Key Security Indicators¶

The effectiveness of relevant cybersecurity education and training is persistently reviewed, including at least general training for all employees, role-specific training for employees in high risk roles, training for development and engineering staff on secure software delivery, and training for staff involved with incident response or disaster recovery.

Related SP 800-53 Controls: CP-3, IR-2, PS-6, AT-2, AT-2.2, AT-2.3, AT-3.5, AT-4, IR-2.3, AT-3, SR-11.1

Terms: Incident, Persistently, Vulnerability Response

Modifications to the cloud service offering are logged and monitored.

Related SP 800-53 Controls: AU-2, CM-3, CM-3.2, CM-4.2, CM-6, CM-8.3, MA-2

Terms: Cloud Service Offering

Machine-based information resources are persistently reviewed to ensure they are appropriately configured to limit inbound and outbound network traffic.

Related SP 800-53 Controls: AC-17.3, CA-9, CM-7.1, SC-7.5, SI-8

Terms: Information Resource, Machine-Based (Information Resources), Persistently

The lifecycle and privileges of all accounts, roles, and groups are securely managed using automation.

Related SP 800-53 Controls: AC-2.2, AC-2.3, AC-2.13, AC-6.7, IA-4.4, IA-12, IA-12.2, IA-12.3, IA-12.5

The effectiveness of documented incident response procedures is persistently reviewed.

Related SP 800-53 Controls: IR-4, IR-4.1, IR-6, IR-6.1, IR-6.3, IR-7, IR-7.1, IR-8, IR-8.1, SI-4.5

Terms: Incident, Persistently, Vulnerability Response

Information is encrypted or otherwise secured from unwanted access or modification.

Related SP 800-53 Controls: AC-1, AC-17.2, CP-9.8, SC-8, SC-8.1, SC-13, SC-20, SC-21, SC-22, SC-23, SC-28, SC-28.1