JSIG
The 3 non-tailorable JSIG controls.
AC-6(1), Least Privilege
SA-22, Unsupported System Components
SC-28, Protection of Information at Rest
ISSO Auditing Handbook
This is the primary tool used to review logs.
SPLUNK
5 years.
This form helps to move equipment into space.
Hardware Change Request (HCR)
The steps in the RMF Process.
0. Prepare
1. Categorize
2. Select
3. Implement
4. Assess
5. Authorize
6. Monitor
This document shows how we are implementing cybersecurity on our program.
System Security Plan (SSP)
A tool that is used to scan hosts for compliance with security standards and configurations.
SCAP
Dashboard that tells me about Windows ports.
SEPM PPSM
This is a must have, if shutting down a machine.
Final Audits
The control CA-7.
Continuous Monitoring
This document shows how the program is using each control within the JSIG.
Security Control Traceability Matrix (SCTM)
This plugin # is used within Nessus to help verify credentialed scans.
19506
This is the audit for media that is currently not online.
Stasis
Must have this approved package to release items.
Component Release Form (CRF) Package
This control relates to
RA-5.
SI-2, Flaw Remediation
Document given to the program that allows the work to be done.
Authorization to Operate (ATO)
This DLP tool is used on RHEL and can be used to whitelist devices.
USBGuard
Nessus shows that patching to this version will fix the vulnerability.
This is the form used to request opening a protocol.
PPSM Whitelist Approval Form
The control should you think of if you need to sanitize equipment.
MP-6, Media Sanitization
This document is an agreement to have a connection with another IS.
Interconnection Security Agreement (ISA)
This file can be spotted using AV tools and should be done at least quarterly.
EICAR
This is the location to check manually for CP-9.
ONTAP System Manager
Special account that will need a special request to complete a special task.
Service Account