NIST 800-53 Compliance Controls Guide - McAfee
GUIDENIST 800-53 Compliance ControlsThe following control families represent a portion of special publication NIST 800-53 revision 4. This guide is intendedto aid McAfee, its partners, and its customers, in aligning to the NIST 800-53 controls with McAfee capabilities. Thecontrol families are listed below. AC Access Control (21 controls)CM Configuration Management (3 controls)CP Contingency Planning (1 control)IA Identification and Authentication (28 controls) RA Risk Assessment (1 control)SC System and Communications (32 controls)SI System and Information Integrity (11 controls)Each product represents various capabilities, therefore, the total number of controls listed for each family will notbe a one-to-one match with the number of products as some capabilities will overlap. The chart below display eachcapability as it applies to a specific control family.CapabilityACAUCMCPIASCSITotalsMcAfee Active Response2------2McAfee Application Control--3--328McAfee Data Loss Prevention1------1McAfee Disk Encryption-----1-2McAfee Endpoint Security-----617McAfee Enterprise Security Manager310----225McAfee ePolicy Orchestrator-7----29McAfee File & Removable Media Protection-----1-1McAfee Network Security Platform-----12-12McAfee Policy Auditor1512--814453None21-1206434 1 NIST 800-53 Compliance ControlsConnect With Us
GUIDEAC Access Control—21 ControlsCapabilities SummaryNumber of controlsMcAfee Active Response2McAfee Application Control-McAfee Data Loss Prevention1McAfee Disk Encryption-McAfee Endpoint Security-McAfee Enterprise Security Manager3McAfee ePolicy OrchestratorMcAfee File & Removable Media Protection-McAfee Network Security Platform-McAfee Policy ameControl IDAssessmentProcedureAssessment ObjectiveMcAfee CapabilityAccountManagementRemoval ofTemporary/EmergencyAccountsACDetermine if the information system:McAfee Active ResponseAC-2(2)AC-2(2).2 ACAccountManagementDisable InactiveAccountsAC-2(3)AC-2(3).2 ACAccountManagementAutomatedAudit mationFlowEnforcementAC-4AC-4.2Automatically removes or disables temporary and emergency accountsafter the organization-defined time period for each type of accountDetermine if the information system:Automatically disables inactive accounts after the organization-definedtime periodMcAfee Enterprise SecurityManagerMcAfee Active ResponseMcAfee Enterprise SecurityManagerDetermine if the information system:2NIST 800-53 Compliance Controls Notifies organization-defined personnel or roles of the following accountactions Creation, modification, enabling, disabling, removalMcAfee Enterprise SecurityManagerDetermine if the information system: Enforces approved authorizations for logical access to information andsystem resources in accordance with applicable access control policiesMcAfee Policy AuditorDetermine if the information system: Enforces approved authorizations for controlling the flow of informationwithin the system and between interconnected systems based onorganization-defined information flow control policiesMcAfee Data Loss Prevention
tPrivilegeAuditing Useof PrivilegedFunctionsControl IDAssessmentProcedureAC-6(9)AC-6(9)Assessment ObjectiveDetermine if the information system: Audits the execution of privileged functionsMcAfee CapabilityMcAfee Policy AuditorDetermine if the information system:ACACLeastPrivilegeUnsuccessfulLoginAttempts Prohibit NonPrivileged Usersfrom gin AttemptsAC-7AC-6(10) Prevents non-privileged users from executing privileged functions toinclude:Disabling implemented security safeguards/countermeasures;McAfee Endpoint Security withMcAfee Threat Intelligence forEndpoint SecurityCircumventing security safeguards/countermeasures;McAfee Policy Auditoror Altering implemented security safeguards/countermeasuresDetermine if the information system:AC-7.a.3 Enforces a limit of organization-defined number of consecutive invalidlogon attempts by a user during an organization-defined time periodMcAfee Policy AuditorDetermine if the information system: UnsuccessfulLoginAttemptsUnsuccessfulLogin AttemptsACSystem UseNotificationSystem UseNotificationAC-8AC-8.c.1.2ACSystem UseNotificationSystem UseNotificationAC-8AC-8.c.2ACSystem UseNotificationSystem lConcurrentSession ControlAC-10ACAC-7AC-7.b.2When the maximum number of unsuccessful logon attempts is exceeded,automatically: