Texas A&M IT Policy – Access Control – Publicly Accessible Content 3.1 3.1.22 Access Control
This is an example of a policy that fulfills AC.1.1004 Control information posted or processed on publicly accessible information systems.
SEARCH RESULTS
The Missing Report – Phone Security: 20 Ways to Secure Your Mobile Phone 3.1 3.1.18 3.1.19 Access Control
This article provides companies with ideas on how to mitigate the risk that mobiles carry with them as attackers turn to target them.
TOTEM – Why is separation of duties required by NIST 800-171 and CMMC? 3.1 3.1.4 Access Control
This post provides information as well as a downloadable worksheet that organizations can use to plan and demonstrate separation of duties.
Tripwire – USB Threats to Cybersecurity of Industrial Facilities 3.1 3.1.21 3.7 3.7.4 3.8 3.8.5 3.8.6 3.8.7 3.8.8 Access Control Maintenance Media Protection
This article provides an overview of the risks associated with removable media for industrial facilities based on a 2018 Honeywell report.
University of California San Francisco – Wireless RF Design Guideline 3.1 3.1.16 3.1.17 Access Control
This example policy from UCSF describes their organized approach in deploying wireless technologies on the enterprise network.
University of California Santa Cruz – Protecting Electronic Restricted Data 3.1 3.1.22 Access Control
This example IT practices document from UC Santa Cruz lays out practices for protecting restricted data.
University of Cincinnati – Privileged Access Policy 3.1 3.1.15 Access Control
The policy provides a background of who is granted privileged access. On page 2, the policy indicates that “If access is required when off-campus, then the user must use the university’s VPN and university approved multi-factor authentication. Wherever and whenever possible Privileged Access users must utilize university approved multi-factor authentication.”
University of Michigan – Access, Authorization, and Authentication Management 3.1 3.1.1 3.1.2 Access Control
This sample policy from Michigan is an example of how an organization can provision and deprovision access to systems and applications.
US-CERT – The Risk of Using Portable Devices 3.1 3.1.21 3.7 3.7.4 3.8 3.8.5 3.8.6 3.8.7 3.8.8 Access Control Maintenance Media Protection
This paper focuses on the risks associated with simple media devices and smart media devices.
YouTube – Pros & Cons of Full Disk Encryption 3.1 3.1.19 3.13 3.13.10 3.13.11 3.13.16 3.5 3.5.10 3.8 3.8.1 3.8.2 3.8.6 Access Control Identification and Authentication Media Protection System and Communications Protection
This video from SANS educates viewers on the positive and negative aspects of using full disk encryption for security.