You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Critical Control 9 - Limitation and Control of Network Ports, Protocols, and Services
Manage (track, control, and correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.
PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)
PR.IP-2 A System Development Life Cycle to manage systems is implemented
PR.IP-3 Configuration change control processes are in place
PR.IP-4 Backups of information are conducted, maintained, and tested
PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met
PR.IP-6 Data is destroyed according to policy
PR.IP-7 Protection processes are improved
PR.IP-8 Effectiveness of protection technologies is shared
PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
PR.IP-10 Response and recovery plans are tested
PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
PR.IP-12 A vulnerability management plan is developed and implemented