Locks the account/node for the organization-defined time period; Locks the account/node until released by an administrator;McAfee Policy Auditoror Delays next logon prompt according to the organization-defined delayalgorithmDetermine if, for publicly accessible systems: The information system displays organization-defined conditions beforegranting further accessMcAfee Policy AuditorDetermine if the information system:AC3 Displays references, if any, to monitoring, recording, or auditing that areconsistent with privacy accommodations for such systems that generallyprohibit those activitiesDetermine if the information system: Includes a description of the authorized uses of the systemMcAfee Policy AuditorMcAfee Policy AuditorDetermine if the information system:NIST 800-53 Compliance ControlsAC-10.3 Limits the number of concurrent sessions for each organization-definedaccount and/or account type to the organization-defined number ofconcurrent sessions allowedMcAfee Policy Auditor
l IDAssessmentProcedureAssessment ObjectiveMcAfee CapabilityDetermine if the information system:ACSession LockSession LockAC-11AC-11.a.2ACSession LockSession LockAC-11AC-11.b ACSession LockPattern-HidingDisplaysAC-11(1)AC-11(1) ACSessionTerminationSessionTerminationAC-12AC-12.2 C-17(1)ACRemoteAccessProtection ofConfidentiality/Integrity UsingEncryptionAC-17(2)AC-17(2) ACRemoteAccessManagedAccess ControlPointsAC-17(3)AC-17(3).2 Prevents further access to the system by initiating a session lock afterorganization-defined time period of user inactivity or upon receiving arequest from a userMcAfee Policy AuditorDetermine if the information system:Retains the session lock until the user reestablishes access usingestablished identification and authentication proceduresMcAfee Policy AuditorDetermine if the information system:Conceals, via the session lock, information previously visible on thedisplay with a publicly viewable imageMcAfee Policy AuditorDetermine if the information system:Automatically terminates a user session after organization-definedconditions or trigger events requiring session disconnect occursDetermine if the information system: Monitors and controls remote access methodsMcAfee Policy AuditorN/ADetermine if the information system:Implements cryptographic mechanisms to protect the confidentiality andintegrity of remote access sessionsMcAfee Policy AuditorDetermine if the information system:Routes all remote accesses through the organization-defined number ofmanaged network access control pointsN/ADetermine if the information system: ACWirelessAccessAuthenticationand EncryptionAC-18(1)AC-18(1)Protects wireless access to the system using encryption and one or moreof the following: Authentication of users;and/or Authentication of devices4NIST 800-53 Compliance ControlsMcAfee Policy Auditor
GUIDEAU Audit and Accountability—23 ControlsCapabilities SummaryNumber of controlsMcAfee Active Response-McAfee Application Control-McAfee Data Loss Prevention-McAfee Disk Encryption-McAfee Endpoint Security-McAfee Enterprise Security Manager10McAfee ePolicy Orchestrator7McAfee File & Removable Media Protection-McAfee Network Security Platform12None1ControlFamily5-McAfee Policy AuditorControlCategoryControlNameControl IDAssessmentProcedureContent ofAudit RecordsCentralizedManagementof PlannedAudit RecordContentAUAU-3(2)AU-3(2).2AUResponseto AuditProcessingFailuresResponseto AuditProcessingFailuresAU-5AU-5.a.2 AUResponseto AuditProcessingFailuresResponseto AuditProcessingFailuresAU-5AU-5.b.2 AUResponseto AuditProcessingFailuresAudit StorageCapacityAssessment ObjectiveMcAfee CapabilityDetermine if the information system: Provides centralized management and configuration of the content to becaptured in audit records generated by the organization-defined informationsystem componentsDetermine if the information system:Alerts the organization-defined personnel or roles in the event of an auditprocessing failureMcAfee ePolicy OrchestratorMcAfee ePolicy OrchestratorMcAfee EnterpriseSecurity ManagerDetermine if the information system:Takes the additional organization-defined actions in the event of an auditprocessing failureMcAfee Policy AuditorDetermine if the information system:NIST 800-53 Compliance Controls AU-5(1)AU-5(1).4Provides a warning to the organization-defined personnel, roles, and/orlocations within the organization-defined time period when allocated auditrecord storage volume reaches the organization-defined percentage ofrepository maximum audit record storage capacityMcAfee Policy Auditor
