Practices (L1) Flashcards
General practice and purpose memorization.
AC.L1-3.1.1
Title: Authorized Access Control
Access Control (AC)
Level 1
Purpose: Limit information system access to authorized users, processes acting on behalf of authorized users or devices.
FAR 52.204-21 Basic Safeguard: Limit access to authorized users, processes, or devices.
AC.L1-3.1.2
Title: Transaction & Function Control
Access Control (AC)
Level 1
Purpose: Limit IS access to the types of transactions and functions that authorized users are permitted to execute.
FAR 52.204-21 Basic Safeguard: Limit access to the type of actions that authorized users are permitted to execute.
AC.L1-3.1.22
Title: Control Public Information
Access Control (AC)
Level 1
Purpose: Control information posted or processed on publicly accessible information systems.
FAR 52.204-21 Basic Safeguard: Control information posted or processed on publicly accessible systems.
AC.L1-3.1.20
Title: External Connections
Access Control (AC)
Level 1
Purpose: Verify and control/limit connections to and use of external information systems.
FAR 52.204-21 Basic Safeguard: Verify and control (or limit) connections to external information systems.
IA.L1-3.5.1
Title: Identification
Identification and Authentication (IA)
Level 1
Purpose: Identify information system users, processes acting on behalf of users or devices.
FAR 52.204-21 Basic Safeguard: Identify information system users, processes, or devices.
IA.L1-3.5.2
Title: Control Public Information
Identification and Authentication (IA)
Level 1
Purpose: Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access t organizational information systems.
FAR 52.204-21 Basic Safeguard: Authenticate identities of users, processes, or devices prior to allowing access.
MP.L1-3.8.3
Title: Media Disposal
Media Protection (MP)
Level 1
Purpose: Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
FAR 52.204-21 Basic Safeguard: Sanitize or destroy media containing Federal Contract Information.
PE.L1-3.10.1
Title: Limit Physical Access
Physical Protection (PE)
Level 1
Purpose: Limit physical access to organizational information systems, equipment and the respective operating environments to authorized individuals.
FAR 52.204-21 Basic Safeguard: Limit physical access to information systems, equipment, and operating environment to authorized individuals.
PE.L1-3.10.3
Title: Escort Visitors
Physical Protection (PE)
Level 1
Purpose: Escort visitors and monitor visitor activity.
FAR 52.204-21 Basic Safeguard: Escort visitors, monitor visitor activity, maintain audit logs of visitor activity, and control and manage physical access devices.
PE.L1-3.10.4
Title: Physical Access Logs
Physical Protection (PE)
Level 1
Purpose: Maintain audit logs of physical access.
FAR 52.204-21 Basic Safeguard: None.
PE.L1-3.10.5
Title: Manage Physical Access
Physical Protection (PE)
Level 1
Purpose: Control and manage physical access devices (keys, combos, etc.)
FAR 52.204-21 Basic Safeguard: None.
SC.L1-3.13.1
Title: Boundary Protection
System and Communications Protection (SC)
Level 1
Purpose: Monitor, control, and protect organizational communication s(i.e.,information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information system.
FAR 52.204-21 Basic Safeguard: Monitor, control, and protect organizational communications.
SC.L1-3.13.5
Title: Public-Access System Separation
System and Communications Protection (SC)
Level 1
Purpose: Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
FAR 52.204-21 Basic Safeguard: Implement subnetworks for publicly accessible system components that are separated from internal networks.
SI.L1-3.14.1
Title: Flaw Remediation
System and Information Integrity (SI)
Level 1
Purpose: Identify, report, and correct information and information system flaws in a timely manner.
FAR 52.204-21 Basic Safeguard: Identify, report, and correct information and system flaws in a timely manner.
SI.L1-3.14.2
Title: Malicious Code Protection
System and Information Integrity (SI)
Level 1
Purpose: Provide protection from malicious code at appropriate locations within organizational information systems.
FAR 52.204-21 Basic Safeguard: Provide protection from malicious code.