MIL1 requirements
a. Logical and physical access controls are implemented to protect assets that are important to the delivery of the function, where feasible, at least in an ad hoc manner
b. Endpoint protections (such as secure configuration, security applications, and host monitoring) are implemented to protect assets that are important to the delivery of the function, where feasible, at least in an ad hoc manner
MIL2 requirements
c. The principle of least privilege (for example, limiting administrative access for users and service accounts) is enforced
d. The principle of least functionality (for example, limiting services, limiting applications, limiting ports, limiting connected devices) is enforced
e. Secure configurations are established and maintained as part of the asset deployment process where feasible
f. Security applications are required as an element of device configuration where feasible (for example, endpoint detection and response, host-based firewalls)
g. The use of removeable media is controlled (for example, limiting the use of USB devices, managing external hard drives)
h. Cybersecurity controls are implemented for all assets within the function either at the asset level or as compensating controls where asset-level controls are not feasible
i. Maintenance and capacity management activities are performed for all assets within the function
j. The physical operating environment is controlled to protect the operation of assets within the function
k. More rigorous cybersecurity controls are implemented for higher priority assets
MIL3 requirements
l. Configuration of and changes to firmware are controlled throughout the asset lifecycle
m. Controls (such as allowlists, blocklists, and configuration settings) are implemented to prevent the execution of unauthorized code
The organization must have a strategy for developing and maintaining a cyber security architecture.
The strategy must match the organization's cyber security program and the organization's architecture.
The architecture must include:
Access to buildings containing critical systems must be constantly monitored to detect unauthorized access or suspicious activity. The following issues should be taken into account in monitoring practices:
Information related to surveillance systems should be kept confidential, as disclosure of information can facilitate undetected breaches. The monitoring systems themselves must also be properly protected, so that the recordings or system status cannot be affected without permission.
All endpoint devices in the organization should be protected by a properly configured software firewall that monitors traffic, accepts compliant traffic, and monitors users.
A firewall protects against malware and attacks that come from inside or outside your organization's network.
The organization must have list of approved applications, and application sources, that are allowed to be used on the organization's endpoint devices.
The organization should, if possible, execute management of approved software using automation for example with policies from mobile device management system.
Endpoint security management system can be used to demand the desired security criteria from the devices before they are allowed to connect to the network resources. Devices can be laptops, smartphones, tablets or industry-specific hardware.
Criteria for the use of network resources may include e.g. approved operating system, VPN and antivirus systems, and the timeliness of these updates.
In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.
.png)
Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.