l IDAssessmentProcedureAssessment ObjectiveMcAfee CapabilityDetermine if the information system:AUResponseto tionand ReportGenerationAuditReductionand ReportGenerationAU-7AU-7.aAUAuditReductionand ReportGenerationAuditReductionand ReportGenerationAU-7AU-7.b AUAuditReductionand 2 AUTime StampsTime StampsAU-8AU-8.aAU-5(2)AU-5(2).4 Provides an alert within the organization-defined real-time period to theorganization-defined personnel, roles, and/or locations when organizationdefined audit failure events requiring real-time alerts occurMcAfee Policy AuditorDetermine if the information system provides: An audit reduction and report generation capability that supports: On-demand audit review Analysis Reporting requirements After-the-fact investigations of security incidentsDetermine if the information system:Provides an audit reduction and report generation capability that: Does not alter the original content or time ordering of audit recordsDetermine if the information system:Provides the capability to process audit records for events of interest based onthe organization-defined audit fields within audit recordsDetermine if the information system: Uses internal system clocks to generate time stamps for audit recordsDetermine if the information system:AUTime StampsAUTime StampsAU-8AU-8.b.1 Time StampsAU-8(1)AU-8(1).a.3 AUTime StampsAU-8(1)AU-8(1).b.2AUProtectionof AuditInformationRecords time stamps for audit records that can be mapped to CoordinatedUniversal Time (UTC) or Greenwich Mean Time (GMT)McAfee EnterpriseSecurity ManagerMcAfee EnterpriseSecurity ManagerMcAfee EnterpriseSecurity ManagerMcAfee EnterpriseSecurity ManagerMcAfee EnterpriseSecurity ManagerDetermine if the information system:Compares the internal information system clocks with the organization-definedauthoritative time source with organization-defined frequencyMcAfee Policy AuditorDetermine if the information system: Synchronizes the internal information system clocks to the authoritative timesource when the time difference is greater than the organization-defined timeperiodDetermine if the information system:6Protectionof AuditInformationNIST 800-53 Compliance Controls AU-9AU-9.1Protects audit information from unauthorized: Access Modification DeletionMcAfee Policy AuditorMcAfee ePolicy OrchestratorMcAfee Policy AuditorMcAfee EnterpriseSecurity Manager
l IDAssessmentProcedureAssessment ObjectiveDetermine if the information system:AUProtectionof AuditInformationProtectionof AuditInformationAU-9AU-9.2AUProtectionof AuditInformationAudit Backupon UProtectionof 9(3).1Protectionof rationAuditGenerationAU-12AU-12.a.2 AUAuditGenerationAuditGenerationAU-12AU-12.b.2 AUAuditGenerationAuditGenerationAU-12AU-12.c AuditGenerationSystemWide/TimeCorrelatedAudit TrailAuditGenerationChanges byAuthorizedIndividualsAU Protects audit tools from unauthorized: Access Modification DeletionMcAfee CapabilityMcAfee ePolicy OrchestratorMcAfee EnterpriseSecurity ManagerDetermine if the information system: Determine if the information system: AU-9(3).2Backs up audit records, with the organization-defined frequency, ontoa physically different system or system component than the system orcomponent being auditedUses cryptographic mechanisms to protect the integrity of audit informationDetermine if the information system: Uses cryptographic mechanisms to protect the integrity of audit toolsMcAfee Policy AuditorMcAfee ePolicy OrchestratorMcAfee EnterpriseSecurity ManagerMcAfee ePolicy OrchestratorMcAfee EnterpriseSecurity ManagerDetermine if the information system:AU Protects against an individual (or process acting on behalf of an individual)falsely denying having performed organization-defined actions to be coveredby non-repudiationN/ADetermine if the information system:Provides audit record generation capability, for the auditable events defined inAU-2a, at organization-defined information system componentsMcAfee Policy AuditorDetermine if the information system:Allows the organization-defined personnel or roles to select which auditableevents are to be audited by specific components of the systemDetermine