Professional Documents
Culture Documents
2018.1 Example CSOP WISP NIST CSF Mapping
2018.1 Example CSOP WISP NIST CSF Mapping
2018.1 Example CSOP WISP NIST CSF Mapping
Secure Controls NIST 800-53 NIST 800-53 ISO 27002 EMEA EU GDPR AICPA SOC 2 (2016) AICPA SOC 2 (2017) CIS CSC v6.1 CIS CSC CSA CCM ISO 27001 ISO 27018 ISO 31000 ISO 31010
Standard # Procedure # Framework (SCF) rev4 rev 5 v2013 v7 [draft] v3.0.1 v2013 v2014 v2009 v2009
COBIT
NIST CSF v1.1 COSO v2013 ENISA v2.0
v5
AIS-04 GRM-05
Cybersecurity Governance GOV-01 P-GOV-01 Publishing Security Policies ID.GV-1 GOV-02 PM-1 PM-1 5.1.1 GOV-02 APO13.01 APO13.02 Principle 12 SO1 8.2.1 5.2
GRM-06
1.6
2.1
2.5
12.9
16.12
ID.AM-1 ID.AM-2
Asset Management AST-01 P-AST-01 Asset Inventories AST-02 CM-8 PM-5 CM-8 PM-5 8.1.1 AST-02 1.4 BAI09.01 BAI09.05 SO15
ID.AM-4
Asset Management AST-03 P-AST-03 Removal of Assets PR.DS-3 AST-11 11.2.5 AST-11 DCS-04
Business Continuity & Contingency Plan Root Cause Analysis (RCA) &
BCD-02 P-BCD-02 RC.IM-1 BCD-05 CP-4 CP-4 BCD-05 DSS04.05 DSS04.08 SO20 SO22
Disaster Recovery Lessons Learned
Change Management CHG-01 P-CHG-01 Configuration Change Control PR.IP-3 CHG-02 CM-3 CM-3 14.2.2 CHG-02 MOS-15 SO14
MEA03.01
Compliance CPL-01 P-CPL-01 Statutory, Regulatory & Contractual Compliance ID.GV-3 PR.IP-5 CPL-01 PM-8 PM-8 18.1.1 CPL-01 SO25
MEA03.02
APO01.03 DSS01.04
DSS06.04 MEA02.01
MEA02.02
Compliance CPL-02 P-CPL-02 Security Controls Oversight DE.DP-5 PR.IP-7 CPL-02 CA-7 CA-7(1) PM-14 CA-7 CA-7(1) PM-14 CPL-02 Art 5.2 AAC-02 AAC-03 SO25 8.2.7 9.3
5.1
5.2
5.3
5.5
6.2
8.3
CM-2 CM-6 CM-2 CM-6
Configuration Management CFG-01 P-CFG-01 System Hardening Through Baseline Configurations PR.IP-1 PR.IP-3 CFG-02 14.1.1 CFG-02 3.1 BAI10.02 GRM-01 IVS-07
SA-8 PL-10
9.1
9.5
15.7
15.8
Configuration Management CFG-02 P-CFG-02 Least Functionality PR.PT-3 CFG-03 CM-7 CM-7 CFG-03 9.1 IAC-03
DE.CM-1 DE.DP-1
DE.DP-2 PR.PT-1
6.2
Monitoring MON-01 P-MON-01 Continuous Monitoring MON-01 AU-1 SI-4 AU-1 SI-4 12.4.1 MON-01 Art 32.1 Art 32.2 4.6 DSS01.03 DSS05.07 IVS-06 SO21
