policy and Procedures	Aligned	1.5 EXCEPTION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SI-1	Policy and Procedures	Aligned	1.2 INFORMATION SECURITY ROLES & RESPONSIBILITIES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SI-1	Policy and Procedures	Aligned	Section 1.6 - EXCEPTION...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SI-1	Policy and Procedures	Aligned	1.12 EXCEPTION...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SI-1	Policy and Procedures	Aligned	1.2 REQUIREMENT Documented Operating Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-1	Policy and Procedures	Aligned	PURPOSE...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SI-1	Policy and Procedures	Aligned	1.4...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SI-1	Policy and Procedures	Aligned	Test Cyber Security Incident Response Framework...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SI-1	Policy and Procedures	Aligned	1.7 EXCEPTIONS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SI-1	Policy and Procedures	Aligned	1.7 WORDING and 1.8 GLOSSARY...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SI-1	Policy and Procedures	Aligned	System and Information Integrity Policy and Procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
SI-1	Policy and Procedures	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SI-1	Policy and Procedures	Aligned	Internet Security & Usage Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SI-1	Policy and Procedures	Aligned	Internet Security & Usage Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SI-1	Policy and Procedures	Aligned	Internet Security & Usage Policy – Establishes controls that...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SI-1	Policy and Procedures	Aligned	Policy Exception Process...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-1	Policy and Procedures	Aligned	1.4 REQUIREMENT...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
SI-1	Policy and Procedures	Aligned	1.6 EXCEPTIONS...	anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf
SI-1	Policy and Procedures	Aligned	Control: SI-1: System and information integrity policy and p...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-1	Policy and Procedures	Aligned	1.15 EXCEPTION...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-1	Policy and Procedures	Aligned	4. IMPLEMENTATION...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SI-10	Information Input Validation	Aligned	Checks into a system or report to ensure the logical consist...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SI-10	Information Input Validation	Aligned	Testing Approaches...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-11	Error Handling	Aligned	d) Resource Administrators should regularly review the logs ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-11	Error Handling	Aligned	e) Event logs can contain sensitive data and personally iden...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-11	Error Handling	Aligned	Section g) to l) regarding login attempts and session manage...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SI-12	Information Management and Retention	Aligned	1.8 DATA RETENTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SI-12	Information Management and Retention	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-12	Information Management and Retention	Aligned	IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SI-12	Information Management and Retention	Aligned	Information management and retention regarding terminated em...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SI-12	Information Management and Retention	Aligned	Protection of log information...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-12	Information Management and Retention	Aligned	7.2 End User Device Standard...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SI-12	Information Management and Retention	Aligned	Evidence Gathering and Chain of Custody Documentation...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SI-12	Information Management and Retention	Aligned	Information management and retention requirements cover the ...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SI-12	Information Management and Retention	Aligned	Access Control \| Separation of Duties...	anonymized_9.1_IS_Cryptography_Standards.pdf
SI-12	Information Management and Retention	Aligned	1.2.2 Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-12	Information Management and Retention	Aligned	Information management and retention requirements cover the ...	anonymized_20.0_IS_Risk_Management_Policy_2.pdf
SI-12	Information Management and Retention	Aligned	Information management and retention requirements cover the ...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-13	Predictable Failure Prevention	Gap	While MTTF is primarily a reliability issue, predictable failure prevention is intended to address p...
SI-14	Non-persistence	Aligned	Implementation of non-persistent components and services...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-14	Non-persistence	Aligned	Implementation of non-persistent components and services...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-15	Information Output Filtering	Gap	Certain types of attacks, including SQL injections, produce output results that are unexpected or in...
SI-16	Memory Protection	Aligned	The Information Security Team should enforce and comply with...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-16	Memory Protection	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-17	Fail-safe Procedures	Aligned	Disaster Recovery Plans and Backup Procedures...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-18	Personally Identifiable Information Quality Operations	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-18	Personally Identifiable Information Quality Operations	Aligned	Section d) and e)...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-18	Personally Identifiable Information Quality Operations	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-19	De-identification	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-19	De-identification	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SI-19	De-identification	Aligned	The section discusses the handling of sensitive data, includ...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SI-19	De-identification	Aligned	1.9 DATA PROTECTION REQUIREMENTS...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-2	Flaw Remediation	Aligned	1.5 ORGANIZATIONALY OWNED & MANAGED INFO SYSTEMS & ASSETS...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SI-2	Flaw Remediation	Aligned	IV. Maintaining Security while using Organizationally Owned ...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SI-2	Flaw Remediation	Aligned	Technical Vulnerability Management...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-2	Flaw Remediation	Aligned	Information Security Incident Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SI-2	Flaw Remediation	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-2	Flaw Remediation	Aligned	Management of technical vulnerabilities...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-20	Tainting	Aligned	Requirements for handling suspicious emails...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SI-20	Tainting	Aligned	1.8 DISCIPLINARY PROCESS...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SI-20	Tainting	Aligned	Access Control for Portable and Mobile Devices...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SI-20	Tainting	Aligned	Changes to cloud security systems and procedures should be f...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-20	Tainting	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-21	Information Refresh	Aligned	1.8 DATA RETENTION...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SI-21	Information Refresh	Aligned	Retention of documentation...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SI-21	Information Refresh	Aligned	1.2.2 Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-21	Information Refresh	Aligned	Retention and Disposal of Test Data...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-22	Information Diversity Key Control	Aligned	Checks into a system or report to ensure the logical consist...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SI-22	Information Diversity Key Control	Aligned	SUPPLIER RISK CATEGORY...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-23	Information Fragmentation	Aligned	1.1 Data Handling Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-23	Information Fragmentation	Aligned	A.9.4.1 - A.13.2.1...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SI-23	Information Fragmentation	Aligned	organization’s information systems should be appropriately s...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-3	Malicious Code Protection	Aligned	System & Information Integrity \| Malicious Code Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-3	Malicious Code Protection	Aligned	Section 4: Posting Test information on public Internet sites...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SI-3	Malicious Code Protection	Aligned	Anti-Virus, Hostile, and Malicious Code Security...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-3	Malicious Code Protection	Aligned	Section 4: All PCs and laptops should be equipped with up-to...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SI-3	Malicious Code Protection	Aligned	Containment Plan of Action...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SI-3	Malicious Code Protection	Aligned	Information Resources which are necessary for their work, an...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SI-3	Malicious Code Protection	Aligned	Encryption is to be used to protect the confidentiality of r...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SI-3	Malicious Code Protection	Aligned	Secure technologies supporting pre-approved accounts and mon...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SI-3	Malicious Code Protection	Aligned	Access Control for Portable and Mobile Devices...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SI-3	Malicious Code Protection	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-3	Malicious Code Protection	Aligned	Malicious code protection mechanisms include both signature-...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-3	Malicious Code Protection	Aligned	business processes and technical measures implemented to pre...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-4	System Monitoring	Aligned	System monitoring includes external and internal monitoring....	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-4	System Monitoring	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-4	System Monitoring	Aligned	1.2 SYSTEM USE NOTIFICATION...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SI-4	System Monitoring	Aligned	System monitoring includes external and internal monitoring....	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SI-4	System Monitoring	Aligned	requirements for maintaining evidence...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-4	System Monitoring	Aligned	Overview, Scope & Applicability...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SI-4	System Monitoring	Aligned	Cyber Security Incident Response Framework...	anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf
SI-4	System Monitoring	Aligned	Network Monitoring & Defense...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
SI-4	System Monitoring	Aligned	Management of User Authentication...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
SI-4	System Monitoring	Aligned	Internet Security & Usage Policy...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SI-4	System Monitoring	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-4	System Monitoring	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-4	System Monitoring	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-4	System Monitoring	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-4	System Monitoring	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-4	System Monitoring	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-4	System Monitoring	Aligned	Assessment of & Decision on Information Security Events...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SI-4	System Monitoring	Aligned	System & Information Integrity \| Security Alerts, Advisories...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-5	Security Alerts, Advisories, and Directives Key Control	Aligned	Information Security Risk – Supplier Risk Matrix...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SI-5	Security Alerts, Advisories, and Directives Key Control	Aligned	Security Awareness and Skills Training...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-6	Security and Privacy Function Verification	Aligned	1.9 LEAVING Test...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	Integrity Checks...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	Monitoring of User’s device and Installation of Software on ...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	Monitoring and Response to Malicious Activity...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	vi. Cryptographic technology implementations should be revie...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	vii. Digital signature certificates should be used to verify...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	ix. Encryption algorithms, keys, and software solutions shou...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	PURPOSE...	anonymized_9.1_IS_Cryptography_Standards.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	Implementation of measures to prevent malware execution...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-7	Software, Firmware, and Information Integrity Key Control	Aligned	Information Integrity...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SI-8	Spam Protection	Aligned	1.4 SECURITY & PROPRIETARY INFORMATION...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SI-8	Spam Protection	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
SI-8	Spam Protection	Aligned	Section 6: Unacceptable Uses of Test’s Systems...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SI-8	Spam Protection	Aligned	h) Business unit security officers and IT team are responsib...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-8	Spam Protection	Aligned	j) Test should assure that SPAM protection as part of its em...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SI-8	Spam Protection	Aligned	Section 4: System Entry and Exit Points...	anonymized_7.2_IS_End_User_Device_Standard.pdf
SI-8	Spam Protection	Aligned	Network Controls...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-8	Spam Protection	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-8	Spam Protection	Aligned	Section discussing malware execution prevention on endpoint ...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SI-8	Spam Protection	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-1	Policy and Procedures	Aligned	Policy Exceptions and Procedures...	anonymized_6.1_IS_Data_Security_Standards.pdf
SR-1	Policy and Procedures	Aligned	Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SR-1	Policy and Procedures	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-1	Policy and Procedures	Aligned	Policy and Procedures for Supply Chain Risk Management...	anonymized_9.1_IS_Cryptography_Standards.pdf
SR-1	Policy and Procedures	Aligned	1.0 SCOPE & APPLICABILITY...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SR-1	Policy and Procedures	Aligned	Supply chain risk management policy and procedures...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-1	Policy and Procedures	Aligned	Divisions & Functions Policy Implementation...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SR-1	Policy and Procedures	Aligned	Supplier Relationship Management Responsibilities...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SR-1	Policy and Procedures	Aligned	Supply Chain Risk Management \| Supply Chain Controls & Proce...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-1	Policy and Procedures	Aligned	Managing changes to supplier services...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-10	Inspection of Systems or Components	Gap	The inspection of systems or systems components for tamper resistance and detection addresses physic...
SR-11	Component Authenticity	Aligned	Information Security Risk – Supplier Risk Matrix...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SR-12	Component Disposal	Aligned	Continuous Vulnerability Management...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SR-12	Component Disposal	Aligned	Disposal (in accordance with Retention Policy)...	anonymized_6.1_IS_Data_Security_Standards.pdf
SR-12	Component Disposal	Aligned	V. Bring Your Own Device...	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
SR-12	Component Disposal	Aligned	1.3 IT Asset (NEW) and other assets Retirement and Disposal...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SR-12	Component Disposal	Aligned	Data Protection and Disposal Procedures...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SR-12	Component Disposal	Aligned	1.2.2 Asset Disposal & Re-Use...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SR-12	Component Disposal	Aligned	1.13 END OF SERVICE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SR-12	Component Disposal	Aligned	1.10 CLOUD EXIT STRATEGY...	anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management Overview...	anonymized_2.0_IS_Acceptable_Use_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management ...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Scope and Applicability...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Vendor Risk Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management Plan...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Information Security Risk – Supplier Risk Matrix...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management \| Supply Chain Controls & Proce...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management ...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management ...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Risk Assessment \| System Development Life Cycle...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-2	Supply Chain Risk Management Plan	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management ...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-3	Supply Chain Controls and Processes Key Control	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-3	Supply Chain Controls and Processes Key Control	Aligned	1.3 SUPPLIER INVENTORY...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SR-3	Supply Chain Controls and Processes Key Control	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-3	Supply Chain Controls and Processes Key Control	Aligned	Vendor Risk Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-3	Supply Chain Controls and Processes Key Control	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-3	Supply Chain Controls and Processes Key Control	Aligned	Address security within supplier agreements and Information ...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-3	Supply Chain Controls and Processes Key Control	Aligned	Supply Chain Risk Management \| Supplier Assessments & Review...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-4	Provenance Key Control	Gap	Every system and system component has a point of origin and may be changed throughout its existence.... Critical Gap - Key Control Missing
SR-5	Acquisition Strategies, Tools, and Methods	Aligned	IT Asset Procurement...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SR-5	Acquisition Strategies, Tools, and Methods	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-5	Acquisition Strategies, Tools, and Methods	Aligned	System Acquisition, Development and Maintenance...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-5	Acquisition Strategies, Tools, and Methods	Aligned	SUPPLIER RISK...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SR-5	Acquisition Strategies, Tools, and Methods	Aligned	Supply Chain Risk Management \| Supply Chain Controls & Proce...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-6	Supplier Assessments and Reviews Key Control	Aligned	Coordination and oversight of third-party relationships...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SR-6	Supplier Assessments and Reviews Key Control	Aligned	Scope and Applicability...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SR-6	Supplier Assessments and Reviews Key Control	Aligned	Vendor Risk Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-6	Supplier Assessments and Reviews Key Control	Aligned	Supplier Relationship Owner and Legal Department responsibil...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SR-6	Supplier Assessments and Reviews Key Control	Aligned	Supply Chain Risk Management \| Supplier Assessments & Review...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-7	Supply Chain Operations Security	Aligned	Data Identification...	anonymized_6.0_IS_Data_Security_Policy_1.pdf
SR-7	Supply Chain Operations Security	Aligned	Coordination and oversight of third-party relationships...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
SR-7	Supply Chain Operations Security	Aligned	1.3 SUPPLIER INVENTORY...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SR-7	Supply Chain Operations Security	Aligned	Scope...	anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf
SR-7	Supply Chain Operations Security	Aligned	Operations Security...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-7	Supply Chain Operations Security	Aligned	Supply Chain Risk Management \| Supply Chain Controls & Proce...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-8	Notification Agreements Key Control	Aligned	IT Asset Procurement...	anonymized_7.1_IS_Asset_Management_Standard.pdf
SR-8	Notification Agreements Key Control	Aligned	System & Services Acquisition \| Customized Development of Cr...	anonymized_11.0_IS_Operations_Security_Policy.pdf
SR-8	Notification Agreements Key Control	Aligned	Supplier contracts and performance monitoring...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
SR-8	Notification Agreements Key Control	Aligned	Vendor Risk Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
SR-8	Notification Agreements Key Control	Aligned	Supplier Relationship Owner, Legal Department, Supplier Rela...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
SR-8	Notification Agreements Key Control	Aligned	Organization Protocols and Impact Assessment...	anonymized_15.0_IS_Incident_Management_Policy_1.pdf
SR-8	Notification Agreements Key Control	Aligned	Supply Chain Risk Management \| Policy & Procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
SR-9	Tamper Resistance and Detection	Gap	Anti-tamper technologies, tools, and techniques provide a level of protection for systems, system co...
PR.IP-6	Protection of Information Process	Aligned	System & Information Integrity \| System Monitoring...	anonymized_6.1_IS_Data_Security_Standards.pdf
PR.IP-6	Protection of Information Process	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
PR.IP-6	Protection of Information Process	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
PR.IP-6	Protection of Information Process	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
PR.IP-6	Protection of Information Process	Aligned	System & Communications Protection \| Boundary Protection...	anonymized_6.1_IS_Data_Security_Standards.pdf
PR.IP-6	Protection of Information Process	Aligned	System & Information Integrity \| System Monitoring...	anonymized_6.1_IS_Data_Security_Standards.pdf
A.9.4.4	Use of Privileged Utility Programs	Aligned	Controls can be viewed as descriptions of the safeguards and...	anonymized_6.1_IS_Data_Security_Standards.pdf
A.9.4.4	Use of Privileged Utility Programs	Aligned	Control: SC-2...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-17(1)	Remote Access	Aligned	Monitoring of User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AC-17(1)	Remote Access	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-17(1)	Remote Access	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-17(1)	Remote Access	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AU-6(1)	Audit Review, Analysis, and Reporting	Aligned	Monitoring of User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
AU-6(1)	Audit Review, Analysis, and Reporting	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-6(1)	Audit Review, Analysis, and Reporting	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CM-2(2)	Configuration Change Control	Aligned	Installation of Software on User’s device....	anonymized_2.1_IS_Acceptable_Use_Standard.pdf
CM-2(2)	Configuration Change Control	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
ID.AM-6	Security Awareness & Skills Training	Aligned	1.11 CONTROL REFERENCES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
ID.AM-6	Security Awareness & Skills Training	Aligned	1.11 CONTROL REFERENCES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
ID.AM-6	Security Awareness & Skills Training	Aligned	1.11 CONTROL REFERENCES...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.7.1.2	Terms & Conditions of Employment	Aligned	Information Security Awareness, Education and Training...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Access Control Policy...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Information Access Restriction...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.4.1	Access Control Policy	Aligned	Information Access Restriction...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.4.1	Access Control Policy	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.4.1	Access Control Policy	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.4.1	Access Control Policy	Aligned	Identification and Authentication Requirements...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.10.1.1	Access to Networks & Network Services	Aligned	Access to Networks & Network Services...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.10.1.1	Access to Networks & Network Services	Aligned	Access to Networks & Network Services...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.10.1.1	Access to Networks & Network Services	Aligned	Policy on the Utilization of Cryptographic Controls...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.10.1.1	Access to Networks & Network Services	Aligned	The use of encrypted VPNs provides sufficient assurance to t...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.10.1.1	Access to Networks & Network Services	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.11.1.4	Management of Privileged Access Rights	Aligned	Management of Privileged Access Rights...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.11.1.4	Management of Privileged Access Rights	Aligned	Threat actions that may increase security or privacy risks i...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.11.1.4	Management of Privileged Access Rights	Aligned	Physical & Environmental Protection...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.11.1.4	Management of Privileged Access Rights	Aligned	Physical & Environmental Protection...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.13.1.1	Network Controls	Aligned	Network Controls...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.13.1.1	Network Controls	Aligned	Policy on the Utilization of Cryptographic Controls...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.13.1.1	Network Controls	Aligned	Network Monitoring & Defense...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.13.1.1	Network Controls	Aligned	Boundary protection may be implemented as a common control f...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.13.2.1	Segregation in Networks	Aligned	Segregation in Networks...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.13.2.1	Segregation in Networks	Aligned	Information Transfer Policies & Procedures...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.13.2.1	Segregation in Networks	Aligned	Policy on the Utilization of Cryptographic Controls...	anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf
A.13.2.1	Segregation in Networks	Aligned	Organizations commonly employ information flow control polic...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Policy and Procedures...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Organizations commonly employ information flow control polic...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Policy...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	System and communications protection policy and procedures...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Control Name: Access Control Policy...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Policy and Procedures...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Remote access controls apply to systems other than public we...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Policy...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Control: AC-4: Information flow control...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Control: SC-2...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Identification and Authentication Requirements...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Control baselines and stakeholder needs...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Rules of behavior represent a type of access agreement for o...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Access Control Policy...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Controls can be viewed as descriptions of the safeguards and...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.1	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.9.1.1	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	Network Monitoring & Defense...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	NIST CSF...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	Network Monitoring & Defense...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	Access to Networks & Network Services...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	Organizations use encrypted virtual private networks (VPNs) ...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	Control: SC-7: Managed interfaces include gateways, routers,...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.1.2	Access to Networks & Network Services	Aligned	Access Types...	anonymized_9.1_IS_Cryptography_Standards.pdf
AC-6(9)	Access Control Policy	Aligned	Access Control Policy and employee termination procedures...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-6(9)	Access Control Policy	Aligned	Access privileges and account reviews...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
15	Service Provider Management	Aligned	Supply chain risk management (SCRM) activities include ident...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
15	Service Provider Management	Aligned	Service Provider Management...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
A.8.2.2	Labeling of Information	Aligned	Labeling of Information...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.8.2.2	Labeling of Information	Aligned	Labeling of Information...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.8.2.2	Labeling of Information	Aligned	Access Control Management...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
A.8.2.2	Labeling of Information	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
A.8.2.2	Labeling of Information	Aligned	Requirements can include mandated configuration settings tha...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.8.2.3	Handling of Assets	Aligned	Handling of Assets...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AC-2g	Account Management	Aligned	Managers...	anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf
AU-3(1)	Content of Audit Records	Aligned	e) Event logs can contain sensitive data and personally iden...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PR.IP-1	Information Protection Processes and Procedures	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PR.IP-1	Information Protection Processes and Procedures	Aligned	Configuration Management \| Baseline Configuration...	anonymized_11.0_IS_Operations_Security_Policy.pdf
PR.DS-2	Data Protection	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
PR.AT-5	Security Awareness & Skills Training	Aligned	Incident Response \| Incident Response Training...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
A.7.1.1	Screening	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
A.7.1.1	Screening	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
A.7.1.1	Screening	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
A.7.1.1	Screening	Aligned	Personnel screening and rescreening activities...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.7.3.1	Termination or Change of Employment Responsibilities	Aligned	Program Management \| Security & Privacy Workforce...	anonymized_9.0_IS_Cryptography_Policy_1.pdf
SA-12	External Information System Services \| Supply Chain Protection	Aligned	System and services acquisition policy and procedures...	anonymized_14.1_IS_Supplier_Relationship_Standards.pdf
16	Application Software Security	Aligned	Application Software Security...	anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf
A.9.2.3	Management of Privileged Access Rights	Aligned	Management of Privileged Access Rights...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.2.3	Management of Privileged Access Rights	Aligned	Control: SC-2...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.9.2.3	Management of Privileged Access Rights	Aligned	Organizations consider rules of behavior based on individual...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.13.2.4	Confidentiality or Non-Disclosure Agreements	Aligned	NIST CSF Subcategory Control Reference...	anonymized_9.1_IS_Cryptography_Standards.pdf
A.13.1.3	Segregation in Networks	Aligned	Subnetworks that are physically or logically separated from ...	anonymized_9.1_IS_Cryptography_Standards.pdf
SI-4n	Information System Monitoring	Aligned	System & Information Integrity \| System Monitoring...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
PR.IP-11n	Risk Management Strategy	Aligned	System & Information Integrity \| System Monitoring...	anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf
3.1	Access Control Policy Key Control	Aligned	Access Control...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
3.2	Asset Management	Aligned	Asset Management...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
ID.GV-1	Governance	Aligned	Governance and Documentation...	anonymized_3.0_IS_Information_Security_Policy_2.pdf
PR.DS-5	Data Protection	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.11.2.1	Equipment Siting & Protection	Aligned	Physical & Environmental Protection...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.11.2.1	Equipment Siting & Protection	Aligned	Physical & Environmental Protection...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.11.2.1	Equipment Siting & Protection	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.11.2.1	Equipment Siting & Protection	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
A.11.1.5	Working in Secure Areas	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-2(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-2(1)	Access Control Policy	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
AC-2(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-2(3)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-2(4)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-4(all)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-17(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-17(3)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-17(9)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-18(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-18(3)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-18(4)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-18(5)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AC-19(4)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AT-2(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AT-2(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AT-3(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AT-3(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AT-3(3)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-6(3)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-6(5)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-6(6)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-6(9)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-7(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
AU-7(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-2(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-2(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-2(3)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-3(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-3(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-3(3)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CA-7(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-3(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-3(4)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-6(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-7(2)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-7(4)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-7(5)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-8(all)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CM-9(1)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CP-7(all)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
CP-7(all)	Access Control Policy	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
CP-8(all)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-4(all)	Access Control Policy	Aligned	Physical & Environmental Protection \| Asset Monitoring & Tra...	anonymized_7.0_IS_Asset_Management_Policy.pdf
SI-4(22)	Information System Monitoring	Aligned	1.2 GOVERNANCE...	anonymized_14.0_IS_Supplier_Management_Policy_2.pdf
PR.AC-1	Identity and Access Management Policy	Aligned	User access policies and procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.AC-1	Identity and Access Management Policy	Aligned	User access policies and procedures...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.AC-1	Identity and Access Management Policy	Aligned	User access policies and procedures should be established, a...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.AC-1	Identity and Access Management Policy	Aligned	User access policies and procedures should be established, a...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.AC-4	Information Access Enforcement	Aligned	Access restrictions to prevent inappropriate disclosure...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.AC-4	Information Access Enforcement	Aligned	organization’s information systems should be appropriately s...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.IP-3	Malicious Code Protection	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
DE.CM-1	Asset Inventory	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
DE.CM-4	Malware Protection	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.RA-1	Risk Assessment	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.RA-6	Threat Intelligence	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.IP-	Information Protection Processes and Procedures	Aligned	business processes and technical measures implemented...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.SC-3	Supply Chain Risk Management	Aligned	Supply Chain Risk Management \| Supply Chain Controls & Proce...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.SC-3	Supply Chain Risk Management	Aligned	Supply Chain Risk Management \| Supply Chain Risk Management...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.SC-4	Monitoring and Review of Supplier Services	Aligned	Monitoring and Review of Supplier Services...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.AM-2	Inventory of Assets	Aligned	Configuration Management \| System Component Inventory...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.AM-4	Ownership of Assets	Aligned	Configuration Management \| System Component Inventory...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.IP-7	Information Security Continuous Monitoring	Aligned	Events that may precipitate an update to identification and ...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
PR.AC-7	Remote Access	Aligned	Physical & Environmental Protection \| Personnel Screening...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf
ID.RA-2	Incident Response	Aligned	System & Information Integrity \| Security Alerts, Advisories...	anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf

anonymized_6.0_IS_Data_Security_Policy_1.pdf CIS

7 matches found

Document Content

Matched Section

Section: 1.8 DATA RETENTION and 1.9 ROLES & RESPONSIBILITIES
Content: Data retention policies are driven by legal and regulatory requirements. The Data Owner should ensure that data is retained as it pertains to Global, Federal, State and Local statutes and regulations and/or requirements. Role Responsibility Chief Information Security Officer l Periodic update and distribution of this policy. Data Owner l Assigning appropriate classification to the data. l Monitoring and reviewing data and its classification periodically. l Approving access to the data in accordance with Access control policy. l Ensuring that appropriate data labelling and handling requirements are followed.

AI Justification

The section discusses the responsibilities of the Data Owner in relation to data retention, classification, and handling, which aligns with the need for a documented data management process.

Document Content

Matched Section

AI Justification

The text discusses the need for a periodical review of standards and associated documents, which aligns with the requirement to maintain a documented secure configuration process and review it annually.

anonymized_7.0_IS_Asset_Management_Policy.pdf CIS

9 matches found

Document Content

Matched Section

Section: Inventory of Assets
Content: All relevant Test information and information processing Assets should be identified, and an inventory of these assets maintained to ensure effective protection through creation, processing, storage, transmission, deletion, and eventual destruction. The asset inventory should be maintained within a centralized repository and official system of record (SOR).

AI Justification

The chunk discusses maintaining an inventory of assets, including software, which aligns with the requirement to establish and maintain a detailed inventory of licensed software.

Document Content

Matched Section

AI Justification

The section discusses maintaining an inventory of software applications used within the organization, which aligns with the control's focus on utilizing software inventory tools for documentation.

Document Content

anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf CIS

7 matches found

Document Content

Matched Section

Section: 1.9 DATA PROTECTION REQUIREMENTS
Content: All data being moved or added to Cloud Services should be classified, protected, and retained in accordance with the Data Security and Information Security policies. Cloud Service providers should implement adequate data destruction procedures to ensure protection of data throughout the service lifecycle. When data is no longer needed or has exceeded the requirement retention period, the data should be destroyed from the cloud environment in accordance with its classification.

AI Justification

The chunk discusses the classification, protection, retention, and destruction of data, which aligns with establishing a documented data management process.

Document Content

Matched Section

Section: IT Asset (NEW) and other assets Retirement and Disposal
Content: a) Define an asset disposal procedure encompassing identification of assets, assessment of assets, approval, disposal methods, and reporting. b) Establish data security procedures to protect sensitive (classification internal, confidential, restricted) data when assets are planned to be retired.

AI Justification

The chunk discusses the establishment of procedures for asset disposal and data security, which aligns with the need for a documented data management process that includes handling of data and disposal requirements.

Document Content

Matched Section

Section: MAINTAINANCE
Content: A periodical review for this standard and the associated core documents should be performed to identify and implement measures for improvement. The minimal interval for this review is annually from the date of last approval.

AI Justification

The chunk mentions the need for a periodical review of standards and associated documents, which aligns with the requirement to review and update documentation annually.

Document Content

Matched Section

11 matches found

Document Content

Matched Section

Section: Software
Content: Use of software for Test work or development should be properly licensed for Test and used only under the terms and conditions of the licenses. Never disable, uninstall, or stop the execution of firm applications and software.

AI Justification

The section emphasizes the importance of using properly licensed software and not disabling or uninstalling firm applications, which aligns with ensuring unauthorized software is removed or documented.

Document Content

Matched Section

The section discusses the disposal of sensitive information, including paper documents and electronic media, which aligns with the control's focus on logging access and disposal of sensitive data.

