Tech Target – Account Lockout Policy: Setup and Best Practices Explained
3.1 3.1.8 Access Control
https://www.techtarget.com/searchsecurity/tip/Account-lockout-policy-Setup-and-best-practices-explained
This article looks at the main elements of an account lockout policy and reviews the best practices for creating and implementing effective account lockout policies for your organization.
Texas A&M IT Policy – Access Control – Publicly Accessible Content
3.1 3.1.22 Access Control
https://docs.security.tamu.edu/docs/security-controls/AC/AC-22/
This is an example of a policy that fulfills AC.1.1004 Control information posted or processed on publicly accessible information systems.
The Missing Report – Phone Security: 20 Ways to Secure Your Mobile Phone
3.1 3.1.18 3.1.19 Access Control
https://preyproject.com/blog/phone-security-20-ways-to-secure-your-mobile-phone
This article provides companies with ideas on how to mitigate the risk that mobiles carry with them as attackers turn to target them.
TOTEM – Why is separation of duties required by NIST SP 800-171 and CMMC?
3.1 3.1.4 Access Control
https://www.totem.tech/cmmc-separation-of-duties/
This post provides information as well as a downloadable worksheet that organizations can use to plan and demonstrate separation of duties.
University of California San Francisco – Wireless RF Design Guideline
3.1 3.1.16 3.1.17 Access Control
https://it.ucsf.edu/standards-and-guidelines/ucsf-rf-design-guideline
This example policy from UCSF describes their organized approach in deploying wireless technologies on the enterprise network.
University of Cincinnati – Privileged Access Policy
3.1 3.1.15 Access Control
https://www.uc.edu/content/dam/uc/infosec/docs/policies/Privileged_Access_Policy_9.1.14.pdf
The policy provides a background of who is granted privileged access. On page 2, the policy indicates that “If access is required when off-campus, then the user must use the university’s VPN and university approved multi-factor authentication. Wherever and whenever possible Privileged Access users must utilize university approved multi-factor authentication.”
University of Michigan – Access, Authorization, and Authentication Management
3.1 3.1.1 3.1.2 Access Control
https://it.umich.edu/information-technology-policies/general-policies/DS-22
This sample policy from Michigan is an example of how an organization can provision and deprovision access to systems and applications.
https://www.cisa.gov/sites/default/files/publications/RisksOfPortableDevices.pdf
This paper focuses on the risks associated with simple media devices and smart media devices.
V2Cloud Solutions – How to Automatically Log Off Idle Users in Windows for Enhanced Security
3.1 3.1.11 Access Control
https://v2cloud.com/blog/how-to-automatically-log-off-idle-users-in-windows
This article describes how to configure a session termination condition in Windows.
https://www.youtube.com/watch?v=rIzTgaMhovg
This provides an outline to wireless security, including: Wireless Threats, Security Methods, Encryption, & Authentication.