14.7
Monitoring MON-02 P-MON-02 Monitoring Reporting DE.DP-4 MON-06 AU-7 AU-7(1) AU-12 AU-7 AU-7(1) AU-12 MON-06 6.4
Monitoring MON-03 P-MON-03 Anomalous Behavior DE.AE-1 MON-16 SI-4(11) SI-4(11) MON-16 16.10 16.8
11.4
Cryptographic Protections CRY-01 P-CRY-01 Transmission Confidentiality PR.DS-2 CRY-03 SC-8 SC-9 SC-8 13.2.3 CRY-03 Art 5.1 C1.3 13.2 8.2.5
14.2
13.2
Cryptographic Protections CRY-03 P-CRY-03 Encrypting Data At Rest PR.DS-1 CRY-05 SC-13 SC-28(2) SC-13 SC-28(2) 10.1.1 CRY-05 Art 5.1 14.5 13.10
14.5
8.1
Endpoint Security END-01 P-END-01 Malicious Code Protection (Anti- Malware) DE.CM-4 END-04 SI-3 SI-3 12.2.1 END-04 CC5.8 CC5.8 8.1 8.6 DSS05.01 TVM-01 SO12
8.8
Endpoint Security END-02 P-END-02 File Integrity Monitoring (FIM) PR.DS-6 END-06 SI-7 SI-7 END-06 3.5 SO12
Endpoint Security END-03 P-END-03 Mobile Code DE.CM-5 END-10 END-10 TVM-03
Identification &
IAC-01 P-IAC-01 User Provisioning & De-Provisioning PR.AC-6 IAC-07 IA-5(3) IA-12(4) 9.2.1-9.2.2 IAC-07 CC5.2 CC5.2 16.3 IAC-09 IAC-11 SO7
Authentication
16.1
Identification &
IAC-02 P-IAC-02 Account Management PR.AC-1 IAC-15 AC-2 AC-2 IAC-15 16.4 IAC-10 8.2.2
Authentication
16.13
Identification &
IAC-03 P-IAC-03 Least Privilege PR.AC-4 IAC-21 AC-6 AC-6 9.1.2 IAC-21 CC5.6 CC5.6 14.4 SO11
Authentication
Incident Response IRO-01 P-IRO-01 Management of Security Incidents PR.IP-9 IRO-01 IR-1 IR-1 16.1.1 IRO-01 Art 32.1 Art 32.2 SO16 SO18 1.2.7
Incident Response IRO-02 P-IRO-02 Incident Handling IRO-02 IR-4 IR-4 16.1.4 IRO-02 1.2.7
Incident Response IRO-03 P-IRO-03 Indicators of Compromise (IOC) RS.AN-2 IRO-03 IRO-03
1.2.7
Incident Response IRO-04 P-IRO-04 Personally Identifiable Information (PII) Processes RS.IM-2 IRO-04.1 SE-2 IR-8(1) IRO-04.1 A.9.1
7.2.4
Incident Response IRO-05 P-IRO-05 IRP Update RS.IM-2 IRO-04.2 IR-1 IR-1 IRO-04.2
Incident Response IRO-06 P-IRO-06 Coordination with Related Plans PR.IP-10 IRO-06.1 IR-3(2) IR-3(2) IRO-06.1 1.2.7
Incident Response IRO-07 P-IRO-07 Integrated Security Incident Response Team (ISIRT) IRO-07 IR-10 IR-10 16.1.4 IRO-07 DSS02.05 SO16
