Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
====IR-1 Incident response policy and procedures====
====MA-1 System maintenance policy and procedures====
This control recommends the organization develop, document, disseminate, review, and update incident response policies and procedures. It asks organizations to not only address the purpose, scope, roles, responsibilities, and enforcement of incident response action but also to address how those policies and procedures will be implemented, reviewed, and updated.  
This control recommends the organization develop, document, disseminate, review, and update system maintenance policies and procedures. It asks organizations to not only address the purpose, scope, roles, responsibilities, and enforcement of system maintenance action but also to address how those policies and procedures will be implemented, reviewed, and updated.  


'''Additional resources''':
'''Additional resources''':
* [https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final NIST Special Publications 800-12, Rev. 1], page 64
* [https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final NIST Special Publications 800-12, Rev. 1], page 50
* [https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final NIST Special Publications 800-61, Rev. 2]
* [https://csrc.nist.gov/publications/detail/sp/800-83/rev-1/final NIST Special Publications 800-83, Rev. 1]
* [https://csrc.nist.gov/publications/detail/sp/800-100/final NIST Special Publications 800-100] 124–30
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#7._Document_management LIMSpec 7.1, 7.2]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#7._Document_management LIMSpec 7.1, 7.2]


====IR-2 Incident response training====
====MA-2 Controlled maintenance====
This control recommends the organization provide incident response training to those system users with roles and responsibilities tied to incident response and, more broadly, business continuity planning. That training should occur initially, within an organization-defined period of time upon taking on a related role or responsibility, and when required by major changes to the system. Follow-up training should be conducted at a defined frequency afterwards.
This control recommends the organization apply a "controlled maintenance" approach to its system. Not only should maintenance be regularly scheduled, performed, and thoroughly documented, but also that maintenance should be in-line with manufacturer, vendor, or organizational requirements. The maintenance should go through an approval and monitoring process whether conducted on- or off-site. Any off-site work will required proper data sanitization. After maintenance, the components and the system should be checked to ensure that all implemented controls still function as expected.


'''Additional resources''':
'''Additional resources''':
* [https://csrc.nist.gov/publications/detail/sp/800-16/final NIST Special Publications 800-16]
* [https://csrc.nist.gov/publications/detail/sp/800-63/3/final NIST Special Publications 800-88, Rev. 1]
* [https://csrc.nist.gov/publications/detail/sp/800-50/final NIST Special Publications 800-50]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#10._Instrument_and_equipment_management LIMSpec 10.7, 10.10, and 10.15]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#8._Resource_management LIMSpec 8.3, 8.5, and 8.7]


====IR-4 Incident handling====
====MA-2 (2) Controlled maintenance: Automated maintenance activities====
This control recommends the organization, as part of their incident response planning (see IR-8), address how it will engage in preparation, detection and analysis, containment, eradication, and recovery from a security incident. That organization will also link its incident handling with its contingency planning activities and update its incident and business continuity plans, as well as affected training regiments, with "lessons learned" from internal and external events.
This control enhancement recommends the organization employ (or, ensure the system employs) some type of automation in scheduling, conducting, and/or documenting maintenance and repairs. That automated process should also ensure that all related documentation is complete and accurate in regards to requested, scheduled, processed, and completed maintenance and repair actions.


'''Additional resources''':
'''Additional resources''':
* [https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final NIST Special Publications 800-61, Rev. 2]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#10._Instrument_and_equipment_management LIMSpec 10.7, 10.10, and 10.15]
* No LIMSpec comp (organizational policy rather than system specification)


====IR-4 (1) Incident handling: Automated incident handling processes====
====MA-4 Non-local maintenance====
This control enhancement recommends the organization employ automated mechanisms to better handle incident response initiatives. NIST gives the example of online incident management systems as a possible automated tool to use.
This control recommends the organization place strong controls on non-local maintenance and diagnostics of the system or its components. "Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through either an external network (e.g., the Internet) or an internal network." Those controls include approving, monitoring, and thoroughly documenting non-local maintenance, ensuring the tools used in the process are documented and consistent with organizational policy, ensuring strong authenticators are employed during such maintenance sessions, and ensuring those sessions and network connections are terminated upon completion of maintenance activities.