Document Content

Matched Section

The text discusses the need for individual access to be justified and the prevention of shared credentials, which aligns with maintaining an inventory of accounts and ensuring authorized access.

anonymized_2.1_IS_Acceptable_Use_Standard.pdf CIS

3 matches found

Document Content

Matched Section

Section: V. Bring Your Own Device
Content: Mandatory security controls and safeguards have been identified by Test for managing security for personally owned devices registered, provisioned, and authorized to connect to Test’s network. By participating in Test’s BYOD program, the User agrees to the following: a. Wiping or removal of data of User’s device. 1. User agrees that designated staff can, under certain circumstances, remotely copy, wipe, or otherwise remove all data from his or her personal device. This includes all personal data such as contact information, photos, and personal emails if the personal data is stored or processed by a Test managed application.

AI Justification

The section outlines the process of wiping or removing data from personal devices, which aligns with the requirement for securely disposing of data as per the documented data management process.

Document Content

Matched Section

Section: 1.3 RULES OF BEHAVIOR (ROB) - Acceptable Use
Content: Data processing using Test-authorized encrypted removable media (USB drives, external hard drives).

AI Justification

The section explicitly mentions the use of Test-authorized encrypted removable media for data processing.

Document Content

Matched Section

Section: V. Bring Your Own Device
Content: 1. User agrees that designated staff can, under certain circumstances, remotely copy, wipe, or otherwise remove all data from his or her personal device.

AI Justification

The section explicitly mentions the ability to remotely wipe data from personal devices under certain circumstances, which aligns with the control's requirement for enterprise-owned devices.

anonymized_2.0_IS_Acceptable_Use_Policy.pdf CIS

2 matches found

Document Content

Matched Section

Section: 1.17 EXCEPTION
Content: Exceptions to the policy should be approved by InfoSec in advance. The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy. In exceptional cases Divisions & Functions may implement a lower protection level to adequately address the related information security risk. In such cases, Test's policy exception process should be followed and applied. Exceptions to this policy can be requested by submitting a policy exception form in the ServiceNow portal. The request should contain the supporting information requested below, and should be approved by the Department Manager (not lower than director level) and the CISO or his/her designee: 1. Policy statement requiring the exception. 2. Exception duration. Provide detailed information.

AI Justification

The chunk discusses the process of requesting exceptions to policies, which aligns with the management of software that may not be currently supported but is necessary for the enterprise's mission.

Document Content

Matched Section

Section: Access Control Policy
Content: A.9.1.1 Access Control Policy

AI Justification

The control requires the establishment of an access control policy that aligns with the need to configure data access control lists based on user requirements.

Document Content

Matched Section

Section: Information Access Restriction
Content: A.9.4.1 Information Access Restriction

AI Justification

This control emphasizes the need to restrict access to information based on user roles and responsibilities, which aligns with the concept of applying data access control lists.

Document Content

Matched Section

AI Justification

The text discusses the need for cryptographic protection for sensitive information, indicating a requirement for encryption.

Document Content

Matched Section

Section: NIST CSF Subcategory Control Reference
Content: A.8.2.2 Labeling of Information

AI Justification

The control aligns with the need to establish a data classification scheme, which includes labeling data as 'Sensitive,' 'Confidential,' or 'Public.'

Document Content

Matched Section

anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf CIS

3 matches found

Document Content

Matched Section

Section: Evidence Retention and Documentation
Content: Although the primary reason for gathering evidence during an incident is to resolve the incident, the severity and sensitivity of the incident may also deem it necessary hold evidence for legal proceedings. In such cases, it is important to clearly document how all evidence, including compromised systems, has been preserved.

AI Justification

The text discusses the importance of retaining evidence for legal proceedings and the need to document how evidence is preserved, which aligns with data retention policies.

Document Content

Matched Section

AI Justification

The guidelines for incident categorization align with the need to establish and maintain a data classification scheme, as they involve classifying incidents based on their severity and sensitivity levels.

Document Content

Matched Section

anonymized_15.0_IS_Incident_Management_Policy_1.pdf CIS

1 matches found

Document Content

Matched Section

Section: Record Retention
Content: Test information security team shall maintain the incident logs and corresponding documentation for a minimum of one year following the discovery of an incident or until an investigation is completed.

AI Justification

The text discusses maintaining incident logs and documentation, which aligns with logging sensitive data access and actions taken during incidents.

anonymized_20.0_IS_Risk_Management_Policy_2.pdf CIS

0 matches found

No detailed analysis available for this document.

anonymized_6.0_IS_Data_Security_Policy_1.pdf NIST

91 matches found

Document Content

Matched Section

Section: Service Set Identifier (SSID)
Content: SSID is a case sensitive, 32 alphanumeric character unique identifier attached to the header of packets sent over a wireless local-area network (WLAN) that acts as a password when a mobile device tries to connect to the basic service set (BSS) -- a component of the IEEE 802.11 WLAN architecture.

AI Justification

The chunk discusses the SSID, which is a critical component of wireless network authentication and access control, aligning with the control's focus on wireless technologies and authentication protocols.

Document Content

Matched Section

AI Justification

The responsibilities of Data Custodians include assigning and removing access to user or service accounts, which aligns with the requirements for managing system accounts and access privileges.

Document Content

Matched Section

Section: Restricted Data
Content: Restricted Data is characterized as sensitive data that is intended for a very limited group of individuals. This level contains data, which if disclosed would provide access to business secrets and could jeopardize material interests or actions of Test or its clients and could lead to material personal or financial detriment if revealed to unauthorized persons.

AI Justification

The chunk discusses characteristics of Restricted Data, which aligns with the control's focus on information that may be restricted and the implications of sharing such information.

Document Content

Document Content

Document Content

Matched Section

Section: 1.9 ROLES & RESPONSIBILITIES
Content: Data Owner l Approving access to the data in accordance with Access control policy.

AI Justification

The responsibilities of the Data Owner include approving access to data in accordance with the access control policy, which is a key aspect of access control.

Document Content

Matched Section

Section: 1.4 DATA CUSTODIAN RESPONSIBILITIES
Content: Data Custodians have overall responsibility for technical controls over Information Assets including the following responsibilities: a) Assign and remove access to user or service accounts based upon the direction of the Data Owner. b) Record all information provided and access granted to users or services. c) Implement appropriate physical and technical safeguards to protect the confidentiality, integrity, and availability of the Information Asset. d) Provide training, by means of informational bulletins, to Data Owners concerning their responsibilities. e) Provide technical expertise to Data Owners concerning the identification of security risks and/or compensating controls pertaining to service providers. f) The Data Custodian will change or adjust data only upon written direction from a Data Owner. Exceptions will be made for Non-Key Applications upon sign off by the Data.

AI Justification

The responsibilities outlined for Data Custodians include aspects of accountability and control over information assets, which aligns with the need for audit and accountability policies.

Document Content

Matched Section

The text discusses managed interfaces and boundary protection mechanisms, which directly aligns with the control SC-7 regarding the management of interfaces and network boundaries.

Document Content

Matched Section

AI Justification

The text discusses the importance of policies and procedures related to system and information integrity, emphasizing the need for regular reviews and the handling of exceptions, which aligns with the control's focus on establishing such policies and procedures.

Document Content

The chunk discusses the characteristics of Restricted Data, which aligns with the concept of unauthorized disclosure of sensitive information, as outlined in AU-13.

Document Content

Matched Section

Section: 1.7 PROTECTION OF LOG INFORMATION
Content: a) Test should establish controls to maintain the confidentiality, integrity, and non-repudiation of log information. The log information may be subjected to these operational problems: i. Alterations to the message types. ii. Log files being edited or deleted. iii. Storage capacity of the log file media being exceeded, resulting in either the failure to record events or over-writing of past recorded events.

AI Justification

The section discusses the protection of log information, which aligns with the need for coordinated audit logging across organizations as described in AU-16.

Document Content

Matched Section

AI Justification

The section discusses the importance of maintaining the confidentiality, integrity, and non-repudiation of log information, which aligns with the requirements for logging significant events as outlined in AU-2.

Document Content

The text implies the need for contingency plans as part of the broader contingency planning policies and procedures.

Document Content

Matched Section

AI Justification

The responsibilities outlined for Data Custodians include implementing safeguards to protect the integrity and confidentiality of Information Assets, which aligns with the requirements for protecting system-level information and backups.

Document Content

Matched Section

AI Justification

The chunk discusses unique identifiers for devices (SSID) and mentions protocols (SNMP) that relate to device management and identification, aligning with the need for unique device identification and authentication.

Document Content

Matched Section

AI Justification

The chunk discusses unique identifiers such as SSID and their role in network access, which aligns with the management of individual identifiers as described in IA-4.

Document Content

Matched Section

The responsibilities outlined for Data Custodians include managing access and implementing safeguards, which aligns with the need for authorized maintenance personnel to have appropriate access and technical competence.

Document Content

Matched Section

Section: 1.4 DATA CUSTODIAN RESPONSIBILITIES
Content: Data Custodians have overall responsibility for technical controls over Information Assets including the following responsibilities: c) Implement appropriate physical and technical safeguards to protect the confidentiality, integrity, and availability of the Information Asset.

AI Justification

The section discusses the responsibilities of Data Custodians to implement physical safeguards, which is relevant to the physical access control for maintenance personnel.

Document Content

Matched Section

Document Content

Matched Section

Section: 1.1 SCOPE & APPLICABILITY
Content: Appropriate security controls should be implemented to protect Test¢s information resources. A data classification scheme should be designed to ensure that all data is classified in accordance to its criticality, sensitivity and people dealing with it are aware of how to handle and protect it. This policy is applicable to all Test employees, contractors, consultants, temporary contingency workers, and other employees at Test, including all personnel affiliated with third parties who access, process, or store the organization's data.

AI Justification

The text discusses the importance of personnel security policies and procedures, emphasizing their role in protecting information resources and ensuring that all personnel are aware of their responsibilities regarding data handling.

Document Content

Document Content

The text discusses the importance of policies and procedures related to system and communications protection, aligning with the requirements of SC-1.

Document Content

The text mentions responsibilities related to auditing information systems for compliance, which aligns with the requirements for audit record review and analysis.

Document Content

Matched Section

AI Justification

The text discusses the importance of configuration management policies and procedures, including the approval process for exceptions, which aligns with the requirements of CM-1.

Document Content

Matched Section

Section: Scope
Content: Test should define, document, implement, and maintain policies to control the access to and use of their information resources.

AI Justification

The text discusses the need to define, document, implement, and maintain policies related to the access and use of information resources, which aligns with understanding where information is processed and stored.

Document Content

Matched Section

The chunk discusses the use of removable storage devices and the associated risks, which aligns with the definition of system media and the need for access control.

Document Content

Matched Section

AI Justification

The chunk discusses the use of removable storage devices and the associated risks, aligning with the control's focus on managing and securing media.

Document Content

Matched Section

AI Justification

The chunk discusses the use of removable storage devices and the associated risks, aligning with the control's focus on restricting and managing the use of system media.

Document Content

Matched Section

AI Justification

The text discusses the importance of policies and procedures related to physical and environmental protection, including the approval process for exceptions, which aligns with the requirements of control PE-1.

Document Content

Matched Section

AI Justification

The text discusses the need for policies and procedures regarding exceptions to security policies, which aligns with the planning and implementation of controls.

Document Content

Matched Section

Section: Rules of behavior for organizational users
Content: These rules are in place to protect the employee and Test. Inappropriate use exposes Test and the employee to risks including virus attacks, compromise of network systems and services, and legal issues. It is the responsibility of every employee to know these guidelines, and to conduct their activities accordingly.

AI Justification

The text discusses the importance of rules of behavior for employees to protect both the organization and the individual from various risks.

Document Content

Matched Section

AI Justification

The chunk discusses user responsibilities regarding the use of systems, including monitoring and auditing, which aligns with the need for security and privacy testing and monitoring activities.

Document Content

The text discusses the importance of having policies and procedures for system and services acquisition, including the need for exceptions to be approved, which aligns with the control's focus on policy and procedural requirements.

Document Content

Document Content

Matched Section

Document Content

Matched Section

AI Justification

The section discusses handling requirements for information collection and emphasizes the importance of collecting only necessary information, which aligns with the principles of data mining protection.

Document Content

Matched Section

Matched Section

AI Justification

The chunk discusses the development and implementation of data handling procedures in accordance with an information classification scheme, which aligns with the need for policies and procedures addressing system and information integrity.

Document Content

Matched Section

Section: Disposal (in accordance with Retention Policy)
Content: Notify appropriate personnel in the event paper documents are lost or stolen. Disposal (in accordance with Retention Policy) Paper Place all copies of information in a shredding bin. Place unattended copies of information found after business hours in a shredding bin as well.

AI Justification

The text discusses the procedures for managing and disposing of paper and electronic documents, which aligns with information management and retention requirements.

Document Content

The mention of boundary protection aligns with the control's focus on protecting system boundaries from unauthorized access and changes.

Document Content

Matched Section

The chunk discusses handling requirements and information classification, which aligns with understanding where information is processed and stored.

Document Content

Matched Section

AI Justification

The chunk discusses handling requirements for data collection and emphasizes the importance of collecting only necessary information, which aligns with the control's focus on processing personally identifiable information and understanding its lifecycle.

Document Content

Matched Section

The text discusses handling procedures for information based on its classification, which aligns with the concept of managing information spills as described in control IR-9.

Document Content

Matched Section

Section: Media Protection | Media Marking, Media Storage, Media Transport, Media Sanitization, Media Use, Media Downgrading
Content: Control: MP-1: Media protection policy and procedures address the controls in the MP family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance.

AI Justification

The text discusses the importance of media protection policies and procedures, aligning directly with the control's focus on establishing such policies within organizations.

Document Content

Matched Section

AI Justification

The chunk discusses various aspects of media protection, including digital and non-digital media, which aligns directly with the control's focus on protecting system media.

Document Content

The chunk discusses handling requirements and labeling of information, which aligns with the need for marking hardware components based on their classification and impact level.

Document Content

Matched Section

AI Justification

The mention of permissions controlling output to output devices relates to access enforcement mechanisms.

Document Content

Matched Section

The concept of tailoring controls can also apply to separation of duties to ensure that no single individual has control over all aspects of a process.

Document Content

Matched Section

AI Justification

Tailoring actions can help organizations implement least privilege access controls effectively.

Document Content

Matched Section

AI Justification

The text discusses the importance of defining protection needs and handling requirements for information, which aligns with the control's focus on technology-independent capabilities to counter threats and protect information.

Document Content

Matched Section

AI Justification

The text discusses handling requirements and procedures for different classifications of information, aligning with the safeguarding and dissemination requirements for controlled unclassified information.

Document Content

Document Content

Matched Section

Section: Data transmission should be encrypted.
Content: Encrypt all external file transfers and data connections. This includes the email itself, email attachments, CDs, USB flash drives, SFTP, HTTPS, WPA2, etc.

AI Justification

The chunk discusses the handling of external communications and the requirement for encryption, which aligns with the need for managing external providers and their access to sensitive information.