Incident Response IRO-08 P-IRO-08 Chain of Custody & Forensics RS.AN-3 IRO-08 16.1.7 IRO-08
Incident Response IRO-09 P-IRO-09 Incident Monitoring & Tracking DE.AE-3 IRO-09 IR-5 IR-5 IRO-09 SEF-05 SO17 1.2.7
Art 33.1 Art 33.2 Art
33.3 Art 33.4 Art 33.5
Art 34.1
Incident Response IRO-11 P-IRO-11 Root Cause Analysis (RCA) & Lessons Learned RS.IM-1 IRO-13 IR-1 IR-1 16.1.6 IRO-13 DSS03.04 SO18
Maintenance MNT-01 P-MNT-01 Controlled Maintenance PR.MA-1 MNT-02 MA-2 MA-2 MNT-02
Maintenance MNT-01 P-MNT-01 Non-Local Maintenance PR.MA-2 MNT-05 MA-4 MA-4 MNT-05
13.1.1 11.1
Network Security MNT-01 P-MNT-01 Network Security Management PR.PT-4 NET-01 SC-1 SC-1 NET-01 Art 32.1 Art 32.2 DSS05.02
13.1.2 11.2
Network Security MNT-01 P-MNT-01 Layered Network Defenses PR.AC-5 NET-02 NET-02 9.5
12.6
Network Security MNT-03 P-MNT-03 Remote Access PR.AC-3 NET-14 AC-17 AC-17(6) AC-17 6.2.2 NET-14 12.7
12.7
5.1
Risk Management RSK-02 P-RSK-02 Risk Identification ID.RA-3 RSK-03 RSK-03 3.5 Principle 7 5.2 5.2
5.3
8.3
Risk Management RSK-03 P-RSK-03 Risk Remediation ID.RA-6 RSK-06 RSK-06 Principle 9 GRM-11 5.5 4.3.5
10.1
4.3.4
Principle 7 Principle
Risk Management RSK-04 P-RSK-04 Business Impact Analysis (BIAs) ID.RA-4 RSK-08 RSK-08 BAI01.10 BAI02.03 BCR-08 BCR-09 8.2 5.4 5.3.3
8
5.5
AR-7 SA-8 SA-13 Art 5.2 Art 24.1 Art 4.2.3 A.10.1
SC-7(18) 24.2 Art 24.3 Art 25.1 6.2.2 A.10.4
SI-1 Art 25.2 7.2.2 A.10.5
7.2.3 A.10.6
Security Awareness & PR.AT-1 PR.AT-3 Art 32.1 Art 32.2 Art
SAT-01 P-SAT-01 Security & Privacy-Minded Workforce SAT-01 AT-1 PM-13 AT-1 PM-13 7.2.2 SAT-01 BAI08.04 BAI08.05 HRS-09 SO6
Training PR.AT-4 32.4
Third-Party Management TPM-02 P-TPM-02 Third-Party Criticality Assessments ID.BE-1 ID.SC-2 TPM-02 SA-14 RA-9 SA-14 TPM-02
Third-Party Management TPM-03 P-TPM-03 Supply Chain Protection ID.SC-4 TPM-03 SA-12 SA-12 15.1.3 TPM-03 STA-01 STA-06 SO10
13.2.4
Third-Party Management TPM-04 P-TPM-04 Third-Party Contract Requirements ID.SC-3 TPM-05 SA-9(3) SA-9(3) TPM-05 C1.4 C1.4
15.1.2
Third-Party Management TPM-05 P-TPM-05 Third-Party Personnel Security ID.GV-2 TPM-06 TPM-06
Threat Management THR-01 P-THR-01 Threat Awareness Program ID.BE-2 THR-01 PM-16 AT-5 PM-15 THR-01 Art 32.1 Art 32.2 CC3.1 CC3.1 BAI08.01
Threat Management THR-02 P-THR-02 Threat Intelligence Feeds ID.RA-2 THR-03 SI-5 SI-5(1) SI-5 SI-5(1) THR-03 4.4
3.1
3.2
9.3
9.5
11.3
Vulnerability & Patch
VPM-03 P-VPM-03 Vulnerability Scanning DE.CM-8 VPM-06 RA-5 RA-5 VPM-06 4.1 IVS-05
Management
20.3
Vulnerability & Patch
VPM-04 P-VPM-04 Red Team Exercises DE.DP-3 VPM-10 CA-8(2) CA-8(2) VPM-10 20.5
Management
20.7
NIST 800-171 OWASP US DFARS US FDA US FedRAMP US NERC CIP US US - NY DFS
rev 1 Top 10 v2017 252.204-70xx 21 CFR Part 11 [moderate] CJIS Security Policy 23 NYCRR500
US US - MA 201 CMR
NIST 800-37 NIST 800-39 NIST 800-160 PCI DSS v3.2 UL 2900-1 US FACTA US FERPA US FFIEC US FINRA US GLBA US HIPAA US NISPOM US - CA SB1386 US - OR 646A
Privacy Shield 17.00
17.03(1)
12.1 252.204-7008 S-P (17 CFR 164.308(a)(1)(i)
§ 1232h D1.G.SP.B.4 6801(b)(1) 5.1.1.1 17.04 500.03
12.1.1 252.204-7012 §248.30) 164.316
17.03(2)(b)(2)
164.308(a)(2)
164.308(a)(3)
164.308(a)(4)
164.308(b)(1)
164.314
D1.R.St.B.1 8-101
12.5-12.5.5 Safeguards Rule CIP-003-6 R3 & R4 5.10.1.5 17.03(2)(a) 500.04 622(2)(d)(A)(i)
D1.TC.Cu.B.1 8-311
164.308(a)(1)(ii)(A)
164.308(a)(4)(ii)(A)
164.308(a)(7)(ii)(E )
164.308(b)
164.310(d)
D1.G.IT.B.1 164.310(d)(2)(iii)
3.4.1 1.1.2
CM-8 D4.RM.Dd.B.2 5.7.2
3.4.2 2 2.4
D4.C.Co.B.3
4.1 164.308(a)(1)(ii)(A)
5.1 164.308(a)(3)(ii)(A)
6.1 164.308(a)(8)
6.2 164.310(d)
6.3
6.4
1.1.2 D4.C.Co.B.4 5.1.1.1
1.1.3 D4.C.Co.Int.1 5.10.1.5
164.308(a)(1)(ii)(A)
164.310(a)(2)(ii)
164.310(a)(2)(iii)
164.310(a)(2)(iv)
164.310(d)(1)
164.310(d)(2)
D1.G.IT.E.3
622(2)(d)(C)(ii)
D1.G.IT.E.2
164.308(a)(7)
164.308(a)(7)(i)
164.308(a)(7)(ii)
164.308(a)(7)(ii)(C)
164.310(a)(2)(i)
164.312(a)(2)(ii) 8-104 5.3.2.1
CP-1 CP-2 D5.IR.Pl.B.6 8-603 5.3.2.2
8-614 5.10.1.5
164.308(a)(7)(ii)(D)
D5.IR.Pl.Int.4 164.308(a)(8) 8-615
164.316(b)(2)(iii)
