3.8.7 Control use of Removable Media on System Components Guides SANS Institute – Ubiquitous Security Backdoor (USB) Additional Lessons Learned US-CERT – The Risks of Using Portable Devices Sample...
3.9.2 Ensure CUI & Organizations Systems are Protected Guides NIST SP 800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems Example Tools Enterprise Data Loss...
3.10.1 Limit Access to Organizations Information Systems Guides Physical Security and Why It Is Important Sample Policy & Procedures NIST 800-53 PE-3 Physical Access Control Videos BrightTALK...
3.10.5 Managing Physical Access Devices Guides SANS Institute – Security Laboratory: IT Managers – Safety Series – Physical Security NIST SP 800-128 – Guide for...
3.10.6 Enforce Safeguarding Measures for CUI at Alternate Sites Guides NIST SP 800-46 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security NTIS – Information...
3.11.1 Assess Risk to Organizational Operations Guides ISACA – Performing a Security Risk Assessment NIST SP 800-30 – Guide to Conducting Risk Assessments VITA – Example...
3.11.2 Scan for Vulnerabilities Guides SANS Institute – Implementing a Vulnerability Management Process SANS Institute – Vulnerabilities & Vulnerability Scanning SANS Institute – Implementing...
3.12.2 Develop & Implement Plans of Action Guides FedRAMP Plan of Action and Milestones (POA&M) Template Centers for Medicare & Medicaid Services – Plan of Action and...
3.12.3 Monitor Security Controls Ongoing Basis Guides NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Cloud.gov – Continuous Monitoring...
3.12.4 Develop, Document, Update, Implement System Security Plan Guides NIST SP 800-18 – Guide for Developing Security Plans for Federal Information Systems State of Oregon – Information Security...