Document Content

Document Content

The text discusses the necessity of a policy for system and communications protection and outlines the process for requesting exceptions to this policy, which aligns with the requirements of SC-1.

Document Content

Matched Section

Section: System & Communications Protection | Collaborative Computing Devices & Applications
Content: Access Control | Remote Access Access Control | Access Control for Mobile Devices Access Control | Use of External Systems AC-1 AC-17 AC-19 AC-20 SC-15 System & Communications Protection | Collaborative Computing Devices & Applications

AI Justification

The chunk explicitly mentions collaborative computing devices and applications, which aligns with the control SC-15 that focuses on the use of such devices and the need for user indication when they are activated.

Document Content

Section: Mobile Device Management and Reporting Procedures
Content: If the device is lost or stolen, the user should IMMEDIATELY report this to the Information Security Department and IT Department so they can remotely wipe or remove all data from the device. This applies even if the user has misplaced the device and knows where it is located.

AI Justification

The section discusses the responsibilities of users regarding the protection of mobile devices, including reporting lost or stolen devices and ensuring proper data management.

Document Content

Matched Section

Section: Mobile Device Management and Reporting Procedures
Content: Also, if the user decides to replace or upgrade the device, the user should report this as well. The IT Department will make arrangements to wipe the old device.

AI Justification

The section addresses the management of mobile devices, including reporting procedures for lost devices and the handling of data storage, which aligns with the requirements for mobile device controls.

Document Content

Matched Section

Document Content

Matched Section

The chunk discusses the importance of maintaining security through updates and reporting issues related to automatic updates, which aligns with the need to remediate system flaws.

Document Content

Matched Section

Section: Section 4: Posting Test information on public Internet sites and other unacceptable uses of Test’s Systems.
Content: Opening commercial email attachments on any email systems (e.g., Yahoo, Hotmail, Gmail, etc.) other than Test’s email system. Unauthorized downloading of software and/or files from Internet. The installation and use of peer-to-peer file sharing applications such as BitTorrent on Test systems. Using Test’s Internet to deliberately propagate any virus, worm, or any other code with malicious intent such as spyware, hacking tools, and Trojans.

AI Justification

The text discusses various methods and technologies to protect against malicious code, which aligns with the control's focus on system entry and exit points and the types of malicious code.

Document Content

Matched Section

The chunk discusses the wiping or removal of data from personal devices, which aligns with the control's focus on data disposal at any time during the system development life cycle.

Document Content

Matched Section

Section: 2.1 Acceptable Use Standard
Content: The information contained herein is the property of Test Freres & Co. LLC (“Test") and may not be copied, used or disclosed in whole or in part, stored in a retrieval system or transmitted in any form or by any means (electronic, mechanical, reprographic, recording or otherwise) outside of Test without prior written permission.

AI Justification

The section discusses the confidentiality of the document and the restrictions on copying, using, or disclosing the information contained within it, which aligns with the control's focus on preventing unauthorized disclosure.

Document Content

The text discusses the importance of maintenance policies and procedures in addressing security and privacy assurance, which aligns with the control's focus on establishing such policies.

Document Content

Matched Section

AI Justification

The text discusses the importance of media protection policies and procedures, including the approval process for exceptions, which aligns with the requirements of MP-1.

Document Content

Document Content

Matched Section

Section: Risk Assessment | Security Categorization
Content: Risk Assessment | Security Categorization

AI Justification

The chunk discusses the process of security categorization, its importance in understanding potential adverse impacts, and the involvement of various organizational roles, which aligns directly with the control's focus on categorizing security risks.

Document Content

Matched Section

Section: Risk Assessment | Security Categorization
Content: Control: RA-5: Security categorization of information and systems guides the frequency and comprehensiveness of vulnerability monitoring (including scans). Organizations determine the required vulnerability monitoring for system components, ensuring that the potential sources of vulnerabilitiesâ€šÃ„Ã®such as infrastructure components (e.g., switches, routers, guards, sensors), networked printers, scanners, and copiersâ€šÃ„Ã®are not overlooked.

AI Justification

The text discusses the importance of vulnerability monitoring, including the categorization of information and systems, and the processes involved in identifying and addressing vulnerabilities.

Document Content

Matched Section

AI Justification

The text emphasizes the role of security categorization in guiding vulnerability monitoring efforts.

Document Content

Matched Section

Section: Risk Assessment | Security Categorization
Content: The capability to readily update vulnerability monitoring tools as new vulnerabilities are discovered and announced and as new scanning methods are developed helps to ensure that new vulnerabilities are not missed by employed vulnerability monitoring tools.

AI Justification

The text mentions the need for continuous monitoring and assessment of vulnerabilities, which aligns with the principles of risk assessment.

Document Content

The text discusses the importance of managing relationships with suppliers and the need for oversight and documentation regarding third-party relationships, which aligns with the principles of Supply Chain OPSEC.

Document Content

Matched Section

Section: DOCUMENT CLASSIFICATION
Content: DOCUMENT CLASSIFICATION Confidential

AI Justification

The document classification as 'Confidential' and the restrictions on copying, using, or disclosing the information align with the control's focus on preventing unauthorized disclosure of sensitive information.

Document Content

Matched Section

The section outlines the responsibilities for information security, including risk management and accountability, which aligns with the need for conducting impact analyses as described in control CM-4.

The chunk explicitly mentions the role of the senior agency information security officer, which aligns directly with the control PM-2.

Document Content

Matched Section

The text discusses the importance of risk assessment policies and procedures, emphasizing their role in security and privacy assurance, which aligns with the RA-1 control.

Document Content

Matched Section

AI Justification

The text discusses the importance of defining information security responsibilities and the allocation of these responsibilities within business units, which aligns with the concept of security categorization and its impact on organizational operations and assets.

Document Content

Matched Section

Section: Policy
Content: Statement of intent that is implemented as a procedure or protocol.

AI Justification

The chunk discusses the organization's approach to risk management, including the need for procedures and protocols to address risk, which aligns with the control's focus on responding to risk.

Document Content

Matched Section

Document Content

Matched Section

The chunk discusses the establishment of supplier management plans, which aligns with the need for agreements and procedures to facilitate communication among supply chain entities.

Document Content

Matched Section

AI Justification

The text discusses the importance of having policies and procedures for assessment, authorization, and monitoring, as well as the process for handling exceptions to these policies.

Document Content

Document Content

Matched Section

Section: 1.2 Endpoint Security Device Management
Content: c) All users should be authenticated prior to accessing the organization’s resources.

AI Justification

The chunk discusses the importance of authentication and security measures for endpoint devices, which relates to the management of device identifiers.

Document Content

Matched Section

Section: 1.2 Endpoint Security Device Management
Content: c) All users should be authenticated prior to accessing the organization’s resources.

AI Justification

The chunk emphasizes user authentication and the management of user access to resources, which aligns with account management practices.

Document Content

Matched Section

The chunk emphasizes the need for user authentication prior to accessing organizational resources, aligning with the requirements for identification and authentication.

Document Content

The text discusses the importance of policies and procedures related to personally identifiable information, including the need for approval for exceptions and the establishment of security requirements.

Document Content

Matched Section

Section: Chunk: 1.6
Content: EXCEPTION Exceptions to the policy should be approved by InfoSec in advance. The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy. In exceptional cases Divisions & Functions may implement a lower protection level to adequately address the related information security risk. In such cases, Test's policy exception process should be followed and applied. Exceptions to this policy can be requested by submitting a policy exception form in the ServiceNow portal. The request should contain the supporting information requested below, and should be approved by the Department Manager and the CISO or his/her designee: 1. Policy statement requiring the exception.

AI Justification

The text discusses the importance of risk assessment policies and procedures, including how exceptions to these policies should be handled, which aligns with the control's focus on risk management strategies.

Document Content

Matched Section

Section: 1.6
Content: Exceptions to the policy should be approved by InfoSec in advance. The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy.

AI Justification

The text discusses the importance of policies and procedures related to system and services acquisition, including the need for approvals and the process for exceptions, which aligns with the requirements of SA-1.

Document Content

Matched Section

AI Justification

The text discusses the derivation of security and privacy requirements, including the ability to define and implement stronger security requirements, which aligns with the concept of deriving functional requirements as stated in SA-4.

Document Content

Matched Section

Section: Endpoint Security Device Management
Content: a) Test should follow its mobile device security standards as outlined in the Test IS 7.2 End User Device Standard. b) System threat models frameworks (e.g., the OWASP Threat Model Framework) for mobile devices and the resources that are accessed through the mobile devices should be followed. c) All users should be authenticated prior to accessing the organization’s resources. Due diligence should be conducted; forgotten passwords should be reset, and devices should automatically lock after idle time. d) Endpoint device security should be regularly maintained. e) Each organization-issued endpoint device should be fully secured before allowing a user to access it. f) Aspects of endpoint device solution that should be evaluated. 1. protection, 2. authentication, 3. application functionality, 4. solution management, 5. logging, and performance.

AI Justification

Document Content

Matched Section

The text mentions the need to retrieve or destroy internal information from devices used by terminated employees, which relates to information management and retention.

Document Content

Matched Section

The text refers to monitoring devices employed at managed interfaces associated with controls, including AC-17.

Document Content

Matched Section

The mention of Security Awareness Training for employees aligns with the need for a structured training program as outlined in this control.

Document Content

Matched Section

Section: 1.4 NEW HIRE IDS & PASSWORDS
Content: Network Administrators create network login IDs and administer network-level permissions granted to each employee for perimeter-level security.

AI Justification

The chunk describes the administration of network login IDs and permissions, which relates to enforcing access controls.

Matched Section

Section: Awareness & Training | Role-based Training
Content: Incident response training includes user training in identifying and reporting suspicious activities from external and internal sources.

AI Justification

The mention of user training in identifying and reporting suspicious activities aligns with the objectives of control AT-3, which focuses on role-based training.

Document Content

Matched Section

The text emphasizes the need for controls based on risk assessments, which directly relates to restricting access to sensitive information.

Document Content

Matched Section

The text discusses the importance of defining roles and responsibilities, ensuring expertise in critical functions, and monitoring compliance, which aligns with the need for personnel security policies and procedures.

Document Content

Matched Section

Section: 1.2 SCOPE & APPLICABILITY
Content: This policy is applicable to all Test employees. Third party consultants, contractors and vendors should be held accountable at the same level of security compliance as Test employees.

AI Justification

The section discusses the applicability of security compliance for employees and third-party personnel, which aligns with the need for personnel screening and rescreening activities.

Document Content

Document Content

Matched Section

Section: 1.9 LEAVING Test
Content: Access privileges of employees should be removed from all systems upon termination.

AI Justification

The section emphasizes the need to disable accounts and change access privileges upon termination, which aligns with account management practices.

Document Content

Matched Section

AI Justification

The disciplinary process outlined in the chunk aligns with the need for organizational sanctions that reflect applicable laws and policies, as well as the need for a formal process for violations of information security policies.

Document Content

Matched Section

Section: 1.0 PURPOSE
Content: The purpose of this policy is to ensure that appropriate Information Security measures are taken during the employee lifecycle.

AI Justification

The text discusses the importance of policies and procedures related to personally identifiable information processing and transparency, aligning with the control's focus on these aspects.

Document Content

Document Content

Matched Section

Section: 1.2 SCOPE & APPLICABILITY
Content: Third party consultants, contractors and vendors should be held accountable at the same level of security compliance as Test employees.

AI Justification

The mention of third-party consultants and contractors implies a need for developer screening to ensure trustworthiness and compliance.

Document Content

Matched Section

Matched Section

The text discusses the importance of documented operating procedures, which aligns with the need for audit and accountability policies and procedures that are implemented within systems and organizations.

Document Content

Matched Section

Section: Documented Operating Procedures
Content: Access to the operating procedures should be made available to authorized personnel and contain the classification of Confidential.

AI Justification

The text emphasizes the need for access control to operating procedures and tools, which aligns with access control policies and procedures.

Matched Section

AI Justification

The chunk discusses the importance of reviewing audit logs and maintaining their integrity, which aligns with the need for a coordinated approach to audit logging across organizations.

Document Content

Matched Section

AI Justification

The chunk discusses the importance of reviewing logs and analyzing them for security control updates, which aligns with the need for logging significant events as outlined in AU-2.

Document Content

Matched Section

AI Justification

The mention of sensitive data and personally identifiable information in event logs indicates a need for controls regarding the content of audit records.

Document Content

Document Content

Matched Section

Document Content

Matched Section

Section: Roles and Responsibilities
Content: IT Management l Responsible for developing and maintaining operating procedures. l Responsible for implementation of the policy. Resource Administrator l Responsible for reviewing event logs periodically. l Responsible for installing available patches on the Information Resources in a timely fashion. l Responsible for installing and hardening the resulting software when deploying off-the-shell software. l Responsible for performing periodic back-ups of the Information Resources they have been assigned. Business Unit Security Officer l Responsible for assessing and providing exceptional approvals for the policy.

AI Justification

The text discusses the roles and responsibilities of various personnel, including the IT Management and Business Unit Security Officer, in relation to policy implementation and security oversight, which aligns with the concept of authorizations and accountability outlined in CA-6.

Document Content

Matched Section

Section: Continuous Monitoring of Systems
Content: This software should be configured to continuously monitor the systems and files for characteristics of viruses, worms, spyware, malware, and Trojan Horses, should be capable of generating audit logs and should be installed in 'auto-protect', 'full-time' or 'real-time' mode unless there is an agreed exception for performance reasons by the CIO, CISO or authorized representative.

AI Justification

The chunk discusses the need for software that continuously monitors systems for malicious activities, which aligns with the concept of continuous monitoring outlined in control CA-7.

Document Content

Matched Section

AI Justification

The text discusses the importance of documented operating procedures and their maintenance, which aligns with the need for configuration management policies and procedures.

Document Content

Document Content

Document Content

Matched Section

Matched Section

The text discusses the importance of documented policies and procedures for identification and authentication, which aligns with the requirements for formal documentation and access control.

Document Content

Document Content

Matched Section

Section: Documented Operating Procedures
Content: Access to the operating procedures should be made available to authorized personnel and contain the classification of Confidential.

AI Justification

The text emphasizes the need for access control to operating procedures and tools, which aligns with the requirements for access control policies.

Document Content

Matched Section

Section: Documented Operating Procedures
Content: Access to the operating procedures should be made available to authorized personnel and contain the classification of Confidential.

AI Justification

The chunk discusses access restrictions to operating procedures and tools, which aligns with the control's focus on restricting access to both digital and non-digital media.

Document Content

Matched Section

The text discusses the importance of documented operating procedures and their maintenance, which aligns with the need for policies and procedures in physical and environmental protection.

Document Content

Matched Section

Section: Documented Operating Procedures
Content: Access to the operating procedures should be made available to authorized personnel and contain the classification of Confidential.

AI Justification

The text emphasizes the need for access control to operating procedures and tools, which aligns with access control policies.

