3.10.1 Limit Access to Organizations Information Systems Guides Physical Security and Why It Is Important Sample Policy & Procedures NIST 800-53 PE-3 Physical Access Control Videos BrightTALK...
3.10.5 Managing Physical Access Devices Guides SANS Institute – Security Laboratory: IT Managers – Safety Series – Physical Security NIST SP 800-128 – Guide for...
3.10.6 Enforce Safeguarding Measures for CUI at Alternate Sites Guides NIST SP 800-46 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security NTIS – Information...
3.11.1 Assess Risk to Organizational Operations Guides ISACA – Performing a Security Risk Assessment NIST SP 800-30 – Guide to Conducting Risk Assessments VITA – Example...
3.11.2 Scan for Vulnerabilities Guides SANS Institute – Implementing a Vulnerability Management Process SANS Institute – Vulnerabilities & Vulnerability Scanning SANS Institute – Implementing...
3.12.2 Develop & Implement Plans of Action Guides FedRAMP Plan of Action and Milestones (POA&M) Template Centers for Medicare & Medicaid Services – Plan of Action and...
3.12.3 Monitor Security Controls Ongoing Basis Guides NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Cloud.gov – Continuous Monitoring...
3.12.4 Develop, Document, Update, Implement System Security Plan Guides NIST SP 800-18 – Guide for Developing Security Plans for Federal Information Systems State of Oregon – Information Security...
3.13.1 Protect Communication with Firewalls Guides NIST SP 800-41 – Guidelines on Firewalls and Firewall Policy Microsoft TechNet – Perimeter Firewall Design SANS Institute –...
3.13.4 Prevent Unintended Information Transfer Guides SANS Institute – Implementing Least Privilege in a Small Business Sample Policy & Procedures VITA – IT System and...