if the information system:Generates audit records for the events defined in AU-2d with the content indefined in AU-3McAfee Policy AuditorMcAfee ePolicy OrchestratorMcAfee Policy AuditorDetermine if the information system: AU-12(1)AU-12(1).3Compiles audit records from organization-defined information systemcomponents into a system-wide (logical or physical) audit trail that is timecorrelated to within the organization-defined level of tolerance for therelationship between time stamps of individual records in the audit trailMcAfee Policy AuditorDetermine if the information systemAU7NIST 800-53 Compliance Controls AU-12(3)AU-12(3).5Provides the capability for organization-defined individuals or roles to changethe auditing to be performed on organization-defined information systemcomponents based on organization-defined selectable event criteria withinorganization-defined time thresholdsMcAfee Policy Auditor
GUIDECM Configuration Management—3 ControlsCapabilities SummaryNumber of controlsMcAfee Active Response-McAfee Application Control3McAfee Data Loss Prevention-McAfee Disk Encryption-McAfee Endpoint Security-McAfee Enterprise Security Manager-McAfee ePolicy Orchestrator-McAfee File & Removable Media Protection-McAfee Network Security Platform-McAfee Policy Auditor-None-ControlFamilyControlCategoryControl NameControl IDAssessmentProcedureCMAccessRestrictions forChangeAutomated strictions forChangeAutomated AccessEnforcement/AuditingCM-5(1)CMAssessment ObjectiveDetermine if the information system: CM-5(1).2Enforces access restrictions for changeDetermine if the information system: Supports auditing of the enforcement actionsMcAfee CapabilityMcAfee Application ControlMcAfee Application ControlDetermine if:CM8AccessRestrictions forChangeSignedComponentsNIST 800-53 Compliance Controls CM-5(3)CM-5(3).2The information system prevents the installation of organizationdefined software and firmware components without verificationthat such components have been digitally signed using a certificatethat is recognized and approved by the organizationMcAfee Application Control
GUIDECP Contingency Planning—1 ControlCapabilities Summary9Number of controlsMcAfee Active Response-McAfee Application Control-McAfee Data Loss Prevention-McAfee Disk Encryption-McAfee Endpoint Security-McAfee Enterprise Security Manager-McAfee ePolicy Orchestrator-McAfee File & Removable Media Protection-McAfee Network Security Platform-McAfee Policy tionSystemRecovery andReconstitutionControl NameControl IDAssessmentProcedureAssessment ObjectiveTransactionRecoveryCP-10(2)CP-10(2).1 NIST 800-53 Compliance ControlsMcAfee CapabilityDetermine if the information system:Implements transaction recovery for systems that are transactionbasedN/A
GUIDEIA Identification and Authentication—28 ControlsCapabilities Summary-McAfee Application Control-McAfee Data Loss Prevention-McAfee Disk Encryption-McAfee Endpoint Security-McAfee Enterprise Security Manager-McAfee ePolicy Orchestrator-McAfee File & Removable Media Protection-McAfee Network Security Platform-McAfee Policy Auditor8None20ControlFamily10Number of controlsMcAfee Active ResponseControl CategoryControl NameControl IDAssessmentProcedureIAIdentification andAuthentication(Organizational Users)Identification Identification andAuthentication(Organizational Users)Network Accessto PrivilegedAccountsIA-2(1)IA-2(1).1IAIdentification andAuthentication(Organizational Users)Network Accessto tion andAuthentication(Organizational Users)Local Accessto PrivilegedAccountsIA-2(3)IA-2(3).1IAIdentification andAuthentication(Organizational Users)Local Access toNon-PrivilegedAccountsIA-2(4)IA-2(4).1NIST 800-53 Compliance ControlsAssessment ObjectiveMcAfee CapabilityDetermine if the information system: Uniquely identifies and authenticates organizational users (or processesacting on behalf of organizational users)N/ADetermine if the information system: Implements multifactor authentication for network access to privilegedaccountsN/ADetermine if the information system: Implements multifactor authentication for network access to nonprivileged accountsN/ADetermine if the information system: Implements multifactor authentication for local access to privilegedaccountsN/ADetermine if the information system: Implements multifactor authentication for local access to non-privilegedaccountsN/A