Document Content

Matched Section

The text discusses the responsibilities of business unit security officers and IT teams in developing and implementing controls, as well as the training of personnel in proper procedures for using virus detection software, which aligns with the need for organization-wide security and privacy training and monitoring.

Document Content

Document Content

Matched Section

AI Justification

The text discusses the importance of documented operating procedures and the need for policies and procedures to be established and maintained, which aligns with the requirements of personnel security policies.

Document Content

Document Content

Matched Section

Section: Documented Operating Procedures
Content: Access to the operating procedures should be made available to authorized personnel and contain the classification of Confidential.

AI Justification

The text emphasizes the need for access control to operating procedures and tools, which aligns with access control policies.

Document Content

Matched Section

Section: Threat Hunting
Content: software installed and active. This software should be configured to continuously monitor the systems and files for characteristics of viruses, worms, spyware, malware, and Trojan Horses, should be capable of generating audit logs and should be installed in "auto-protect", "full-time" or "real-time" mode unless there is an agreed exception for performance reasons by the CIO, CISO or authorized representative.

AI Justification

The text discusses the need for software to monitor systems for malicious code, which aligns with the proactive nature of threat hunting as described in RA-10.

Document Content

Matched Section

The text emphasizes the need for configuration control to track authorized changes and prevent unauthorized changes.

Document Content

Matched Section

Section: Section i) Company personnel should be trained in the proper procedures for using virus detection software and responding to a virus, worm, Trojan horse, malware, etc.
Content: Company personnel should be trained in the proper procedures for using virus detection software and responding to a virus, worm, Trojan horse, malware, etc. This training information should be included in the overall training and awareness program that is the responsibility of Information Security.

AI Justification

The text discusses the importance of training personnel in the proper procedures for using virus detection software, which aligns with the need for training as outlined in SA-16.

Document Content

Matched Section

Section: Technical Vulnerability Management
Content: The purpose of a patch management system is to highlight, classify and prioritize any missing patches on an asset.

AI Justification

The chunk discusses the management of technical vulnerabilities and the importance of a patch management system, which aligns with the need for support for system components, including software patches.

Document Content

Matched Section

AI Justification

The chunk discusses the importance of documented operating procedures and access controls, which align with the need for security and privacy functional requirements as outlined in SA-4.

Document Content

Document Content

Matched Section

Section: 1.2 REQUIREMENT Documented Operating Procedures
Content: d) Possession, distribution or use of password cracking software, hacking tools, software reverse engineering tools, and network diagnostic, monitoring and scanning tools is restricted to designated and authorized personnel in accordance with their job responsibilities.

AI Justification

The restriction on the possession, distribution, or use of certain tools aligns with the need for control over access to sensitive tools.

Document Content

Matched Section

AI Justification

The text discusses the importance of documented operating procedures and policies related to system and communications protection, aligning with the requirements of SC-1.

Document Content

Matched Section

Document Content

Matched Section

Document Content

Matched Section

AI Justification

The text discusses the importance of policies and procedures related to system and information integrity, which aligns with the requirements of control SI-1.

Document Content

Matched Section

AI Justification

The chunk discusses the use of cryptographic technology, encryption-in-transit, and the verification of integrity and authenticity of transmitted information, which aligns with the control's focus on protecting transmitted information.

Document Content

Matched Section

AI Justification

The mention of using digital signature certificates to verify the authenticity or integrity of transmitted sensitive information directly relates to ensuring the confidentiality and integrity of transmitted data.

Document Content

Matched Section

AI Justification

The use of authentication and network/transport layer encryption for wireless connections to prevent unauthorized access aligns with the control's focus on protecting the confidentiality and integrity of transmitted information.

Document Content

The text discusses the importance of policies and procedures related to security and privacy, which aligns with the control's focus on establishing such policies and procedures for assessment, authorization, and monitoring.

Document Content

Matched Section

Section: Program Management | Security & Privacy Workforce
Content: Control: CA-6: Authorizations are official management decisions by senior officials to authorize operation of systems, authorize the use of common controls for inheritance by organizational systems, and explicitly accept the risk to organizational operations and assets, individuals, other organizations, and the Nation based on the implementation of agreed-upon controls.

AI Justification

The text discusses the authorization process by senior officials, which aligns directly with the CA-6 control regarding official management decisions to authorize systems and accept associated risks.

Document Content

Matched Section

Section: 1.1 PURPOSE
Content: The purpose of this policy is to ensure that Test data is protected by means of cryptographic controls during storage, processing, and transmission. This policy defines the requirements for the use of cryptographic techniques to protect Information Assets and sensitive application systems that store, process, or transmit Company Confidential and Company Restricted information.

AI Justification

The text discusses the importance of having policies and procedures for configuration management, which aligns with the control's focus on establishing such policies and procedures.

Document Content

Matched Section

The chunk discusses the use of digital signature certificates and encryption for authentication and data integrity, which aligns with the requirements for authenticators and their management.

Document Content

Matched Section

AI Justification

The mention of using authentication and encryption for wireless connections aligns with the control's focus on safeguarding authenticators.

Document Content

Matched Section

AI Justification

The chunk discusses the use of digital signature certificates for verifying authenticity, which aligns with the identification and authentication methods described in control IA-9.

Document Content

Matched Section

AI Justification

The mention of digital signature certificates for verifying the authenticity of information relates directly to the identification and authentication methods outlined in IA-9.

Document Content

Matched Section

AI Justification

The reference to authentication and encryption for wireless connections aligns with the control's focus on identification and authentication methods.

Document Content

Matched Section

Section: Incident Response Policy and Procedures
Content: Exceptions to the policy should be approved by InfoSec in advance. The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy.

AI Justification

The text discusses the importance of incident response policies and procedures, including how exceptions to these policies should be handled, which aligns with the control's focus on establishing and managing incident response policies.

Document Content

Matched Section

Document Content

Matched Section

Section: 1.13 CONTROL REFERENCES
Content: Control: MP-3: Security marking refers to the application or use of human-readable security attributes. Digital media includes diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), flash drives, compact discs, and digital versatile discs. Non-digital media includes paper and microfilm. Controlled unclassified information is defined by the National Archives and Records Administration along with the appropriate safeguarding and dissemination requirements for such information and is codified in 32 CFR 2002. Security markings are generally not required for media that contains information determined by organizations to be in the public domain or to be publicly releasable. Some organizations may require markings for public information indicating that the information is publicly releasable. System media marking reflects applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.

AI Justification

The chunk discusses security marking and the application of security attributes to various types of media, which aligns directly with the control's focus on security marking.

Document Content

Document Content

Matched Section

Section: 1.13 CONTROL REFERENCES
Content: NIST SP 800-53 Rev 5 Media Protection | Media Use

AI Justification

The chunk discusses the restrictions and protections related to the use of various types of media, including portable storage devices, which aligns with the requirements of MP-7.

Document Content

Matched Section

The text discusses establishing trust relationships between computers, which aligns with the management of external system services and the associated risks.

Document Content

Matched Section

AI Justification

The chunk discusses the importance of policies and procedures related to cryptographic controls for protecting sensitive information, which aligns with the SC-1 control that emphasizes the need for a system and communications protection policy.

Document Content

Matched Section

Section: 1.4 KEY MANAGEMENT
Content: a. Key management procedures for secure key generation, ownership, distribution, archival, storage and revocation should be established to protect the keys throughout their lifecycle.

AI Justification

The chunk outlines key management procedures, including secure key generation, ownership, distribution, and protection against unauthorized use, which aligns with the requirements of SC-12.

Document Content

Document Content

Matched Section

Document Content

Matched Section

AI Justification

The mention of using approved removable storage devices that support password protection and encryption aligns with protecting information at rest.

Document Content

The text discusses the importance of assessment, authorization, and monitoring policies and procedures, which aligns directly with control CA-1.

Document Content

Matched Section

Section: Authorization and Approval Procedures
Content: A record of all approved requests should be maintained by the CISO or his/her designee and be available on request. In emergency situations, exceptions to this policy can be approved by the business unit’s IT Director, the CIO, and the CISO or his/her designee without following the above procedures.

AI Justification

The text discusses the maintenance of a record of approved requests and the authorization process involving senior officials, which aligns with the requirements for authorizations as outlined in CA-6.

Document Content

Matched Section

Section: Overview and Scope & Applicability
Content: The purpose of this Policy document is to: i. Describe general security controls concerning desktop and end-user device security. ii. Define desktop and end-user device security access controls. iii. Explain monitoring activities that support desktop and end-user device security.

AI Justification

The section discusses monitoring activities that support desktop and end-user device security, which aligns with the continuous monitoring requirements outlined in CA-7.

Document Content

Matched Section

The mention of enforcing password protection and the management of local accounts relates to the establishment of rules of behavior for users.

Document Content

Matched Section

AI Justification

The text discusses the importance of incident response policies and procedures, including their development and the factors influencing them, which aligns with the control's focus on establishing such policies.

Document Content

Matched Section

The text discusses the importance of physical and environmental protection policies and procedures, including their development and the factors influencing them.

Document Content

Document Content

Document Content

Matched Section

Section: Chunk: 1.4
Content: The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy.

AI Justification

The text discusses the importance of risk assessment policies and procedures, including their development and the need for collaboration between security and privacy programs.

Document Content

Document Content

Matched Section

AI Justification

The text discusses the importance of contingency planning policies and procedures, which aligns with the control CP-1 that emphasizes the need for such policies in organizations.

Document Content

Matched Section

Section: Recovery
Content: In recovery, system administrators restore systems to normal operation and (if applicable) remediate vulnerabilities to prevent similar incidents. Recovery efforts, generally carried out by IT personnel, should not commence until approved by the Information Security team and a full backup of the impact systems have been taken for archival and evidential purposes.

AI Justification

The text discusses recovery activities, including restoring systems to normal operation and remediation efforts, which aligns with the control's focus on executing contingency plan activities to restore organizational mission and business functions.

Document Content

Matched Section

AI Justification

The text discusses recovery processes and the importance of restoring systems to normal operation, which aligns with the need for alternative security mechanisms to ensure continuity of operations.

Document Content

Matched Section

Section: Contingency planning for systems is part of an overall program for achieving continuity of operations
Content: Control: CP-2: Contingency planning for systems is part of an overall program for achieving continuity of operations for organizational mission and business functions. Contingency planning addresses system restoration and implementation of alternative mission or business processes when systems are compromised or breached.

AI Justification

The text discusses the need for developing strategies for incident containment, which aligns with the principles of contingency planning as outlined in CP-2.

Document Content

The text discusses the categorization of incidents, which aligns with the security categorization process described in RA-2, focusing on the classification of incidents based on their severity and impact.

Document Content

Matched Section

AI Justification

The chunk discusses the preparation phase before an incident, which includes developing predetermined levels of acceptable risk, aligning with the organization's risk response strategies.

Document Content

Matched Section

AI Justification

The text discusses the management of external service providers and the requirements for change requests, which aligns with the control's focus on external system services and the associated responsibilities.

Document Content

The text discusses the importance of maintaining an inventory of supplier service providers, which aligns with the principles of Supply Chain OPSEC by identifying critical information and assessing risks associated with suppliers.

Document Content

Matched Section

Section: Supplier contracts and performance monitoring
Content: All Supplier contracts should include specific performance measurement requirements, metrics and Service Level Agreements. Supplier performance should be monitored and evaluated on a regular basis by Test IT or other departments. The Supplier should inform Test of any suspected or actual security breaches or unauthorized access to a Test system or data within a specific time period and also include information whether an unauthorized access to Test Data may have occurred, Test or Test’s client data may have been exposed and may have been subject in a ransomware situation.

AI Justification

The chunk emphasizes the importance of supplier contracts including performance metrics and the obligation for suppliers to notify Test of any security breaches, which aligns with the need for communication and early notification of compromises in the supply chain.

Document Content

Matched Section

Document Content

Matched Section

Section: 1.7 EXCEPTIONS
Content: Exceptions to the policy should be approved by InfoSec in advance. The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy. In exceptional cases Divisions & Functions may implement a lower protection level to adequately address the related information security risk. In such cases, Test's policy exception process should be followed and applied. Exceptions to this policy can be requested by submitting a policy exception form in the ServiceNow portal. The request should contain the supporting information requested below, and should be approved by the Department Manager (not lower than director level) and the CISO or his/her designee: 1. Policy statement requiring the exception. 2. Exception duration. Provide detailed information.

AI Justification

The text discusses the need for exceptions to the policy and the process for obtaining approval, which aligns with the planning and implementation of policies and procedures.

Document Content

Matched Section

Section: Control: PM-1
Content: An information security program plan is a formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.

AI Justification

The text discusses the importance of an information security program plan, detailing its purpose, implementation, and updates, which aligns directly with control PM-1.

Document Content

Matched Section

The text discusses documenting risk-mitigation actions and tracking them, which aligns with the requirements for plans of action and milestones.

Document Content

Matched Section

Section: Risk Management Strategy and Supplier Risk Assessment
Content: The information security due diligence assessment should document whether Critical, High, Medium, Low risk issues exist with the supplier based on the supplier responses, or whether risks are sufficiently mitigated by the supplier (i.e., residual risk after considering the supplier responses).

AI Justification

The chunk discusses the assessment of risks associated with suppliers and the documentation of risk mitigation actions, which aligns with the organization's risk management strategy.

Document Content

Matched Section

AI Justification

The text discusses the importance of personnel security policies and procedures, including the process for exceptions to these policies, which aligns with the requirements of PS-1.

Document Content

Matched Section

Section: 1.8 ENFORCEMENT/COMPLIANCE
Content: Any User found to have violated any of these policies may be subject to disciplinary action, if such User is an employee, up to and including dismissal or termination of employment. Violation of these policies by anyone other than an employee performing services for Test, including anyone performing services pursuant to a contract, may be grounds for immediate termination. Test may also pursue any other additional rights and remedies it may have against anyone found to be in violation of these policies.

AI Justification

The section outlines the disciplinary actions that may be taken against users who violate policies, which aligns with the control's focus on sanctions reflecting applicable laws and organizational policies.

Document Content

Matched Section

The text discusses the importance of criticality analysis in assessing the risks associated with system components and their impact on organizational missions, which aligns with the principles of RA-9.

Document Content

Document Content

Document Content

Matched Section

Section: 1.4 DUE DILIGENCE SUPPLIER SECURITY RISK REQUIREMENTS
Content: The Supplier Relationship Manager and Relationship Technology Manager should coordinate with InfoSec/ (3rd Party Risk Team) and is responsible for ensuring the supplier or service provider completes the due diligence worksheets or assessments.

AI Justification

The chunk implies the need for assessing the trustworthiness of individuals involved in critical IT systems, which relates to personnel screening.

