Alexander Knorr opexxx

## Respond
Response Planning
RS.RP-1: Response plan is executed during or after an incident
Communications
RS.CO-1: Personnel know their roles and order of operations when a response is needed
RS.CO-2: Incidents are reported consistent with established criteria
RS.CO-3: Information is shared consistent with response plans
RS.CO-4: Coordination with stakeholders occurs consistent with response plans
RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness
Analysis
RS.AN-1: Notifications from detection systems are investigated

## Recover
Recovery Planning
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident
Improvements
RC.IM-1: Recovery plans incorporate lessons learned
RC.IM-2: Recovery strategies are updated
Communications
RC.CO-1: Public relations are managed
RC.CO-2: Reputation after an event is repaired
RC.CO-3: Recovery activities are communicated to internal stakeholders and executive and management teams

## Detect
Anomalies and Events
DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
DE.AE-2: Detected events are analyzed to understand attack targets and methods
DE.AE-3: Event data are collected and correlated from multiple sources and sensors
DE.AE-4: Impact of events is determined
DE.AE-5: Incident alert thresholds are established
Continous Monitoring
DE.CM-1: The network is monitored to detect potential cybersecurity events
DE.CM-2: The physical environment is monitored to detect potential cybersecurity events
DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events

## Protect
Identity Management
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
PR.AC-2: Physical access to assets is managed and protected
PR.AC-3: Remote access is managed
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate
PR.AC-6: Identities are proofed and bound to credentials, and asserted in interactions when appropriate
PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)
Awareness and Training
PR.AT-1: All users are informed and trained

## Identify
Asset Management
ID.AM-1: Physical devices and systems within the organization are inventoried
ID.AM-2: Software platforms and applications within the organization are inventoried
ID.AM-3: Organizational communication and data flows are mapped
ID.AM-4: External information systems are catalogued
ID.AM-5: Resources (e.g., hardware, devices, data, time, and software) are prioritized based on their classification, criticality, and business value
ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Business Environment
ID.BE-1: The organization’s role in the supply chain is identified and communicated
ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated

## ISO 27002 for cloud services
Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Note: Only those controls that are listed in the ISO/IEC 27017 standard that apply to Cloud Service Customers (CSCs) are shown here.

 AREA/SECTION	SUB-SECTION	ISO/IEC 27017 CSC REQUIREMENTS

A.5 Information security policies
A.5.1 Management direction for information security
A.5.1.1 Policies for information security	Is there an information security policy for cloud computing?
Does the policy consider the specific risks associated with using cloud services?


## Shared Assessment (SIG)
Ques Num	SIG Question Text	Domain
C.1	Are responsibilities for asset protection and for carrying out specific information security processes clearly identified and communicated to the relevant parties?	Organizational Security
C.1.7	Do the processes include residual risk acceptance responsibilities?	Organizational Security
C.2	Does the organization's executive leadership ensure information security policy is established and aligned with organizational strategy, and communicated to the entire organization?	Organizational Security
C.2.1	Does the organization's executive leadership communicate the mandate of information security awareness, compliance and effectiveness to the entire organization?	Organizational Security
C.2.2	Does the organization's board of directors or ownership ensure information security programs are funded sufficiently to meet the organization's objectives?	Organizational Security
C.2.3	Does the organization's board of directors or ownership require management to regularly demonstrate that th

## SOC2 TSC 100A (2017)
CID	Criteria	Points of Focus
CC1.1	COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values.
		Sets the Tone at the Top—The board of directors and management, at all levels, demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control.
		Establishes Standards of Conduct—The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity’s standards of conduct and understood at all levels of the entity and by outsourced service providers and business partners.
		Evaluates Adherence to Standards of Conduct—Processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct.
		Addresses Deviations in a Timely Manner—Deviations from the entity’s expected standards of conduct are identified and remedied in a timely and consistent manner.
		Considers Contracto

## NIST CSF
FID	FUNCTION	CID	CATEGORY	CATEGORY_DESCRIPTION	SID	SUBCATEGORY
ID	IDENTIFY (ID)	ID.AM	Asset Management (ID.AM)	Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.	ID.AM-1	ID.AM-1: Physical devices and systems within the organization are inventoried
					ID.AM-2	ID.AM-2: Software platforms and applications within the organization are inventoried
					ID.AM-3	ID.AM-3: Organizational communication and data flows are mapped
					ID.AM-4	ID.AM-4: External information systems are catalogued
					ID.AM-5	ID.AM-5: Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
					ID.AM-6	ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are