GUIDEControlFamilyControl CategoryControl NameControl IDAssessmentProcedureIAIdentification andAuthentication(Organizational Users)Network Accessto .1IAIdentification andAuthentication(Organizational Users)Network Accessto 2(9).1IAIdentification andAuthentication(Organizational Users)Remote Access—Separate DeviceIAIdentification andAuthentication(Organizational Users)Remote Access—Separate DeviceIAIdentification andAuthentication(Organizational Users)Remote Access—Separate DeviceIAIdentification andAuthentication(Organizational Users)Remote Access—Separate DeviceIA-2(11)IA-2(11).6IAIdentification andAuthentication(Organizational Users)Acceptance of PIVCredentialsIA-2(12)IA-2(12).1Identification andAuthentication(Organizational Users)Acceptance of PIVCredentialsIA-2(12)Assessment ObjectiveMcAfee CapabilityDetermine if the information system: Implements replay-resistant authentication mechanisms for networkaccess to privileged accountsN/ADetermine if the information system: Implements replay-resistant authentication mechanisms for networkaccess to non-privileged accountsN/ADetermine if the information system:IA-2(11)IA-2(11).1 Implements multifactor authentication for remote access to privilegedaccounts such that one of the factors is provided by a device separatefrom the system gaining accessN/ADetermine if the information system:IA-2(11)IA-2(11).2 Implements multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a deviceseparate from the system gaining accessN/ADetermine if the information system:IA-2(11)IA-2(11).5 Implements multifactor authentication for remote access to privilegedaccounts such that a device, separate from the system gaining access,meets organization-defined strength of mechanism requirementsN/ADetermine if the information systemIA Determine if the information system: IA-2(12).2Implements multifactor authentication for remote access to nonprivileged accounts such that a device, separate from the systemgaining access, meets organization-defined strength of mechanismrequirementsAccepts Personal Identity Verification (PIV) credentialsDetermine if the information system: Electronically verifies Personal Identity Verification (PIV) credentialsN/AN/AN/ADetermine if the information system:IA11Device Identificationand AuthenticationNIST 800-53 Compliance ControlsDeviceIdentification andAuthentication IA-3IA-3.2Uniquely identifies and authenticates organization-defined devicesbefore establishing one or more of the following: A local connection; A remote connection; and/or A network connectionN/A
GUIDEControlFamilyControl CategoryControl NameControl IDAssessmentProcedureAssessment ObjectiveMcAfee CapabilityDetermine if, for password-based authentication, the -5(1).a.5IA-5(1).b.2 Determine if, for password-based authentication, the informationsystem: es password maximum lifetime restrictions of organizationdefined numbers for lifetime maximumDetermine if, for password-based authentication, the informationsystem: IA-5(1).fEnforces password minimum lifetime restrictions of organizationdefined numbers for lifetime minimumDetermine if, for password-based authentication, the informationsystem: Prohibits password reuse for the organization-defined number ofgenerationsDetermine if, for password-based authentication, the informationsystem: McAfee Policy AuditorMcAfee Policy AuditorMcAfee Policy AuditorStores and transmits only encrypted representations of passwordsDetermine if, for password-based authentication, the informationsystem: IA-5(1)Enforces at least the organization-defined minimum number ofcharacters that must be changed when new passwords are createdDetermine if, for password-based authentication, the informationsystem: AuthenticatorManagementEnforces minimum password complexity of organization-definedrequirements for case sensitivity, number of characters, mix ofuppercase letters, lowercase letters, numbers, and special characters,including minimum requirements for each typeAllows the use of a temporary password for system logons with animmediate change to a permanent passwordMcAfee Policy AuditorMcAfee Policy AuditorMcAfee Policy AuditorMcAfee Policy AuditorDetermine if the information system:IA12NIST 800-53 Compliance ControlsIA-6IA-6.1 Obscures feedback of authentication information during theauthentication process to protect the information from possibleexploitation/use by unauthorized individualsMcAfee Policy Auditor