Document Content

Matched Section

AI Justification

The text discusses the derivation of security and privacy requirements and the flexibility in implementing controls based on organizational needs, which aligns with the essence of SA-4.

Document Content

Matched Section

Section: Control: SA-8: Systems security and privacy engineering principles are closely related to and implemented throughout the system development life cycle.
Content: Control: SA-8: Systems security and privacy engineering principles are closely related to and implemented throughout the system development life cycle (see SA-3). Organizations can apply systems security and privacy engineering principles to new systems under development or to systems undergoing upgrades.

AI Justification

The text discusses the implementation of systems security and privacy engineering principles throughout the system development life cycle, which aligns directly with control SA-8.

Document Content

The chunk discusses access control principles that align with the need to restrict and manage access to sensitive information, similar to the information sharing control which emphasizes the importance of managing access based on classification and sensitivity.

Document Content

Matched Section

AI Justification

The chunk discusses controlling access to information systems and assets for authorized users, which aligns with the requirements of AC-22 regarding access control and management of information.

Document Content

Matched Section

Section: 1.2.1 Access Control
Content: Access to Information Resources should be controlled, based on the business and security requirements and in keeping with the asset’s classification in accordance to Test’s 8.0 IS Asset Management Policy1. Access controls should be deployed on the principle of least privilege to protect the information from unauthorized access.

AI Justification

The chunk discusses access control decisions and the principles of restricting and granting access based on business requirements and least privilege, which aligns with the concept of access control decisions.

Document Content

Matched Section

The chunk discusses the application of appropriate authentication mechanisms for users, which aligns with the identification and authentication control.

Document Content

Matched Section

AI Justification

The chunk discusses the need for strong authentication and secure communications channels, which aligns with protecting session authenticity.

Document Content

Matched Section

Section: Encryption is to be used to protect the confidentiality of remote access sessions.
Content: Encryption is to be used to protect the confidentiality of remote access sessions.

AI Justification

The mention of encryption to protect the confidentiality of remote access sessions aligns with the need to protect information during transmission.

Document Content

Matched Section

The chunk discusses the need for security controls in mobile computing, which aligns with the risks associated with sensor capabilities in mobile devices.

The mention of privileged users understanding their roles and responsibilities aligns with the need for awareness and training regarding security roles.

The policy outlines requirements for controlling access to information systems and assets, which aligns with the Access Control Policy control.

Document Content

Matched Section

AI Justification

The policy discusses the management of access based on roles and the periodic review of access privileges, which aligns with Account Management.

Document Content

Matched Section

The chunk references workforce development and training programs, which aligns with the requirements of PM-13.

The text discusses the importance of implementing information access controls to meet legal and regulatory requirements, which aligns with access control policies.

Document Content

Matched Section

Section: i. Privileged users should understand their roles and responsibilities.
Content: i. Privileged users should understand their roles and responsibilities.

AI Justification

The mention of privileged users understanding their roles and responsibilities aligns with account management practices.

Document Content

Matched Section

Section: h. Should ensure that physical access to assets is managed and protected.
Content: h. Should ensure that physical access to assets is managed and protected.

AI Justification

The text refers to managing and protecting physical access to assets, which is relevant to physical and environmental security controls.

Document Content

Matched Section

AI Justification

The chunk discusses the necessity of enhancing systems with strong authentication and secure communication channels, which aligns with the need to maximize trustworthiness as described in SA-23.

The text discusses access control and the management of information resources, which aligns with the concept of security and privacy attributes as they relate to controlling access based on classification and business requirements.

anonymized_9.1_IS_Cryptography_Standards.pdf NIST

96 matches found

Document Content

Matched Section

AI Justification

The text discusses the importance of access control policies and procedures, their development, and their role in security and privacy assurance.

The text discusses the need for cryptographic protection to ensure transactional integrity and protect sensitive information, which aligns with the requirement for session authenticity protection.

Document Content

Matched Section

The mention of access control and separation of duties relates to the principle of least privilege, which is a key aspect of AC-6.

Document Content

Matched Section

The text discusses the importance of identification and authentication policies and procedures, including how they should be developed and the conditions under which exceptions can be made.

Document Content

Matched Section

Document Content

Matched Section

Section: Awareness & Training | Role-based Training
Content: For example, users may only need to know who to call or how to recognize an incident; system administrators may require additional training on how to handle incidents.

AI Justification

The mention of role-based training in the context of incident response aligns with control AT-3, which emphasizes the need for training based on specific roles.

The text discusses the restrictions and protections related to the use of various types of media, including portable storage devices, which aligns directly with the control's focus on media use.

Document Content

Matched Section

The text discusses the importance of an information security program plan, detailing its purpose, implementation, and updates, which aligns directly with the control's description.

Document Content

Matched Section

Document Content

Matched Section

Section: Awareness & Training | Role-based Training
Content: Information Security Awareness, Education and Training

AI Justification

The chunk discusses the importance of training for personnel, which aligns with the requirement for role-based training to ensure effectiveness in security controls.

Document Content

Matched Section

AI Justification

The text discusses enhancing trustworthiness through cryptographic mechanisms, which aligns with the need for system enhancements to support mission-essential services.

Document Content

Matched Section

Section: PURPOSE
Content: Moreover, the business process protection requirement, i.e. Confidentiality, Integrity, and Non-Repudiation, should be documented, typically within a project’s (non-functional) requirements, before cryptographic mechanisms, algorithm, or associated tools and services are implemented.

AI Justification

The mention of cryptographic mechanisms and the need for confidentiality, integrity, and non-repudiation aligns with the requirements for managing cryptographic keys.

Document Content

Matched Section

The chunk discusses the importance of ensuring data confidentiality and integrity through cryptographic mechanisms, which aligns with the requirements for cryptographic key management.

Document Content

Matched Section

Section: 1.1 APPLICABILITY and 1.2 SUPPORTED CRYPTOGRAPHIC ALGORITHMS
Content: This document is applicable to all digital content that is protected or is required to be protected by use of cryptographic techniques within Test. The supported cryptographic algorithms (ciphers) will align with industry standards. Most standards will align with the U.S. NIST Standards including FIPS and exceptions will be reviewed for countries that offer separate standards than is commonly adopted.

AI Justification

The text discusses the use of cryptographic techniques to protect digital content and aligns with the control's focus on employing cryptography for security solutions.

anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf NIST

81 matches found

Document Content

Document Content

Matched Section

AI Justification

The text discusses the importance of training for contractor personnel in security policies, which aligns with the awareness and training policy requirements.

Document Content

Matched Section

Section: Information Security & Privacy Awareness for contractor/consulting contractor
Content: a) Supplier and/or contractor personnel should be trained in Test security policies and are required to be knowledgeable about changes or updates to these policies. b) Security training, including new threats and vulnerabilities, should be required for all developers and system administration staff. c) All personnel with access to Test data should have information security training for their respective roles. d) Refresher training should be required annually. e) All development (contractor)-staff should be trained in secure coding principles and best practices. Training materials are updated on an ongoing basis to include new threats and vulnerabilities. Annual evidence showing that training had been conducted and successfully completed should be provided.

AI Justification

The text discusses the requirement for training contractor personnel in security policies and the need for ongoing updates to training materials, which aligns with the control's focus on literacy training and awareness.

Document Content

Document Content

Document Content

Document Content

Matched Section

Section: Supplier and/or contractor is required to assess the nature of access allowed to an individual user and comply with the requirements in the Test IS 8.0 Access Control & Identity Management policy.
Content: Supplier and/or contractor is required to assess the nature of access allowed to an individual user and comply with the requirements in the Test IS 8.0 Access Control & Identity Management policy.

AI Justification

The text discusses the importance of access control and the need for policies and procedures related to identification and authentication, which aligns with the IA-1 control.

Document Content

Document Content

Matched Section

The text discusses the need for suppliers and contractors to implement physical security measures and access control policies, which aligns with the requirements of PE-1 regarding the establishment of policies and procedures for physical and environmental protection.

Document Content

Matched Section

AI Justification

The text emphasizes the importance of access control policies and procedures, including the need for individual access based on necessity and the prevention of shared credentials, which aligns with the requirements of AC-1.

Document Content

Matched Section

AI Justification

The chunk discusses perimeter security and restrictions on access to sensitive areas, which aligns with the enforcement of authorizations for entry and exit of system components.

Document Content

Matched Section

Section: Perimeter security and access restrictions
Content: a) Perimeter security (monitoring of access, office buildings locked and alarmed when not in use) b) Restrictions on access to sensitive areas within the building (such as server rooms)

AI Justification

The chunk discusses perimeter security and restrictions on access to sensitive areas, which are relevant to physical and environmental hazards.

Document Content

Document Content

Document Content

Matched Section

Section: Information Security & Privacy Awareness for contractor/consulting contractor
Content: Supplier and/or contractor personnel should be trained in Test security policies and are required to be knowledgeable about changes or updates to these policies.

AI Justification

The chunk emphasizes the importance of training personnel in security policies, new threats, and secure coding principles, which aligns with the need for defined knowledge, skills, and abilities for security roles.

Document Content

Matched Section

AI Justification

The chunk discusses the requirement for security training for contractor personnel, which aligns with the need for organization-wide security and privacy training as mentioned in PM-14.

Document Content

Document Content

Matched Section

Section: Term Definitions and Related Documents
Content: Supplier and/or contractor A person or organization that provides something needed such as a product or service. Contractor A person or company that undertakes a contract to provide materials or labor to perform a service or do a job.

AI Justification

The chunk discusses the definitions of suppliers and contractors, which aligns with the control's focus on external providers and their personnel security requirements.

Document Content

Document Content

Matched Section

Document Content

Matched Section

The mention of strict change control procedures for modifications to the program source library aligns with configuration management principles.

Document Content

Matched Section

AI Justification

The section discusses the need for scanning portable and mobile devices for malicious code before allowing them access to organizational networks, which aligns with the control's focus on protecting against malicious code.

Document Content

Matched Section

Section: Management of User Authentication
Content: Use of privileged access IDs should be logged by system monitoring applications. User activity reports, such as failed access attempts and any changes to User rights should monitored and reviewed detect misuse of privileged accounts.

AI Justification

The text discusses the importance of system monitoring, including logging privileged access and monitoring user activity, which aligns with the objectives of control SI-4.

Document Content

Document Content

Matched Section

Section: Access Authorization Process
Content: for which the User is requesting access and should be submitted to Information Security for processing. Information Security is then responsible for forwarding the completed form to the appropriate information owner for final approval. c) All User access authorization forms should be retained for a period of at least two (2) years and be classified as Confidential. d) Information owners are responsible for reviewing and approving all requests for access to Information Resources and applications for which they are responsible. Information owners should review the business need for access and should ensure consistency with segregation of duties requirement.

AI Justification

The text discusses the process of access authorization, including the responsibilities of information owners and the retention of authorization forms, which aligns with the control's focus on official management decisions and accountability.

Document Content

Matched Section

Document Content

Matched Section

Section: Logical access controls and vendor-supplied defaults
Content: f) Logical access controls should be applied to isolate sensitive applications, application data or systems. g) Vendor-supplied defaults should be changed during installation of third-party software on the network. This includes, but is not limited to the following: i. Passwords ii. Elimination of unnecessary accounts / User IDs (i.e., guest) iii. Scripts, drivers, features, subsystems, file systems, and unnecessary web servers iv. Simple Network Management Protocol [SNMP] community strings v. Service Set Identifier (SSID) vi. Enabling of the latest or current Wi-Fi protection technology, such as (WPA3), for

AI Justification

The chunk discusses the importance of changing vendor-supplied defaults and applying logical access controls, which are aspects of configuration settings that affect security posture.

Document Content

The chunk discusses the termination of session activity when security-related parameters are violated, which aligns with session termination controls.

Document Content

Matched Section

AI Justification

The text discusses the importance of having a physical and environmental protection policy and procedures, including the process for handling exceptions to these policies.

Document Content

Matched Section

Section: Access Control for Cloud Systems and Services
Content: a) Access to cloud systems and services should be granted to authorized Users based on the principle of least privilege.

AI Justification

The section discusses access control measures for cloud systems, emphasizing the need for authorization and restriction based on job roles, which aligns with enforcing authorizations for entry and exit.

Document Content

Matched Section

AI Justification

The text outlines the principles of least privilege and strong authentication, which are fundamental aspects of an access control policy.

Document Content

The text discusses the need for defining, documenting, and implementing access control policies based on user roles, which aligns with the concept of rules of behavior for organizational users.

Document Content

The text discusses the importance of defining knowledge, skills, and abilities for security and privacy roles, as well as developing training programs, which aligns directly with PM-13.

Document Content

Matched Section

AI Justification

The log-on procedures described ensure that access to systems is controlled and that only authorized users can log in, which aligns with the need for access control policies and procedures.

Document Content

Matched Section

Document Content

Matched Section

AI Justification

The section discusses the need for access restrictions based on user roles and responsibilities, which aligns with the establishment of an access control policy.

Document Content

Document Content

Matched Section

The chunk discusses the importance of integrating information security throughout the lifecycle of information systems, which aligns with the need to manage risks associated with supply chain elements and processes.

Document Content

Matched Section

Section: Vendor Risk Management
Content: Vendor Risk Management – Establishes controls to maintain an agreed level of information security and service delivery.

AI Justification

The mention of vendor risk management aligns with the supply chain processes and the need to maintain information security and service delivery.

Document Content

Matched Section

AI Justification

The text discusses various strategies and tools for protecting the supply chain, which aligns with the control's focus on using the acquisition process to mitigate supply chain risks.

Document Content

Matched Section

Section: Vendor Risk Management
Content: Vendor Risk Management – Establishes controls to maintain an agreed level of information security and service delivery.

AI Justification

The chunk discusses vendor risk management and the establishment of controls to maintain information security, which aligns with the assessment and review of supplier risk as described in SR-6.

Document Content

Matched Section

The mention of managing information security incidents and communication on security events aligns with the need for effective incident handling procedures.

Document Content

Matched Section

Section: Definition of Confidentiality
Content: The protection of data against unintentional, unlawful, or unauthorized access, disclosure, or theft.

AI Justification

The chunk discusses the protection of data against unauthorized access and disclosure, which aligns with the control's focus on preventing unauthorized disclosure of information.

Document Content

Matched Section

Section: Definition of Information Security
Content: The practice of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability (CIA).

AI Justification

The chunk emphasizes the importance of protecting information from unauthorized access, which is a key aspect of controlled access.

The chunk discusses asset identification and inventory, which aligns with the requirements for maintaining a centralized inventory of system components as outlined in CM-8.

Document Content

Matched Section

Section: Configuration Management | Configuration Management Plan
Content: Configuration management plans satisfy the requirements in configuration management policies while being tailored to individual systems. Configuration management plans define processes and procedures for how configuration management is used to support system development life cycle activities.