D5.IR.Pl.Int.4 164.308(a)(7)(ii)(D)
CIP-009-6 R3 8-614
D5.IR.Te.Int.5 164.308(a)(8)
164.308(a)(7)(ii)(A)
164.308(a)(7)(ii)(B)
164.308(a)(7)(ii)(D)
164.310(a)(2)(i)
164.310(d)(2)(iv)
5.10.1.2.2
8-603
3.8.9 CP-9 5.10.1.2.3
8-612
5.10.1.5
D5.IR.Pl.B.5
CP-10 164.308(a)(7)(ii)(B) 8-613 5.10.1.5
D5.IR.Te.E.3
D5.IR.Pl.B.5 164.308(a)(1)(ii)(A)
D5.IR.Pl.B.6 164.308(a)(1)(ii)(B)
D5.IR.Pl.E.3 164.308(a)(7)
D3.PC.Im.E.4 164.310(a)(2)(i)
164.310(d)(2)(iv)
164.312(a)(2)(ii)
5.10.1.1
8-701
5.10.1.5
8-103 5.7.1
8-104 5.7.1.1
8-311 5.10.4.1
8-610 5.13.4
5.13.4.1
3.4.10
3.4.3 6.4-6.4.6 CM-3 D1.G.IT.B.4
3.4.13
3.3 164.306
3.3.3 164.308
3.3.4 164.308(a)(7)(i)
3.4 164.308(a)(7)(ii)(C)
3.4.1 164.308(a)(8)
3.4.2 164.310
D1.G.Ov.E.2
12.1 § 11.10 6801(b)(3) 8-104 500.19
D3.PC.Am.B.11
A1 A2 A3 A4 A5 5.7.1
A6 5.7.1.1
5.7.2
5.13.4
D3.DC.An.B.2 164.308(a)(1)(i)
D3.DC.An.B.3 164.308(a)(1)(ii)(D)
D1.G.SP.B.3 164.308(a)(5)(ii)(B)
D2.MA.Ma.B.1 164.308(a)(5)(ii)(C)
D2.MA.Ma.B.2 164.308(a)(2)
10.1 D3.DC.Ev.B.4 164.308(a)(3)(ii)(A)
NFO A2 A5 A10 10.6-10.6.3 § 11.10 AU-1 CIP-007-6 R4 8-602 5.10.1.3 500.06
10.8-10.8.1
5.4.1
5.4.1.1
5.4.1.1.1
5.4.3
3.3.1 D3.DC.Ev.B.2 164.308(a)(6)(ii)
3.3.2 AU-7 AU-7(1) AU-12 D5.ER.Is.B.1 164.314(a)(2)(i)(C) 8-602
3.3.6 D5.ER.Is.E.1 164.314(a)(2)(iii)
D3.DC.Ev.B.1 164.308(a)(1)(ii)(D)
10.6-10.6.2 5.10.1.3
D4.C.Co.B.4 164.312(b)
164.308(a)(1)(ii)(D)
164.308(a)(3)(ii)(A)
164.308(a)(5)(ii)(C)
164.312(a)(2)(i)
164.312(b)
164.312(d)
D3.DC.An.A.3
D4.RM.Om.Int.1 164.308(a)(1)(ii)(D)
164.308(a)(1)(ii)(D)
164.308(a)(5)(ii)(B)
164.308(a)(5)(ii)(C)
164.310(a)(1)
164.310(a)(2)(ii)
164.310(a)(2)(iii)
D3.DC.Ev.B.3
164.308(b)(1)
164.308(b)(2)
164.312(e)(1)
164.312(e)(2)(i)
164.312(e)(2)(ii)
D3.PC.Am.B.13 164.314(b)(2)(i) 5.10.1.2
§ 11.10 D3.PC.Am.E.5 8-605 5.10.1.2.1 17.04(3) 500.15 622(2)(d)(C)(iii)
D3.PC.Am.Int.7 5.10.1.5
3.4 5.10.1.2
3.4.1 5.10.1.2.1
4.1 5.10.1.2.2
9.8.2 5.10.1.5
3.8.6 164.312(e)(2)(i)
MP-5(4) SC-8
3.13.8 § 11.10 164.312(e)(1) 8-605 17.04(3) 622(2)(d)(C)(iii)
SC-28(1)
3.13.16 164.312(e)(2)(i)
