NIST 800-53

AC-2 Account management

Manage system accounts, including creation, modification, review and removal.

AU-2 Event logging

Identify the event types the system is capable of logging and that are to be logged.

CM-6 Configuration settings

Establish, document and enforce secure configuration settings for system components.

CM-8 System component inventory

Develop and maintain an inventory of system components.

CP-9 System backup

Conduct backups of system-level and user-level information and protect their confidentiality and integrity.

IR-4 Incident handling

Implement an incident-handling capability covering preparation, detection, analysis, containment, eradication and recovery.

IR-6 Incident reporting

Require personnel to report suspected incidents and report incident information to designated authorities within defined timeframes.

PM-1 Information security program plan

Develop and maintain an organization-wide information security program plan.

RA-3 Risk assessment

Conduct assessments of risk, including the likelihood and impact of unauthorized access, use, disclosure, disruption or destruction.

RA-5 Vulnerability monitoring and scanning

Monitor and scan for vulnerabilities and remediate them in line with risk.

SC-28 Protection of information at rest

Protect the confidentiality and integrity of information at rest, typically through cryptography.

SC-8 Transmission confidentiality and integrity

Protect the confidentiality and integrity of transmitted information, typically through cryptography.