3.2.2 Personnel Adequately Trained to Carry out Duties Guides NIST SP 800-16 – Information Technology Security Training Requirements: A Role–and Performance–Based Model NIST SP 800-50 – Building an...
3.3.5 Correlate Audit Review, Analysis & Reporting Guides NIST SP 800-92 – Guide to Computer Security Log Management SANS Institute – Successful SIEM and Log Management Strategies...
3.4.1 Establish & Maintain Baseline Configurations & Inventories Guides NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems MITRE – Systems Engineering Guide – Configuration...
3.4.2 Establish & Enforce Security Configurations Settings Guides DISA Security Technical Implementation Guides (STIGS) NIST Computer Resource Center National Checklist Program Repository Microsoft TechNet – Geek of...
3.4.4 Analyze Security Impact of Changes Guides NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems SANS Institute – Secure Configuration Management Demystified...
3.4.8 Apply Deny-by-Exception (Blacklisting) or Permit-by-Exception (Whitelisting) Policies Guides NIST SP 800-167 – Guide to Application Whitelisting US-Cert – Application Whitelisting Strategic Planning Guide Example Tools CarbonBlack Protection...
3.6.1 Establish Operational Incident Handling Capability Guides NIST SP 800-61r2 – Incident Handling Guide Example Tools RSA Netwitness SecOps Manager Sample Policy & Procedures Incident Management...
3.6.3 Test Organizational Incident Response Capability Guides NIST SP 800-84 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities NIST SP 800-115...
3.7.5 Multi-Factor Authentication to Establish Non-Local Maintenance Sessions Guides DFARS FAQ Q49 SANS Institute – Two-Factor Authentication (2FA) using OpenOTP Example Tools Remote Authentication Dial-In User Service (RADIUS)...
3.5.2 Authenticate Identities of Users, Processes or Devices Guides SANS Institute – An Overview of Different Authentication Methods and Protocols (DRAFT) NIST SP 80063B Digital Identity Guidelines –...