AI Justification

The text discusses configuration management activities throughout the system development life cycle, including the creation and implementation of configuration management plans, which aligns directly with control CM-9.

Document Content

Matched Section

The mention of policies and procedures that contribute to security assurance aligns with the need for access control policies.

Document Content

Matched Section

Document Content

Document Content

Matched Section

Section: Risk Policy, Cloud Policy, End-user Device Security Policy, Internet Security & Usage Policy
Content: Risk Policy - Establishes controls to ensure identification, evaluation and management of risk to secure business assets and support achievement of corporate objectives. Cloud Policy - Establishes controls that define the requirements for safeguards and controls for applications and systems that contain, process, or transmit Company Confidential and Company Restricted information. End-user Device Security Policy - Establishes controls that define the requirements for safeguards and controls for any computing device used by employees, vendors, and service providers who access information available through Test network facilities. Internet Security & Usage Policy – Establishes controls that address acceptable Internet Usage Policies, and Internet Security Controls that should be implemented and followed in order to protect the confidentiality and integrity of information.

AI Justification

The chunk discusses various policies that establish controls related to information security, aligning with the need for planning policies and procedures.

Document Content

Matched Section

AI Justification

The text discusses the importance of control baselines in addressing protection needs and mandates, which aligns with the definition provided in control PL-10.

Document Content

Matched Section

The text discusses the importance of vulnerability monitoring, including the categorization of information and systems, and the need for continuous monitoring and updates to vulnerability tools.

Document Content

Matched Section

Section: Assessment, Authorization, and Monitoring | Continuous Monitoring
Content: Vulnerability monitoring may also include continuous vulnerability monitoring tools that use instrumentation to continuously analyze components.

AI Justification

The text emphasizes the need for continuous vulnerability monitoring tools and processes to identify and address vulnerabilities promptly.

Document Content

Matched Section

Section: Assessment, Authorization, and Monitoring | Penetration Testing
Content: Control assessments, such as red team exercises, provide additional sources of potential vulnerabilities for which to scan.

AI Justification

The mention of control assessments, such as red team exercises, aligns with the need for penetration testing to identify vulnerabilities.

Document Content

Matched Section

AI Justification

The section discusses the importance of identifying critical components and functions, which aligns with the criticality analysis aspect of RA-9.

Document Content

Document Content

Matched Section

AI Justification

The chunk discusses the importance of maintaining information security throughout the lifecycle of information systems, which aligns with the need for support and updates for system components.

Document Content

Matched Section

Section: System Acquisition, Development and Maintenance
Content: Establishes controls to ensure that information security is an integral part of information systems across the entire lifecycle and information security is designed and implemented within the development lifecycle of information systems.

AI Justification

The text discusses the integration of security and privacy considerations into the system development life cycle, which aligns directly with the principles outlined in SA-3.

Document Content

Matched Section

The chunk discusses the importance of establishing controls for information security throughout the lifecycle of information systems, which aligns with the need for system documentation to understand and manage controls effectively.

Document Content

Matched Section

Section: System Acquisition, Development and Maintenance; Vendor Risk Management
Content: System Acquisition, Development and Maintenance – Establishes controls to ensure that information security is an integral part of information systems across the entire lifecycle and information security is designed and implemented within the development lifecycle of information systems. (m) Vendor Risk Management – Establishes controls to maintain an agreed level of information security and service delivery.

AI Justification

The text discusses the management of external system services and the importance of establishing trust relationships with external providers, which aligns directly with the requirements outlined in control SA-9.

Document Content

Matched Section

AI Justification

The text discusses the importance of establishing policies and procedures for system and communications protection, aligning with the SC-1 control.

Document Content

Document Content

Matched Section

The text discusses the importance of managing and retaining information throughout its lifecycle, including secure disposal and documentation of asset reuse and destruction practices.

Document Content

Matched Section

The chunk discusses the inventory of assets, including mobile devices and printers, which are part of internal system connections as defined in CA-9.

Document Content

Matched Section

AI Justification

The text discusses the ability of divisions to define and implement security requirements and mechanisms, which aligns with the need for configuration management policies and procedures that address security and privacy assurance.

The mention of monitoring requirements and the need for ongoing assessment aligns with CA-7, which focuses on continuous monitoring of security controls.

Document Content

Matched Section

The text discusses the consequences for violations of information security policies, which aligns with the need for organizational sanctions as described in PS-8.

Document Content

Document Content

Matched Section

Section: Exceptions to this policy can be requested by submitting a policy exception form in the ServiceNow portal.
Content: Exceptions to this policy can be requested by submitting a policy exception form in the ServiceNow portal.

AI Justification

The mention of a policy exception process and the requirement for maintaining records of approved requests indicates a structured approach to policy management.

Document Content

Matched Section

AI Justification

The text discusses the assignment of ownership and responsibilities for assets, which aligns with the management of security and privacy attributes related to access control and information protection.

Document Content

Matched Section

The text discusses the development and maintenance of an Information Security Risk Management Process, which aligns with the overarching goals of an information security program plan as described in PM-1.

Document Content

Matched Section

Section: 1.5 ROLES & RESPONSIBILITIES
Content: CISO or appointed representative Will maintain the risk register Communicate information security risks to Executive Leadership

AI Justification

The text discusses risk management processes, roles, and responsibilities related to risk assessments and compliance, which aligns with the requirements of PM-10.

Document Content

Matched Section

The text discusses the identification and measurement of performance related to risk reduction, compliance, and information security incidents, which aligns with the principles of continuous monitoring.

Document Content

Matched Section

AI Justification

The mention of risk assessments and the ongoing measurement of performance indicates a continuous monitoring approach.

Document Content

Document Content

Document Content

Matched Section

Section: 1.2 APPLICABILITY
Content: This policy is applicable for all Test information, infrastructure, network segments and devices.

AI Justification

The text discusses the importance of a personnel security policy and its applicability to all staff and contractors, aligning with the requirements of PS-1.

Document Content

Matched Section

AI Justification

The text discusses the importance of policies and procedures related to risk management, which aligns with the need for transparency and processing of personally identifiable information.

Document Content

Document Content

Matched Section

Section: Risk Assessment | Criticality Analysis
Content: Not all system components, functions, or services necessarily require significant protections. For example, criticality analysis is a key tenet of supply chain risk management and informs the prioritization of protection activities. The identification of critical system components and functions considers applicable laws, executive orders, regulations, directives, policies, standards, system functionality requirements, system and component interfaces, and system and component dependencies.

AI Justification

The text discusses the importance of criticality analysis in identifying and prioritizing system components and functions that require protection, aligning directly with the objectives of RA-9.

Document Content

Document Content

Matched Section

AI Justification

Document Content

Matched Section

AI Justification

The mention of developing and maintaining an Information Security Risk Management Process aligns with the need for conducting risk assessments as part of the overall security framework.

Document Content

Document Content

Matched Section

AI Justification

The text discusses the need for access rights to be granted and revoked, which aligns with the principles of access control policies.

Document Content

Matched Section

AI Justification

Document Content

Matched Section

AI Justification

The text discusses the responsibilities of various roles in reviewing and authorizing access, which aligns with the principle of separation of duties to mitigate risks of unauthorized access and abuse of privileges.

Document Content

Document Content

Matched Section

Section: 16.0 Maintaining Security during BC/DR Policy
Content: The information contained herein is the property of Test Freres & Co. LLC (“Test") and may not be copied, used, or disclosed in whole or in part, stored in a retrieval system or transmitted in any form or by any means (electronic, mechanical, reprographic, recording or otherwise) outside of Test without prior written permission.

AI Justification

The section discusses the unauthorized copying, use, or disclosure of information, which aligns with the control's focus on preventing data leakage.

Document Content

Matched Section

Section: 1.6 EXCEPTIONS
Content: Exceptions to the policy should be approved by InfoSec in advance. The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy. In exceptional cases Divisions & Functions may implement a lower protection level to adequately address the related information security risk. In such cases, Test's policy exception process should be followed and applied. Exceptions to this policy can be requested by submitting a policy exception form in the ServiceNow portal. The request should contain the supporting information requested below, and should be approved by the Department Manager (not lower than director level) and the CISO or his/her designee: 1. Policy statement requiring the exception. 2. Exception duration. Provide detailed information.

AI Justification

The text discusses the need for policies and procedures regarding exceptions to security policies, which aligns with the control's focus on assessment, authorization, and monitoring.

Document Content

Matched Section

The text discusses the requirements for access rights and the need for documentation and approval for access to networks and services, which aligns with the identification and authentication requirements outlined in IA-2.

Document Content

Matched Section

AI Justification

The text discusses roles responsible for reviewing and authorizing access, which implies the need for authentication mechanisms to ensure that only authorized personnel can perform these actions.

Document Content

Matched Section

AI Justification

The text discusses the importance of having incident response policies and procedures, including how exceptions to these policies should be managed, which aligns with the requirements of control IR-1.

Document Content

Matched Section

Section: Business Continuity and Disaster Recovery planning, testing, and execution
Content: The purpose of this document is to outline requirements for the maintaining of Test’s cybersecurity posture during Business Continuity and Disaster Recovery planning, testing, and execution.

AI Justification

The text discusses the importance of maintaining security posture during BC/DR events and exercises, which aligns with testing incident response capabilities.

The text describes roles responsible for reviewing and authorizing access to information resources, which aligns with the requirement for authorization processes outlined in PM-10.

Document Content

Matched Section

AI Justification

The text discusses the need for defining protection requirements and exceptions to security policies, aligning with the need to understand and manage protection needs.

Document Content

Section: 1.2 GOVERNANCE
Content: b. Identity Access Management (IAM) standards.

AI Justification

The mention of Identity Access Management (IAM) standards indicates a focus on account management practices.

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: d. Logging and monitoring integrated with Test Logging and monitoring systems.

AI Justification

The reference to logging and monitoring integrated with Test Logging and monitoring systems aligns with the need for monitoring controls.

Document Content

Matched Section

AI Justification

The text discusses the representation of information using data structures and the binding of attributes to subjects and objects, which aligns with the principles of access control and data management.

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: b. Identity Access Management (IAM) standards.

AI Justification

The mention of Identity Access Management (IAM) standards indicates a focus on managing access and authentication, which aligns with the control.

Document Content

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: c. The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.

AI Justification

The mention of ensuring confidentiality, integrity, and availability of processing systems relates to controlling remote access to sensitive information.

Document Content

Matched Section

Section: Scope
Content: The process of selecting products and services involves numerous people throughout Test. Each person involved in the process, whether on an individual or group level, should understand the importance of security in the organization’s information infrastructure and the security impacts of their decisions.

AI Justification

The text discusses the importance of training personnel involved in the selection of products and services, emphasizing their understanding of security impacts, which aligns with the requirements for role-based training.

Document Content

Matched Section

The chunk discusses the implementation of data protection measures, which aligns with the need to associate security and privacy attributes with information systems.

Document Content

Document Content

Matched Section

Section: Control of mobile code and its execution
Content: Where the use of mobile code is authorized, the configuration should ensure that the authorized mobile code operates according to a clearly defined security policy, and unauthorized mobile code should be prevented from executing.

AI Justification

The text discusses restrictions on the use of mobile code and the need for a defined security policy, which aligns with the control's focus on usage restrictions for system components.

Document Content

Matched Section

Section: 1.2 GOVERNANCE - Implementation
Content: Supplier and/or contractor should agree to implement data protection by design and by default and appropriate technical and Supplier and/or contractor Security Requirements and organizational measures to ensure a level of security appropriate to the risk.

AI Justification

The text discusses the implementation of data protection measures, including encryption and access management, which align with the concept of managing interfaces and boundary protection as outlined in SC-7.

Document Content

Matched Section

The text discusses supplier risk and the importance of assessing vendors, which aligns with the need to manage counterfeit components and ensure the integrity of the supply chain.

Document Content

Matched Section

Section: 1.13 END OF SERVICE
Content: Upon termination, cancellation, expiration or other conclusion of the agreement, Service provider should return all data and assets to Test. If return of data is not feasible, service provider should physically or electronically destroy beyond all ability to recover all Test data provided to them and certify the destruction.

AI Justification

The chunk discusses the process for end of service, including the requirement for the service provider to physically or electronically destroy data beyond recovery, which aligns with the control's focus on proper disposal of data and system components.

Document Content

Matched Section

The chunk discusses the need for logging and monitoring, which aligns with the requirements for audit logging in a cross-organizational context.

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: Logging and monitoring integrated with Test Logging and monitoring systems.

AI Justification

The chunk discusses logging and monitoring, which aligns with the requirements for logging significant events as outlined in AU-2.

Document Content

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: b. Identity Access Management (IAM) standards.

AI Justification

The mention of Identity Access Management (IAM) standards indicates a focus on access control, which aligns with AC-1.

Document Content

Document Content

Matched Section

Section: 1.2 GOVERNANCE Implementation
Content: d. Logging and monitoring integrated with Test Logging and monitoring systems.

AI Justification

The mention of logging and monitoring integrated with Test Logging and monitoring systems aligns with the requirements for logging and monitoring controls.

Document Content

Document Content

Matched Section

AI Justification

The text discusses the importance of policies and procedures related to physical and environmental protection, which aligns with the PE-1 control.

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: b. Identity Access Management (IAM) standards.

AI Justification

The mention of Identity Access Management (IAM) standards indicates a focus on access control measures.

Document Content

The chunk discusses the implementation of data protection measures and security requirements that align with the overarching security and privacy architectures described in PL-8.

Document Content

Matched Section

AI Justification

The mention of organizational measures and security requirements indicates alignment with the enterprise architecture principles outlined in PM-7.

Document Content

Matched Section

The text discusses the involvement of various personnel in the selection process, highlighting the importance of security and the need for specialized expertise, which aligns with the establishment of champions for information security.

Document Content

Matched Section

Section: 1.4 SUPPLIER RISK MANAGEMENT PROGRAM
Content: Test’s Supplier Risk Management Program consists of four key elements: Risk Assessment and Planning – assess inherent risk based on nature of service or product; Due Diligence – assess residual risk based on 3rd party controls; Contract Management – ensure an appropriate contract protects Test; Risk Monitoring – monitor ongoing risk profile with changing service or needs and prior to contract renewal.

AI Justification

The Supplier Risk Management Program outlines a structured approach to managing supplier-related risks, aligning with the elements of an organization-wide supply chain risk management strategy.

Document Content

Matched Section

AI Justification

The text discusses the importance of ongoing monitoring and assessment of controls and risks, which aligns with the continuous monitoring concept outlined in PM-31.

Document Content

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: Third parties should at least implement the following measures: a. Encrypt Test data in transit and at rest, per the 6.0 IS Data Security Policy.

AI Justification

The mention of individual system security measures aligns with the control's focus on developing security and privacy architectures at the system level.

Document Content

Matched Section

AI Justification

The text discusses the importance of personnel security policies and procedures, including the process for exceptions, which aligns with the control's focus on establishing such policies and procedures.

