You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Critical Control 3 - Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Establish, implement, and actively manage (track, report on, and correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)
PR.IP-2 A System Development Life Cycle to manage systems is implemented
PR.IP-3 Configuration change control processes are in place
PR.IP-4 Backups of information are conducted, maintained, and tested
PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met
PR.IP-6 Data is destroyed according to policy
PR.IP-7 Protection processes are improved
PR.IP-8 Effectiveness of protection technologies is shared
PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
PR.IP-10 Response and recovery plans are tested
PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
PR.IP-12 A vulnerability management plan is developed and implemented