PR.IP-9: Information Protection Processes and Procedures
Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.
PR.IP-8: Information Protection Processes and Procedures
Effectiveness of protection technologies is shared and analyzed.
PR.IP-7: Information Protection Processes and Procedures
Protection processes are improved.
PR.IP-6: Information Protection Processes and Procedures
Data is destroyed according to policy.
PR.IP-5: Information Protection Processes and Procedures
Policy and regulations regarding the physical operating environment for organizational assets are met.
PR.IP-4: Information Protection Processes and Procedures
Backups of information are conducted, maintained, and tested periodically.
PR.IP-3: Information Protection Processes and Procedures
Configuration change control processes are in place.
PR.IP-2: Information Protection Processes and Procedures
A System Development Life Cycle to manage systems is implemented.
PR.IP-1: Information Protection Processes and Procedures
A baseline configuration of information technology/industrial control systems is created and maintained.
ID.SC-2: Supply Chain Risk Management
Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders.
ID.SC-1: Supply Chain Risk Management
Cybersecurity risks to organizational assets are identified and managed.
ID.RM-3: Risk Management Strategy
The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector-specific risk analysis.
ID.RM-2: Risk Management Strategy
Organizational risk tolerance is determined and clearly expressed.
ID.RM-1: Risk Management Strategy
Risk management processes are established, managed, and agreed to by organizational stakeholders.
—ID.GV-4: Governance
Governance and risk management processes address cybersecurity risks.