>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

1.5.1Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks (including the Internet) and the CDE as follows.

>Requirement Description

Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks (including the Internet) and the CDE as follows. Specific configuration settings are defined to prevent threats being introduced into the entity’s network. Security controls are actively running. Security controls are not alterable by users of the computing devices unless specifically documented and authorized by management on a case-by-case basis for a limited period. Applicability Notes These security controls may be temporarily disabled only if there is legitimate technical need, as authorized by management on a case-by-case basis. If these security controls need to be disabled for a specific purpose, it must be formally authorized. Additional security measures may also need to be implemented for the period during which these security controls are not active. This requirement applies to employee-owned and company-owned computing devices. Systems that cannot be managed by corporate policy introduce weaknesses and provide opportunities that malicious individuals may exploit.

>Cross-Framework Mappings

SCF

CFG-02.5
Compare
CFG-03.4
Compare
DCH-13.1
Compare
END-01
Compare
END-02
Compare
END-05
Compare

Ask AI

Configure your API key to use AI features.