'''Additional resources''':
'''Additional resources''':
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#16._Investigation_management LIMSpec 16.7]
* [https://csrc.nist.gov/publications/detail/sp/800-63/3/final NIST Special Publications 800-63-3]
* [https://csrc.nist.gov/publications/detail/sp/800-63/3/final NIST Special Publications 800-88, Rev. 1]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#10._Instrument_and_equipment_management LIMSpec 10.15],  [https://www.limswiki.org/index.php/LII:LIMSpec/Security_and_Integrity_of_Systems_and_Operations#32._Configuration_management 32.25], [https://www.limswiki.org/index.php/LII:LIMSpec/Security_and_Integrity_of_Systems_and_Operations#34._System_administration 34.4], and [https://www.limswiki.org/index.php/LII:LIMSpec/Security_and_Integrity_of_Systems_and_Operations#35._Cybersecurity 35.3]


====IR-5 Incident monitoring====
====MA-5 Maintenance personnel====
This control recommends the organization track and document security incidents affecting the system. For these purposes, the organization may consider pulling information from "incident reports, incident response teams, audit monitoring, network monitoring, physical access monitoring, and user/administrator reports."
This control recommends the organization establish a list of authorized third-party maintenance personnel and organizations and a process for vetting them. Additionally, a policy of ensuring those authorized personnel or organizations have the appropriate security authorizations and designated supervisory personnel when on-site.


'''Additional resources''':
'''Additional resources''':
* [https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final NIST Special Publications 800-61, Rev. 2]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Security_and_Integrity_of_Systems_and_Operations#34._System_administration LIMSpec 34.7]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#16._Investigation_management LIMSpec 16.6 and 16.7]


====IR-6 Incident reporting====
====MA-6 Timely maintenance====
This control recommends the organization require security incidents, suspected and real, and any relevant information to be reported to the appropriate organizational personnel within a certain period of time.
This control recommends the organization designate a time frame between which system component failure and maintenance support or component acquisition takes place. This will likely involve identifying the system components that are critical to maintaining system operations and organizational goals.  


'''Additional resources''':
'''Additional resources''':
* [https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final NIST Special Publications 800-61, Rev. 2]
* No LIMSpec comp (organizational policy rather than system specification)
* [https://www.limswiki.org/index.php/LII:LIMSpec/Primary_Laboratory_Workflow#6._Reporting LIMSpec 6.8]


====IR-6 (1) Incident reporting: Automated reporting====
====MA-6 (1) Timely maintenance: Preventative maintenance====
This control enhancement recommends the the organization employ automated mechanisms to better handle reporting of security incidents. These automated mechanisms would likely be tied to existing monitoring controls.
This control enhancement recommends the organization take a preventative maintenance approach to its system and components, scheduling at a defined frequency specific preventative maintenance actions on specified system components.


'''Additional resources''':
'''Additional resources''':
* [https://www.limswiki.org/index.php/LII:LIMSpec/Primary_Laboratory_Workflow#6._Reporting LIMSpec 6.8]
* [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#10._Instrument_and_equipment_management LIMSpec 10.10]


====IR-7 Incident response assistance====
====MA-6 (2) Timely maintenance: Predictive maintenance====
This control recommends the organization provide support resources that offer advice and assistance to system users confronted with handling and reporting security incidents. Those support resources could come in the form of help desk, a responsible individual designated in the incident response plan, ot in-house or third-party forensic services.
This control enhancement recommends the organization take a predictive maintenance approach to its system and components. This essentially means using "principles of statistical process control to determine at what point in the future maintenance activities will be appropriate," particularly "when the maintenance activity is most cost-effective and before the equipment loses performance within a threshold."