164.308(a)(3)(i)
164.308(a)(3)(ii)(A)
164.310(d)(1)
164.310(d)(2)
164.312(a)(1)
D1.G.SP.B.4 164.312(a)(2)(iv)
D3.PC.De.B.1 CIP-010-2 R4
D3.PC.Im.E.3
3.14.1
3.14.2
3.14.3
3.14.4
3.14.5
5.1-5.1.2
14.1 164.308(a)(1)(ii)(D) 5.10.4.2
5.2 SI-3 D3.DC.Th.B.2 CIP-007-6 R3 8-305 17.04(7)
14.2 164.308(a)(5)(ii)(B) 5.13.4.2
5.3
164.308(a)(1)(ii)(D)
164.312(b)
164.312(c)(1)
164.312(c)(2)
164.312(e)(2)(i)
D3.PC.Se.Int.3
11.5-11.5.1 SI-7 8-302 5.10.1.3
D3.PC.De.Int.2
164.308(a)(1)(ii)(D)
3.13.13 SC-18 D3.PC.De.E.5 5.13.4.3
164.308(a)(5)(ii)(B)
164.308(a)(1)(ii)(C) 5.1.1.7
3.2.4 NFO PS-1 D1.R.St.E.4 8-307
164.308(a)(3) 5.10.1.5
5.6.2.1.3
A5 IA-5(3) CIP-004-6 R5
5.6.3.1
164.308(a)(3) 5.5.2
164.308(a)(4) 5.5.2.1
164.310(a)(2)(iii) 5.5.2.2
164.310(b) 5.5.2.3
164.312(a)(1) 5.5.2.4
D3.PC.Am.B.1 164.312(a)(2)(i) 5.13.6
3.1.5 A5 8.7 1 § 11.10 AC-6 D3.PC.Am.B.2 8-303 622(2)(d)(C)(iii)
D3.PC.Am.B.5
164.308(a)(6) 5.3.2
164.308(a)(6)(i) 5.3.2.1
164.308(a)(7) 5.3.2.2
164.310(a)(2)(i) 5.10.1.5
164.312(a)(2)(ii) 5.13.5
8-101
NFO IR-1 D5.IR.Pl.B.1 CIP-008-5 R1 500.16
8-103
D5.IR.Pl.Int.4 164.308(a)(1)(i)
D5.IR.Te.E.1 164.308(a)(1)(ii)(D)
D5.ER.Es.E.1 164.308(a)(5)(ii)(B)
D1.RM.RMP.A.4 164.308(a)(5)(ii)(C)
D5.DR.De.B.1 164.308(6)(i)
D3.DC.An.E.4 164.308(a)(6)(i) 5.3.2.1
3.6.1 12.5.3 1-303
IR-4 5.3.2.2
3.6.2 12.10 4-218
5.13.5
164.308(a)(6)(ii)
164.308(a)(7)(ii)(B)
164.308(a)(7)(ii)(C)
164.308(a)(7)(ii)€
D1.RM.RMP.A.4
D5.IR.Te.E.1
D5.ER.Es.E.1
252.204-7012
5.3.2
5.3.2.1
5.3.2.2
5.10.1.5
5.13.5
D5.IR.Pl.Int.4 164.308(a)(7)(ii)(D) 8-101
NFO CIP-008-5 R3
D5.IR.Te.Int.5 164.308(a)(8) 8-103
D5.IR.Te.B.1
IR-3(2) 164.308(a)(7)(ii)(D)
D5.IR.Te.B.3
D5.ER.Es.Int.3 164.308(a)(2)
D5.IR.Pl.Int.1 164.308(a)(6)
D5.IR.Pl.B.3 164.308(a)(6)(i)
D5.ER.Is.B.1 164.308(a)(6)(ii)
D5.IR.Pl.Int.1 164.308(a)(7)
164.308(a)(7)(ii)(A)
12.10.3 IR-7(2)
D3.CC.Re.Int.3
D3.CC.Re.Int.4 164.308(a)(6)
164.308(a)(1)(ii)(D)
164.308(a)(5)(ii)(B)
164.308(a)(5)(ii)(C)
164.308(a)(6)(ii)
164.308(a)(8)
164.310(d)(2)(iii)
3.6.1 12.5.2 1-303
IR-5 D3.DC.Ev.E.1 5.3.4
3.6.2 12.10.5 4-218