GUIDEControlFamilyControl CategoryControl NameControl IDAssessmentProcedureAssessment ObjectiveMcAfee CapabilityDetermine if the information system:IACryptographic ionIA-7IA-7.1IAIdentification andAuthentication(Organizational Users)Identification Identification andAuthentication(Organizational Users)Acceptance of PIVCredentials fromOther AgenciesIA-8(1)IA-8(1).1IAIdentification andAuthentication(Organizational Users)Acceptance of PIVCredentials fromOther AgenciesIA-8(1)IA-8(1).2IAIdentification andAuthentication(Organizational Users)Acceptanceof on andAuthentication(Organizational Users)Use of FICAMIssued ProfilesIA-8(4)IA13NIST 800-53 Compliance Controls Implements mechanisms for authentication to a cryptographic modulethat meet the requirements of applicable federal laws, executive orders,directives, policies, regulations, standards, and guidance for suchauthenticationN/ADetermine if the information system: Uniquely identifies and authenticates non-organizational users (orprocesses acting on behalf of non-organizational users)N/ADetermine if the information system: Accepts Personal Identity Verification (PIV) credentials from otheragenciesN/ADetermine if the information system: Determine if the information system: IA-8(4).1Electronically verifies Personal Identity Verification (PIV) credentialsfrom other agenciesAccepts only FICAM-approved third-party credentialsDetermine if the information system: Conforms to FICAM-issued profilesN/AN/AN/A
GUIDERA Risk Assessment—1 ControlCapabilities SummaryNumber of controlsMcAfee Active Response-McAfee Application Control-McAfee Data Loss Prevention-McAfee Disk Encryption-McAfee Endpoint Security-McAfee Enterprise Security Manager-McAfee ePolicy Orchestrator-McAfee File & Removable Media Protection-McAfee Network Security Platform-McAfee Policy bilityScanningControl NameControl IDAssessmentProcedurePrivileged AccessRA-5(5)RA-5(5).3Assessment ObjectiveMcAfee CapabilityDetermine if:14NIST 800-53 Compliance Controls The information system implements privileged access authorizationto organization-defined information system components for selectedorganization-defined vulnerability scanning activitiesMcAfee Policy Auditor
GUIDESC System and Communications—32 ControlsCapabilities Summary-McAfee Application Control3McAfee Data Loss Prevention-McAfee Disk Encryption1McAfee Endpoint Security6McAfee Enterprise Security Manager-McAfee ePolicy Orchestrator-McAfee File & Removable Media Protection1McAfee Network Security Platform12McAfee Policy Auditor14None6ControlFamily15Number of controlsMcAfee Active ResponseControlCategoryControl nctionIsolationSecurity FunctionIsolationSC-3SC-3SCInformationin SharedResourcesInformation inShared ionBoundaryProtectionSC-7SC-7.a.2NIST 800-53 Compliance ControlsAssessment ObjectiveMcAfee CapabilityDetermine if the information system: Separates user functionality (including user interface services) frominformation system management functionalityDetermine if the information system: Isolates security functions from nonsecurity functionsMcAfee Policy AuditorMcAfee Policy AuditorDetermine if the information system: Implements multifactor authentication for network access to nonprivileged accountsMcAfee Policy AuditorDetermine if the information system: Prevents unauthorized and unintended information transfer viashared system resourcesDetermine if the information system: Monitors communications at the external boundary of the informationsystemDetermine if the information system: Monitors communications at key internal boundaries within thesystemN/AMcAfee Network SecurityPlatformMcAfee Network SecurityPlatform
GUIDEControlFamilyControlCategoryControl NameControlIDAssessmentProcedureAssessment ObjectiveDetermine if the information C-7.a.4 Controls communications at the external boundary of the informationsystemDetermine if the information system: Controls communications at key internal boundaries within thesystemMcAfee CapabilityMcAfee Network SecurityPlatformMcAfee Network SecurityPlatformDetermine if the information system: plements subnetworks for publicly accessible system componentsthat are either: Physically separated from internal organizational networks;McAfee Network SecurityPlatformand/or Logically separated from internal organizational networksDetermine if the information C-7.cSCBoundaryProtectionDeny by Default/Allow by ExceptionSC-7(5)SC-7(5).1BoundaryProtectionDeny by Default/Allow by ExceptionSC-7(5)SCBoundaryProtectionPrevent SplitTunneling forRemote DevicesSCBoundaryProtectionRoute Traffic toAuthenticatedProxy ServersSC-7(8)SC-7(8).3SCBoundaryProtectionFail SecureSC-7(18)SC-7(18)SC16NIST 800-53 Compliance Controls Determine if the information system, at managed interfaces: SC-7(5).2Connects to external networks or information systems only throughmanaged interfaces consisting of boundary protection devicesarranged in accordance with an organizational security architectureDenies network traffic by defaultDetermine if the information system, at managed interfaces: Allows network traffic by exceptionMcAfee Endpoint SecurityMcAfee Network SecurityPlatformMcAfee Endpoint SecurityMcAfee Network SecurityPlatformMcAfee Endpoint SecurityMcAfee Network SecurityPlatformDetermine if the information system, in conjunction with a remotedevice:SC-7(7)SC-7(7) Prevents the device from simultaneously establishing non-remoteconnections with the system and communicating via some otherconnection to resources in external networksMcAfee Endpoint SecurityDetermine if the information system: Routes organization-defined internal communications traffic toorganization-defined external networks through authenticated proxyservers at managed interfacesDetermine if the information system: Fails s
NIST 800-53 Compliance Controls 1 NIST 800-53 Compliance Controls The following control families represent a portion of special publication NIST 800-53 revision 4. This guide is intended to aid McAfee, its partners, and its customers, in aligning to the NIST 800-53 controls with McAfee
2.1 NIST SP 800-18 4 2.2 NIST SP 800-30 4 2.3 NIST SP 800-34 4 2.4 NIST SP 800-37 4 2.5 NIST SP 800-39 5 2.6 NIST SP 800-53 5 2.7 NIST SP 800-53A 5 2.8 NIST SP 800-55 5 2.9 NIST SP 800-60 5 2.10 NIST SP 800-61 6 2.11 NIST SP 800-70 6 2.12 NIST SP 800-137 6 3 CERT-RMM Crosswalk of NIST 800-Series Special Publications 7
NIST Risk Management Framework 1. Categorize information system (NIST SP 800-60) 2. Select security controls (NIST SP 800-53) 3. Implement security controls (NIST SP 800-160) 4. Assess security controls (NIST SP 800-53A) 5. Authorize information system (NIST SP 800-37) 6. Monitor security controls (NIST SP 800-137) Source: NIST CSRC, http .
NIST SP 800-30 – Risk Assessment NIST SP 800-37 – Risk Management Framework NIST SP 800-39 – Risk Management NIST SP 800-53 – Recommended Security Controls NIST SP 800-53A – Security Control Assessment NIST SP 800-59 – National Security Systems NIST SP 800-60 – Security Category Mapping NIST
Source: 9th Annual API Cybersecurity Conference & Expo November 11-12, 2014 - Houston, TX. 11 Industry Standards and Committee Initiatives WIB M2784-X-10 API 1164 ISA 99/IEC 62443 NIST SP 800-82 NIST SP 800-12 NIST SP 800-53 NIST SP 800-53A NIST SP 800-39 NIST SP 800-37 NIST SP 800-30 NIST SP 800-34 ISO 27001,2 ISO 27005 ISO 31000
Apr 08, 2020 · Email sec-cert@nist.gov Background: NIST Special Publication (SP) 800-53 Feb 2005 NIST SP 800-53, Recommended Security Controls for Federal Information Systems, originally published Nov 2001 NIST SP 800-26, Security Self-Assessment Guide for IT Systems, published Dec 2006 NIST SP 800-53, Rev. 1 published July 2008 NIST SP 800-53A, Guide for
Mar 01, 2018 · ISO 27799-2008 7.11 ISO/IEC 27002:2005 14.1.2 ISO/IEC 27002:2013 17.1.1 MARS-E v2 PM-8 NIST Cybersecurity Framework ID.BE-2 NIST Cybersecurity Framework ID.BE-4 NIST Cybersecurity Framework ID.RA-3 NIST Cybersecurity Framework ID.RA-4 NIST Cybersecurity Framework ID.RA-5 NIST Cybersecurity Framework ID.RM-3 NIST SP 800-53
Is this Software Security? FISMA NIST 800-53 NIST 800-53A NIST 800-37 NIST 800-64 NIST 800-115 DISA STIG Application Security DoDI 8510.01 (DIACAP) HSPD-7 H
Advanced Engineering Mathematics Dr. Elisabeth Brown c 2019 1. Mathematics 2of37 Fundamentals of Engineering (FE) Other Disciplines Computer-Based Test (CBT) Exam Specifications. Mathematics 3of37 1. What is the value of x in the equation given by log 3 2x 4 log 3 x2 1? (a) 10 (b) 1(c)3(d)5 E. Brown . Mathematics 4of37 2. Consider the sets X and Y given by X {5, 7,9} and Y { ,} and the .