## slack channels
Workspaces for alexander.knorr@xxxxxxxxx

Comply
User AvatarUser AvatarUser AvatarUser AvatarUser Avatar
887 members
Cloud Foundry
User AvatarUser AvatarUser AvatarUser AvatarUser Avatar
14,462 members
KubeArmor
User AvatarUser AvatarUser AvatarUser AvatarUser Avatar
	Response Planning
	RS.RP-1: Response plan is executed during or after an incident
	Communications
	RS.CO-1: Personnel know their roles and order of operations when a response is needed
	RS.CO-2: Incidents are reported consistent with established criteria
	RS.CO-3: Information is shared consistent with response plans
	RS.CO-4: Coordination with stakeholders occurs consistent with response plans
	RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness
	Analysis
	RS.AN-1: Notifications from detection systems are investigated
	Recovery Planning
	RC.RP-1: Recovery plan is executed during or after a cybersecurity incident
	Improvements
	RC.IM-1: Recovery plans incorporate lessons learned
	RC.IM-2: Recovery strategies are updated
	Communications
	RC.CO-1: Public relations are managed
	RC.CO-2: Reputation after an event is repaired
	RC.CO-3: Recovery activities are communicated to internal stakeholders and executive and management teams
	Anomalies and Events
	DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
	DE.AE-2: Detected events are analyzed to understand attack targets and methods
	DE.AE-3: Event data are collected and correlated from multiple sources and sensors
	DE.AE-4: Impact of events is determined
	DE.AE-5: Incident alert thresholds are established
	Continous Monitoring
	DE.CM-1: The network is monitored to detect potential cybersecurity events
	DE.CM-2: The physical environment is monitored to detect potential cybersecurity events
	DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events
	Identity Management
	PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
	PR.AC-2: Physical access to assets is managed and protected
	PR.AC-3: Remote access is managed
	PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
	PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate
	PR.AC-6: Identities are proofed and bound to credentials, and asserted in interactions when appropriate
	PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)
	Awareness and Training
	PR.AT-1: All users are informed and trained
	Asset Management
	ID.AM-1: Physical devices and systems within the organization are inventoried
	ID.AM-2: Software platforms and applications within the organization are inventoried
	ID.AM-3: Organizational communication and data flows are mapped
	ID.AM-4: External information systems are catalogued
	ID.AM-5: Resources (e.g., hardware, devices, data, time, and software) are prioritized based on their classification, criticality, and business value
	ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
	Business Environment
	ID.BE-1: The organization’s role in the supply chain is identified and communicated
	ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated
	Code of practice for information security controls based on ISO/IEC 27002 for cloud services
	Note: Only those controls that are listed in the ISO/IEC 27017 standard that apply to Cloud Service Customers (CSCs) are shown here.

	AREA/SECTION SUB-SECTION ISO/IEC 27017 CSC REQUIREMENTS

	A.5 Information security policies
	A.5.1 Management direction for information security
	A.5.1.1 Policies for information security Is there an information security policy for cloud computing?
	Does the policy consider the specific risks associated with using cloud services?
	Ques Num SIG Question Text Domain
	C.1 Are responsibilities for asset protection and for carrying out specific information security processes clearly identified and communicated to the relevant parties? Organizational Security
	C.1.7 Do the processes include residual risk acceptance responsibilities? Organizational Security
	C.2 Does the organization's executive leadership ensure information security policy is established and aligned with organizational strategy, and communicated to the entire organization? Organizational Security
	C.2.1 Does the organization's executive leadership communicate the mandate of information security awareness, compliance and effectiveness to the entire organization? Organizational Security
	C.2.2 Does the organization's board of directors or ownership ensure information security programs are funded sufficiently to meet the organization's objectives? Organizational Security
	C.2.3 Does the organization's board of directors or ownership require management to regularly demonstrate that th
	CID Criteria Points of Focus
	CC1.1 COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values.
	Sets the Tone at the Top—The board of directors and management, at all levels, demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control.
	Establishes Standards of Conduct—The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity’s standards of conduct and understood at all levels of the entity and by outsourced service providers and business partners.
	Evaluates Adherence to Standards of Conduct—Processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct.
	Addresses Deviations in a Timely Manner—Deviations from the entity’s expected standards of conduct are identified and remedied in a timely and consistent manner.
	Considers Contracto
	FID FUNCTION CID CATEGORY CATEGORY_DESCRIPTION SID SUBCATEGORY
	ID IDENTIFY (ID) ID.AM Asset Management (ID.AM) Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy. ID.AM-1 ID.AM-1: Physical devices and systems within the organization are inventoried
	ID.AM-2 ID.AM-2: Software platforms and applications within the organization are inventoried
	ID.AM-3 ID.AM-3: Organizational communication and data flows are mapped
	ID.AM-4 ID.AM-4: External information systems are catalogued
	ID.AM-5 ID.AM-5: Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
	ID.AM-6 ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are
	Workspaces for alexander.knorr@xxxxxxxxx

	Comply
	User AvatarUser AvatarUser AvatarUser AvatarUser Avatar
	887 members
	Cloud Foundry
	User AvatarUser AvatarUser AvatarUser AvatarUser Avatar
	14,462 members
	KubeArmor
	User AvatarUser AvatarUser AvatarUser AvatarUser Avatar