Controls are tactical tasks that Symplicity implements to put security policies into action
AC - Access ControlThe AC Control Family consists of security requirements detailing system logging. This includes who has access to what assets and reporting capabilities like account management, system privileges, and remote access logging to determine when users have access to the system and their level of access.
AU - Audit and AccountabilityThe AU control family consists of security controls related to an organization’s audit capabilities. This includes audit policies and procedures, audit logging, audit report generation, and protection of audit information.
AT - Awareness and TrainingThe control sets in the AT Control Family are specific to your security training and procedures, including security training records.
CM - Configuration ManagementCM controls are specific to an organization’s configuration management policies. This includes a baseline configuration to operate as the basis for future builds or changes to information systems. Additionally, this includes information system component inventories and security impact analysis control.
CP - Contingency PlanningThe CP control family includes controls specific to an organization's contingency plan if a cybersecurity event should occur. This includes controls like contingency plan testing, updating, training, and backups, and system reconstitution.
IA - Identification and AuthenticationIA controls are specific to the identification and authentication policies in an organization. This includes the identification and authentication of organizational and non-organizational users and how the management of those systems.
IR - Incident ResponseIR controls are specific to an organization’s incident response policies and procedures. This includes incident response training, testing, monitoring, reporting, and response plan.
MA - MaintenanceThe MA controls details requirements for maintaining organizational systems and the tools used.
MP - Media ProtectionThe Media Protection control family includes controls specific to access, marking, storage, transport policies, sanitization, and defined organizational media use.
PS - Personnel SecurityPS controls relate to how an organization protects its personnel through position risk, personnel screening, termination, transfers, sanctions, and access agreements.
PE - Physical and Environmental ProtectionThe Physical and Environmental Protection control family is implemented to protect systems, buildings, and related supporting infrastructure against physical threats. These controls include physical access authorizations, monitoring, visitor records, emergency shutoff, power, lighting, fire protection, and water damage protection.
PL - PlanningThe control PL family is specific to an organization's security planning policies and must address the purpose, scope, roles, responsibilities, management commitment, coordination among entities, and organizational compliance.
PM - Program ManagementThe PM control family is specific to who manages your cybersecurity program and how it operates. This includes, but is not limited to, a critical infrastructure plan, information security program plan, plan of action milestones and processes, risk management strategy, and enterprise architecture.
RA - Risk AssessmentThe RA control family relates to an organization’s risk assessment policies and vulnerability scanning capabilities. Symplicity uses an integrated risk management solution to help streamline and automate our compliance efforts.
CA - Security Assessment and AuthorizationThe Security Assessment and Authorization control family includes controls that supplement the execution of security assessments, authorizations, continuous monitoring, plan of actions and milestones, and system interconnections.
SC - System and Communications ProtectionThe SC control family is responsible for systems and communications protection procedures. This includes boundary protection, protection of information at rest, collaborative computing devices, cryptographic protection, denial of service protection, and many others.
SI - System and Information IntegrityThe SI control family correlates to controls that protect system and information integrity. This control family includes flaw remediation, malicious code protection, information system monitoring, security alerts, software, and firmware integrity, and spam protection.
SA - System and Services AcquisitionThe SA control family correlates with controls that protect allocated resources and an organization’s system development life cycle. This includes information system documentation controls, development configuration management controls, and developer security testing and evaluation controls.
Provides institutions with the ability to connect holistically with students to enhance their experience and streamline campus operations and collaborations.
© Copyright All Rights Reserved 2024 Symplicity