Document Content

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: b. Identity Access Management (IAM) standards.

AI Justification

The mention of Identity Access Management (IAM) standards indicates a need for access control policies.

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: e. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

AI Justification

The ability to restore availability and access to personal data in a timely manner relates to contingency planning.

Document Content

Matched Section

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: b. Identity Access Management (IAM) standards.

AI Justification

The mention of Identity Access Management (IAM) standards indicates a focus on access control measures, which aligns with control AC-1.

Document Content

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.

AI Justification

The chunk mentions the need for ongoing confidentiality, integrity, availability, and resilience of processing systems, which relates to the security engineering principles outlined in SA-8.

Document Content

Matched Section

AI Justification

The chunk discusses the implementation of data protection measures and security requirements, which aligns with the derivation of security and privacy functional requirements.

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: d. Logging and monitoring integrated with Test Logging and monitoring systems.

AI Justification

The mention of logging and monitoring integrated with Test Logging and monitoring systems aligns with the need for ongoing monitoring of systems.

Document Content

Document Content

Matched Section

Section: Supplier Relationship Owner and Legal Department Responsibilities
Content: Supplier Relationship Owner Is responsible for conducting a due diligence on regular basis as per Technology and Information Security team mandated, keeping supplier information up to date. Is responsible for obtaining relevant information about the prospective service, service provider, and/or tool so that relevant risks can be identified and evaluated Legal Department Is responsible for including Security related legal clauses in contracts with Third Parties.

AI Justification

The text discusses responsibilities related to managing relationships with external service providers, including due diligence and security clauses in contracts, which aligns with the requirements of SA-9.

Document Content

Matched Section

AI Justification

The text discusses the importance of having policies and procedures for system and communications protection, which aligns with the SC-1 control.

Document Content

Matched Section

Section: 1.2 GOVERNANCE
Content: a. Encrypt Test data in transit and at rest, per the 6.0 IS Data Security Policy. d. Logging and monitoring integrated with Test Logging and monitoring systems.

AI Justification

The mention of encryption and logging and monitoring indicates a focus on protecting the boundaries of systems, which aligns with SC-7.

Document Content

Section: Role Functional Activities
Content: Each system owner should maintain a portfolio of cloud application profiles under their control and management purview. The application owner may be a direct customer of a CSP for specific business functions and should track implementation and maintenance requirements for business applications hosted in the cloud.

AI Justification

The text discusses the responsibilities of application owners in managing cloud application services and ensuring compliance with information security standards, which aligns with the concept of access control policies.

Document Content

Matched Section

AI Justification

The roles and responsibilities outlined emphasize the importance of managing access and ensuring that roles operate with the least privilege necessary for their functions.

Document Content

Matched Section

Section: 1.6 CLOUD SECURITY TRAINING & AWARENESS
Content: 1. Test should provide security education and awareness training for the end-user community and engineers and architects with information security responsibilities related to cloud security

AI Justification

The chunk discusses the need for security education and awareness training for users, which aligns with the requirements of AT-2 for providing literacy training.

Document Content

Matched Section

Document Content

The text discusses the need for authorization of deviations from baseline configurations, which aligns with the control's focus on managing configuration settings.

Document Content

Matched Section

AI Justification

The text discusses the importance of contingency planning policies and procedures, aligning directly with the control's focus on establishing such policies within organizations.

Document Content

Matched Section

Section: Contingency planning for systems is part of an overall program for achieving continuity of operations for organizational mission and business functions.
Content: Control: CP-2: Contingency planning for systems is part of an overall program for achieving continuity of operations for organizational mission and business functions. Contingency planning addresses system restoration and implementation of alternative mission or business processes when systems are compromised or breached.

AI Justification

The text discusses the importance of contingency planning for systems, including system restoration and alternative processes when systems are compromised, which aligns with CP-2's focus on continuity of operations.

Document Content

Matched Section

The text discusses the formal processes for identifying and responding to potential breaches in cloud security, which aligns with the incident response capabilities outlined in control IR-4.

Document Content

Matched Section

AI Justification

The text discusses the formal processes for identifying and responding to potential breaches, which aligns with the requirements for incident reporting and documentation as outlined in control IR-6.

Document Content

Matched Section

Section: 5. Changes to cloud security systems and procedures
Content: The Information Security Team should enforce, comply, and document a formal process for identifying and responding to a potential breach in cloud-based network perimeters (e.g., DDoS attack, phishing, identity spoofing). Cloud security incident response procedures should follow the Incident Response management policy.

AI Justification

The text discusses the need for a formal process for identifying and responding to potential breaches, which aligns with the requirement for a coordinated approach to incident response.

Document Content

Document Content

Matched Section

Document Content

Matched Section

Section: Cloud Service Provider
Content: Designated external entities, outside of Test, are responsible for delivering cloud services. The CSP works closely with Cloud Enterprise Architects, Test IT, and Test Information Security Team to develop and integrate secure cloud solutions.

AI Justification

The text discusses the involvement of external entities (Cloud Service Provider) in delivering services, which aligns with the control's focus on external providers and their personnel security requirements.

Document Content

Document Content

Matched Section

Section: Deviations from baseline configuration and authorization processes
Content: NOTE: Any deviations from baseline configuration defined by the IT Infrastructure / cloud team should be authorized following Test’s formal change management processes prior to deployment, provisioning, or integration for use. In addition, deviations from standard security baseline configurations should be authorized by Test Information Security Team prior to deployment, provisioning, or integration in accordance with the Test IT policy.

AI Justification

The text discusses the need for authorization of deviations from baseline configurations, which aligns with the control's focus on maintaining configuration integrity and managing changes.

Document Content

Matched Section

The text discusses the importance of maintaining cloud security artifacts and system documentation, which aligns with the need for quality and completeness of system documentation as outlined in control SA-5.

Document Content

Matched Section

AI Justification

The text discusses the establishment of security architecture and design documents, which aligns with the principles of systems security engineering.

Document Content

Matched Section

AI Justification

The mention of conducting risk assessments and utilizing specialized software to reduce security breach risks aligns with vulnerability management practices.

Document Content

Section: 7. EXCEPTION
Content: Exceptions to the policy should be approved by InfoSec in advance. The technical and organizational controls define minimum requirements for securing assets. Divisions & Functions are free to define and implement stronger security requirements and mechanisms if a higher protection level is necessary and they do not contradict the Policy. In exceptional cases Divisions & Functions may implement a lower protection level to adequately address the related information security risk. In such cases, Test's policy exception process should be followed and applied. Exceptions to this policy can be requested by submitting a policy exception form in the ServiceNow portal. The request should contain the supporting information requested below, and should be approved by the Department Manager (not lower than director level) and the CISO or his/her designee: 1. Policy statement requiring the exception. 2. Exception duration. Provide detailed information.

AI Justification

The text discusses the need for an access control policy and procedures, including how exceptions to the policy should be handled, which aligns with the requirements of AC-1.

Document Content

Matched Section

Section: 8. ENFORCEMENT/COMPLIANCE
Content: Any User found to have violated any of these policies may be subject to disciplinary action, if such User is an employee, up to and including dismissal or termination of employment. Violation of these policies by anyone other than an employee performing services for Test, including anyone performing services pursuant to a contract, may be grounds for immediate termination. Test may also pursue any other additional rights and remedies it may have against anyone found to be in violation of these policies.

AI Justification

The chunk discusses the enforcement of policies and the consequences of violations, which aligns with the concept of access control policies that govern user behavior and access to organizational resources.

Document Content

Matched Section

The text discusses the need for role-based training tailored to the responsibilities and security requirements of various roles within an organization.

Document Content

Matched Section

AI Justification

The text discusses the responsibilities of information users in reporting incidents and the procedures for handling incidents, which aligns with the incident response capabilities outlined in control IR-4.

Document Content

Matched Section

AI Justification

The section outlines the responsibilities of users in reporting incidents and the importance of documenting incidents, which aligns with the requirements of IR-5.

Document Content

Document Content

Matched Section

The chunk discusses data redundancy, which aligns with the concept of distributing processing and storage across multiple locations to improve performance and redundancy.

Document Content

Matched Section

AI Justification

The chunk discusses measures to prevent the execution of malware, which aligns with the control's focus on identifying and isolating malicious code.

Document Content

Matched Section

AI Justification

The mention of preventing malware execution aligns with the need for protective measures against malicious code.

Document Content

Matched Section

Section: Provisioning for Name/Address Resolution Service
Content: Provisioning for Name/Address Resolution Service

AI Justification

The chunk discusses provisioning for services that may involve out-of-band channels, aligning with the control's focus on the use of such channels for secure transmission.

Document Content

Matched Section

AI Justification

The text discusses the importance of segregating information systems and restricting access to prevent inappropriate disclosure, which aligns with the objective of protecting valuable information from exfiltration.

Document Content

Matched Section

Section: User access policies and procedures should be established, and supporting business processes and technical measures implemented, for ensuring appropriate identity, entitlement, and access management for all internal corporate and customer (tenant) users with access to data.
Content: User access policies and procedures should be established, and supporting business processes and technical measures implemented, for ensuring appropriate identity, entitlement, and access management for all internal corporate and customer (tenant) users with access to data.

AI Justification

The mention of establishing user access policies and procedures aligns with the control's focus on managing access to information.

Document Content

Document Content

Matched Section

Section: Security Awareness and Skills Training
Content: Security Awareness and Skills Training ISO/IEC 27001:2013 A.6.1.4 Contact with special interest groups NIST SP 800-53 Rev 5 Program Management | Security and Privacy Groups and Program Management | Threat Awareness Program Risk Assessment | Threat Hunting System & Information Integrity | Security Alerts, Advisories, and PM-15 Associations PM-16 RA-10 SI-5 Directives ID.RA-3 CIS CSC Data Protection Continuous Vulnerability 3 7 13 Network Monitoring & Defense ISO/IEC 27001:2013 Clause 6.1.2 Information Security Risk Assessment NIST SP 800-53 Rev 5 Program Management | Insider Threat Program Program Management | Threat Awareness Program Risk Assessment | Risk Assessment Risk Assessment | Threat Hunting System & Information Integrity | Security Alerts, Advisories, and PM-12 PM-16 RA-3 RA-10 SI-5 Directives ID.RA-4 CIS CSC 3 12 Data Protection Network Infrastructure Management

AI Justification

The chunk discusses the generation of security alerts and advisories, which aligns directly with the control's focus on maintaining situational awareness and compliance with security directives.

Document Content

Matched Section

Section: Information Integrity
Content: System & Information Integrity | Software, Firmware, and

AI Justification

The chunk directly references the control SI-7, which focuses on unauthorized changes to software, firmware, and information, aligning with the content of the chunk.

The technical review of applications after operating platform changes indicates a need for security impact analysis.

Document Content

Matched Section

AI Justification

The chunk discusses restrictions on software installation and system change control procedures, which align with the systematic proposal and implementation of configuration changes.

Document Content

Matched Section

Section: Configuration Management | Impact Analyses
Content: Technical review of applications after operating platform changes Restrictions on changes to software packages

AI Justification

The mention of technical reviews and restrictions on changes indicates a process for analyzing the security impact of changes, which aligns with CM-4.

Document Content

The text emphasizes the need for access restrictions and policies to prevent inappropriate disclosure, which aligns with access control policies.

The chunk discusses the restrictions and protections related to the use of various types of media, including portable storage devices, which aligns directly with the requirements of MP-7.

Document Content

Matched Section

The text discusses the organization-wide management and implementation of controls and processes, which aligns with the concept of central management as described in control PL-9.

test calculaion

Overall Alignment

Controls Aligned

Frameworks

Key Controls

Overall Alignment

Framework Breakdown

Key Controls Status

Compliance Summary & Framework Analysis

Framework Compliance Overview

Document Analysis Details

anonymized_6.0_IS_Data_Security_Policy_1.pdf 2 frameworks

anonymized_7.0_IS_Asset_Management_Policy.pdf 2 frameworks

anonymized_19.0_IS_Cloud_Computing_Security_Policy.pdf 2 frameworks

anonymized_7.1_IS_Asset_Management_Standard.pdf 2 frameworks

anonymized_4.0_IS_Organization_of_Information_Security_Policy_1.pdf 2 frameworks

anonymized_6.1_IS_Data_Security_Standards.pdf 2 frameworks

anonymized_11.0_IS_Operations_Security_Policy.pdf 2 frameworks

anonymized_14.1.0.1_IS_Supplier_Relationship_Guidelines.pdf 2 frameworks

anonymized_2.1_IS_Acceptable_Use_Standard.pdf 2 frameworks

anonymized_2.0_IS_Acceptable_Use_Policy.pdf 2 frameworks

anonymized_8.1_IS_Access_Control_Identity_Management_Standard_1.pdf 2 frameworks

anonymized_7.2_IS_End_User_Device_Standard.pdf 2 frameworks

anonymized_3.0_IS_Information_Security_Policy_2.pdf 2 frameworks

anonymized_9.1_IS_Cryptography_Standards.pdf 2 frameworks

anonymized_14.0_IS_Supplier_Management_Policy_2.pdf 2 frameworks

anonymized_15.1_IS_Lazard_CSIRT-CSIRP_Framework_Standard.pdf 2 frameworks

anonymized_19.1_IS_Cloud_Computing_Security_Standard.pdf 2 frameworks

anonymized_8.0_IS_Access_Control_Identity_Management_Policy_1.pdf 2 frameworks

anonymized_14.1_IS_Supplier_Relationship_Standards.pdf 2 frameworks

anonymized_16.0_IS_Maintaining_Security_during_BC__DR_Policy_1.pdf 2 frameworks

anonymized_5.0_IS_Human_Resource_Security_Policy_1.pdf 2 frameworks

anonymized_9.0_IS_Cryptography_Policy_1.pdf 2 frameworks

anonymized_15.0_IS_Incident_Management_Policy_1.pdf 2 frameworks

anonymized_20.0_IS_Risk_Management_Policy_2.pdf 2 frameworks

CIS Framework Checklist Complete control verification 91.1% Complete

NIST Framework Checklist Complete control verification 91.1% Complete

Detailed Document Analysis

anonymized_6.0_IS_Data_Security_Policy_1.pdf CIS

3.1 Access Control Policy... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

3.3 Data Access Control Lists... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

3.4 Data Retention Policy... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

3.7 Data Classification Scheme... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

3.13 Data Loss Prevention... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

4.1 Secure Configuration Process... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

4.2 Secure Configuration Process... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

anonymized_7.0_IS_Asset_Management_Policy.pdf CIS

2.1 Software Inventory Management... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

2.4 Software Inventory Tools... Click to view evidence details Matched

Document Content

Matched Section

AI Justification

3.1 Access Control Policy... Click to view evidence details Matched

Document Content

Matched Section

AI Justification