Cybersecurity - Policy and Procedures

Policies

Procedures

Baseline

• Access Control (AC)
• Security Awareness and Training (AT)
• Audit and Accountability (AU)
• Configuration Management (CM)
• Identification and Authorization (IA)
• Incident Response (IR)
• Maintenance (MA)
• Media Protection (MP)
• Personnel Security (PS)
• Physical and Environmental Security (PE)
• Risk Assessment (RA)
  • Risk Assessment Procedures
  • Vendor Risk Assessment Report Form
• System and Service Acquisition (SA)
  • Prohibited Technologies List
  • Risk Assessment Procedures
  • Vendor Risk Assessment Report Form
• System and Communications Protection (SC)
• System and Information Integrity (SI)

Baseline-Plus

• Assessment, Authorization, and Monitoring (CA)
• Contingency Planning (CP)
• Planning (PL)
• Information Security Control Exception Request (PL-11)
• Personally Identifiable Information Processing and Transparency (PT)
• System and Service Acquisition (SA)
• Supply Chain Risk Management (SR)
  • Prohibited Technologies List
  • Risk Assessment Procedures
  • Vendor Risk Assessment Report Form

Policy and Procedure Training Materials

• SISM Baseline Training
• SISM Baseline Training Presentation
  • SISM Baseline Training Video Description