D5.IR.Pl.B.2 164.308(a)(5)(ii)(B)
D5.DR.Re.B.4 164.308(a)(5)(ii)(C)
D5.DR.Re.E.6 164.308(a)(6)
D5.ER.Es.B.4 164.308(a)(6)(ii)
D5.ER.Es.B.2 164.314(a)(2)(i)(C)
D2.IS.Is.B.3 164.314(a)(2)(iii)
3.6.1 12.5.2 1-303 5.3.1 SEC2-Section
252.204-7012 IR-6 17.03(2)(j) 500.17 604(1)-(5)
3.6.2 12.8.3 4-218 5.10.1.5 1798.29
5.3.2
5.3.2.1
5.3.2.2
5.10.1.5
5.13.5
164.308(a)(7)(ii)(D)
8-101
NFO 12.10.6 D5.IR.Pl.Int.4 164.308(a)(8) CIP-008-5 R3
8-103
164.316(b)(2)(iii)
3.7.1
D3.CC.Re.Int.5 164.308(a)(3)(ii)(A) 5.7.1
3.4.13 3.7.2 A9 MA-2 8-304
D3.CC.Re.Int.6 164.310(a)(2)(iv) 5.8.3
3.7.3
164.308(a)(3)(ii)(A) 5.6.2.2
164.310(d)(1) 5.6.2.2.1
164.310(d)(2)(ii) 5.6.2.2.2
164.310(d)(2)(iii) 5.13.7
164.312(a) 5.13.7.2
164.312(a)(2)(ii)
3.4.13 3.7.5 MA-4 D3.PC.Im.B.7
164.308(a)(1)(ii)(D)
164.312(a)(1)
164.312(b)
164.312€
D3.PC.Im.B.1
8-101
NFO SC-1 D3.PC.Am.B.11 CIP-005-5 R1
8-605
D3.PC.Im.Int.1
164.308(a)(4)(ii)(B)
164.310(a)(1)
164.310(b)
164.312(a)(1)
164.312(b)
164.312(c)
D3.DC.Im.B.1
1.3.7 CIP-005-5 R1
D3.DC.Im.Int.1
164.308(a)(4)(i) 5.5.6
164.308(b)(1) 5.5.6.1
164.308(b)(3) 5.5.6.2
164.310(b) 5.10.1.5
164.312(e)(1)
D3.PC.Am.B.15 164.312(e)(2)(ii)
3.1.1 12.3.8
9.1 AC-17 D3.PC.De.E.7 CIP-005-5 R2
3.1.2 12.3.9
D3.PC.Im.Int.2
164.310(a)(2)(ii)
3.10.1 D3.PC.Am.E.4
9.1 -9.1.1 PE-6 164.310(a)(2)(iii) 5-300 5.9.1.6 622(2)(d)(C)(ii)
3.10.2 D3.Dc.Ev.B.5
164.310(c)
D3.PC.Am.B.15 164.308(a)(1)(ii)(D)
D3.PC.Am.Int.1 164.308(a)(3)
D3.PC.De.Int.1 164.308(a)(4)
D3.DC.Ev.Int.1 164.310(b)
164.310(c)
164.312(a)
2.1
2.2
2.3
2.4
D3.PC.Se.B.1 8-311
3.2.1 NFO SA-3 164.308(a)(1)(i)
D3.PC.Se.E.1 8-610
D3.DC.An.B.1 164.308(a)(1)(ii)(A)
D2.MA.Ma.E.1 164.308(a)(1)(ii)(D)
D2.MA.Ma.E.4 164.308(a)(3)
D2.MA.Ma.Int.2 164.308(a)(4)
164.308(a)(5)(ii)(A)
164.310(a)(1)
3.1
3.2
164.308(a)(1)(ii)(A)
164.308(a)(1)(ii)(B)
164.308(a)(1)(ii)(D)
164.308(a)(7)(ii)(D)
164.308(a)(7)(ii)(E)
D1.RM.RA.B.1 164.316(a)
5.1.2
3.2 3.11.1 12.2 5.1 RA-3 D1.RM.RA.E.2 Safeguards Rule CIP-014-2 R1 8-402 17.03(2)(b) 622(b)(A)(ii)
5.1.2.1
D1.RM.RA.E.1
D5.IR.Pl.B.1 164.308(a)(1)(ii)(B)
