43
Insider, Accidental or Intentional Data Loss: Indirect
Mitigating Sub-Practices (L)
SP# SP Title Short Description
1.M.A Basic Email Protection Controls Basic email security controls to enable
1.M.B MFA for Remote Email Access Enabling multi-factor authentication for remote email access
1.M.D Workforce Education Educating workforce on spotting and reporting email based attacks
2.M.A Basic Endpoint Protection Controls Basic endpoint security controls to enable
3.M.B Provisioning, Transfers, and De-provisioning Procedures Provision user accounts based on identity; ensure de-provisioning upon termination
5.M.C Secure Storage for Inactive Devices Ensure unused devices are physically secure
6.M.A Network Profiles and Firewalls Deploy firewalls throughout the network
6.M.C Intrusion Prevention Systems Deploy intrusion prevention systems to protect against known cyber attacks
6.M.D Web Proxy Protection Protect end users browsing the web with outbound proxy technologies
6.M.E Physical Security of Network Devices Physically secure the network devices
7.M.C System Placement and Data Classification Determine vulnerability risk based on system classification and location
8.M.C Information Sharing and ISACs/ISAOs Join security communities to share best practices and threat information
9.M.A Medical Device Management Set a strategy for managing the security of medical devices, utilizing existing processes
9.M.B Endpoint Protections Configure and secure medical devices based on 6 steps
9.M.C Identity and Access Management Ensure authentication and remote access is managed
9.M.D Asset Management Inventory hardware and software of medical devices
10.M.A Policies Establish cybersecurity policies and a default expectation of practices
1.L.A Advanced and Next Generation Tooling Advanced email security configurations to enable
1.L.C Analytics Driven Education Leverage data and analytics to determine high risk and targeted users, drive education
2.L.A Automate the Provisioning of Endpoints Leverage VARs to preconfigure and secure new endpoints
2.L.B Mobile Device Management Leverage MDM tools to secure mobile devices
2.L.C Host Based Intrusion Detection/Prevention Systems Install host based protection systems to detect and prevent client-based attacks
2.L.D Endpoint Detection Response Detect malicious processes running on endpoints; respond at scale
2.L.E Application Whitelisting Permit only known good and authorized applications
3.L.A Federated Identity Management Leverage external org identity information for access
3.L.B Authorization Authorize access based on role (RBAC) or attribute (ABAC)
3.L.C Access Governance Review access periodically to ensure user access still appropriate
3.L.D Single-Sign On (SSO) Authenticate against central credential repositories and ease access burdens
6.L.B Command and Control Monitoring of Perimeter Monitor for malicious outbound Command and Control traffic
6.L.C Anomalous Network Monitoring and Analytics Monitor for anomalous network traffic based on analytics and baselines
6.L.E Network Access Control (NAC) Ensure endpoints are secure on the network through automated tools
8.L.B Advanced Information Sharing Share and receive threat intelligence information from partner organizations
8.L.D Baseline Network Traffic Establish digital footprints on systems and alert when they deviate
8.L.E User Behavior Analytics Establish baseline patterns of user access and alert when they deviate
9.L.A Vulnerability Management Carefully identify vulnerabilities on medical devices, and remediate accordingly
9.L.C Procurement and Security Evaluations Conduct security evaluations for newly purchased medical devices