Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
FedRAMP_High_R4 |
SI-5(1) |
FedRAMP_High_R4_SI-5(1) |
FedRAMP High SI-5 (1) |
System And Information Integrity |
Automated Alerts And Advisories |
Shared |
n/a |
The organization employs automated mechanisms to make security alert and advisory information available throughout the organization.
Supplemental Guidance: The significant number of changes to organizational information systems and the environments in which those systems operate requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational missions and business functions. Based on the information provided by the security alerts and advisories, changes may be required at one or more of the three tiers related to the management of information security risk including the governance level, mission/business process/enterprise architecture level, and the information system level. |
link |
1 |
hipaa |
1523.11c3Organizational.24-11.c |
hipaa-1523.11c3Organizational.24-11.c |
1523.11c3Organizational.24-11.c |
15 Incident Management |
1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
Incidents are promptly reported to the appropriate authorities and outside parties (e.g., FedCIRC, CERT/CC). |
|
4 |
NIST_SP_800-53_R4 |
SI-5(1) |
NIST_SP_800-53_R4_SI-5(1) |
NIST SP 800-53 Rev. 4 SI-5 (1) |
System And Information Integrity |
Automated Alerts And Advisories |
Shared |
n/a |
The organization employs automated mechanisms to make security alert and advisory information available throughout the organization.
Supplemental Guidance: The significant number of changes to organizational information systems and the environments in which those systems operate requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational missions and business functions. Based on the information provided by the security alerts and advisories, changes may be required at one or more of the three tiers related to the management of information security risk including the governance level, mission/business process/enterprise architecture level, and the information system level. |
link |
1 |
NIST_SP_800-53_R5 |
SI-5(1) |
NIST_SP_800-53_R5_SI-5(1) |
NIST SP 800-53 Rev. 5 SI-5 (1) |
System and Information Integrity |
Automated Alerts and Advisories |
Shared |
n/a |
Broadcast security alert and advisory information throughout the organization using [Assignment: organization-defined automated mechanisms]. |
link |
1 |
SWIFT_CSCF_v2022 |
2.2 |
SWIFT_CSCF_v2022_2.2 |
SWIFT CSCF v2022 2.2 |
2. Reduce Attack Surface and Vulnerabilities |
Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. |
Shared |
n/a |
All hardware and software inside the secure zone and on operator PCs are within the support life cycle of the vendor, have been upgraded with mandatory software updates, and have had security updates promptly applied. |
link |
11 |