'''Additional resources''':
'''Additional resources''':
* No LIMSpec comp (organizational policy rather than system specification)
* [https://www.limswiki.org/index.php/LII:LIMSpec/Technology_and_Performance_Improvements#30._Artificial_intelligence_and_smart_systems LIMSpec 30.5]
 
====IR-8 Incident response plan====
This control recommends the organization develop, document, disseminate, review, update, and protect an organizational incident response plan. That plan should be sophisticated enough to contain an incident response roadmap for implementing the developed plan, which should include how the overall plan meshes with business and cybersecurity goals, the resources and responsible individuals that are part of the plan, what should be reportable, and what the associated metrics will be for measuring incident response and its aftermath. The plan should be reviewed and approved by one or more designated personnel, usually leadership or management. Any changes to the plan should be communicated to appropriate personnel, and any affected training should be updated.
 
'''Additional resources''':
* [https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final NIST Special Publications 800-61, Rev. 2]
* No LIMSpec comp (organizational policy rather than system specification)

Revision as of 20:51, 16 February 2022

MA-1 System maintenance policy and procedures

This control recommends the organization develop, document, disseminate, review, and update system maintenance policies and procedures. It asks organizations to not only address the purpose, scope, roles, responsibilities, and enforcement of system maintenance action but also to address how those policies and procedures will be implemented, reviewed, and updated.

Additional resources:

MA-2 Controlled maintenance

This control recommends the organization apply a "controlled maintenance" approach to its system. Not only should maintenance be regularly scheduled, performed, and thoroughly documented, but also that maintenance should be in-line with manufacturer, vendor, or organizational requirements. The maintenance should go through an approval and monitoring process whether conducted on- or off-site. Any off-site work will required proper data sanitization. After maintenance, the components and the system should be checked to ensure that all implemented controls still function as expected.

Additional resources:

MA-2 (2) Controlled maintenance: Automated maintenance activities

This control enhancement recommends the organization employ (or, ensure the system employs) some type of automation in scheduling, conducting, and/or documenting maintenance and repairs. That automated process should also ensure that all related documentation is complete and accurate in regards to requested, scheduled, processed, and completed maintenance and repair actions.

Additional resources:

MA-4 Non-local maintenance

This control recommends the organization place strong controls on non-local maintenance and diagnostics of the system or its components. "Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through either an external network (e.g., the Internet) or an internal network." Those controls include approving, monitoring, and thoroughly documenting non-local maintenance, ensuring the tools used in the process are documented and consistent with organizational policy, ensuring strong authenticators are employed during such maintenance sessions, and ensuring those sessions and network connections are terminated upon completion of maintenance activities.

Additional resources:

MA-5 Maintenance personnel

This control recommends the organization establish a list of authorized third-party maintenance personnel and organizations and a process for vetting them. Additionally, a policy of ensuring those authorized personnel or organizations have the appropriate security authorizations and designated supervisory personnel when on-site.

Additional resources:

MA-6 Timely maintenance

This control recommends the organization designate a time frame between which system component failure and maintenance support or component acquisition takes place. This will likely involve identifying the system components that are critical to maintaining system operations and organizational goals.

Additional resources:

  • No LIMSpec comp (organizational policy rather than system specification)

MA-6 (1) Timely maintenance: Preventative maintenance

This control enhancement recommends the organization take a preventative maintenance approach to its system and components, scheduling at a defined frequency specific preventative maintenance actions on specified system components.

Additional resources:

MA-6 (2) Timely maintenance: Predictive maintenance

This control enhancement recommends the organization take a predictive maintenance approach to its system and components. This essentially means using "principles of statistical process control to determine at what point in the future maintenance activities will be appropriate," particularly "when the maintenance activity is most cost-effective and before the equipment loses performance within a threshold."

Additional resources: