Requirement:
Cybersecurity requirements for protecting information systems and information processing facilities must be defined, documented and approved.
Control Implementation Guidelines:
- Develop and document cybersecurity policy for Information System and Processing Facilities Protection in the organization, including the following
- Modern and advanced protection techniques and mechanisms, providing them and ensuring their reliability
- Malware Protection Solution Configuration
- Scope of devices to be protected, including all workstations, critical systems in the organization, etc
- Secure copies of the operating systems used in the organization must be built and prepared in a secure manner, protection programs must be installed, and unused services must be disabled. Such copies must be used in the configuration of desktops and servers
- Workstations and systems in the organization must be periodically scanned against malware
- Use of external storage media and its security must be restricted
- Patch management for systems, applications and devices
- Central sources of time synchronization in the organization must be defined to be from a reliable source
- Support the organization's policy by the Executive Management. This must be done through the approval of the organization head or his/her deputy
Relevant Cybersecurity Tools:
- Database Security Policy Template
Expected Deliverables:
- Cybersecurity policy that covers the requirements of Information System and Processing Facilities Protection at the organization (e.g., electronic copy or official hard copy)
- Formal approval by the head of the organization or his/her deputy on the policy (e.g., via the organization's official e-mail, paper or electronic signature)
- Secure Configuration and Hardening Policy Template
- Server Security Policy Template
- Malware Protection Policy Template
- Storage Media Policy Template
- Patch Management Policy Template
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.