3.3 7.1.1 D5.DR.Re.E.1 164.314(a)(2)(i)(C)
D5.IR.Pl.E.1 164.314(b)(2)(iv)
164.308(a)(1)(i)
164.308(a)(1)(ii)(A)
164.308(a)(1)(ii)(B)
164.308(a)(6)
164.308(a)(7)(ii)(E)
164.308(a)(8)
D5.RE.Re.B.1
3.2 5.1
D5.ER.Er.Ev.1
2.1 2.1
2.2 2.2
2.3 2.3
2.4 2.4
2.5
2.4 2.6 3.13.1 8-101
SA-8 SC-7(18) 5.10.1.1
3.1 3.13.2 A5 A6 2.2 § 11.30 8-302 Principle 4
SI-01 5.10.1.5
3.2 NFO 8-311
8-615
A5 A6 5.10.1.1
8-702
D1.TC.Tr.B.2 164.308(a)(2)
D1.TC.Tr.B.4 164.308(a)(3)(i)
D1.TC.Tr.Int.2 164.308(a)(5)
D1.TC.Tr.E.2 164.308(a)(5)(i)
164.308(a)(5)(ii)(A)
164.308(a)(5)(ii)(B) 8-101
2.7 NFO AT-1 CIP-004-6 R1 8-103 5.2.1 500.14
8-307
164.308(a)(2) 5.2.1.1
164.308(a)(3)(i) 5.2.1.2
164.308(a)(5)(i) 5.2.1.3
164.308(a)(5)(ii)(A) 5.2.1.4
164.308(a)(5)(ii)(B)
164.308(a)(5)(ii)(C) 8-101
3.2.1 D1.TC.Tr.E.3
12.6.1 AT-3 CIP-004-6 R2 8-103 17.04(8) 622(2)(d)(A)(iv
3.2.2 D1.R.St.E.3
8-104
D1.TC.Tr.E.3
§ 11.10 CIP-004-6 R2
D1.R.St.E.3
5.10.4.1
6.4.1 D3.PC.Am.B.10 164.308(a)(4)
5.13.4.1
5.1
5.1.1.2
5.1.1.3
5.1.1.4
5.1.1.5
5.1.1.6
NFO A3 A4 12.8 12.1 500.11
164.308(a)(1)(ii)(A)
164.308(a)(4)(ii)
164.308(a)(7)(ii)(C)
164.308(a)(7)(ii)(E)
164.308(a)(8)
164.310(a)(2)(i)
8-302
12.1 D1.G.SP.A.3
8-311
12.1
12.2
12.3
12.4
12.5
12.6
A3 A4
164.308(b)(1)
164.314(a)(1)(i)-(ii)
164.314(a)(1)(ii)(A)-(B)
164.314(a)(2)(i)(A)-(D)
164.314(a)(2)(i)(A)-(D)
164.314(a)(2)(ii)(1)-(2)
2.6
12.1
12.9
164.308(a)(1)(i)
164.308(a)(2)
164.308(a)(3)
164.308(a)(4)
164.308(b)
D1.G.SP.B.7 164.314
12.1 D4.RM.Co.B.2
D4.RM.Co.B.5
164.308(a)(1)(ii)(A)
164.308(a)(4)(ii)
164.308(a)(7)(ii)(C)
164.308(a)(7)(ii)(E)
164.308(a)(8)
164.310(a)(2)(i)
12.6 D1.G.SP.Inn.1 CIP-014-2 R4 8-103 500.10
3.14.1
6.2
3.14.2 SI-5 D2.TI.Ti.B.1 164.308(A)(5)(ii) (ii)(A) 8-103 5.10.4.4 622(2)(d)(B)(iii)
12.4
3.14.3
164.308(a)(1)(ii)(A)
A6 A9 6.6 D1.RM.RA.E.1 164.308(a)(1)(ii)(B) 5.13.4.3
164.308(a)(6)(ii)
D3.DC.Ev.Int.2 164.306(e)
US-TX
Cybersecurity Act
US - TX
BC521
Sec 10
Sec 9
Sec 10 Sec 11
Sec 10 Sec 11
Sec. 521.052(b)
Sec 8
Sec 8
Sec 12
Sec 12
Sec 12
Sec 7
Sec 7
Sec 7 Sec 11
Sec. 521.052
Sec 6