800-53|SC-1

Title

SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES

Description

The organization:

Supplemental

This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the SC family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems, if needed. The organizational risk management strategy is a key factor in establishing policy and procedures.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: PM-9

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2.3. ActiveX Initialization: Level II Enabled	Windows	CIS MS Office 2007 v1.1.0 L2
1.1.3.4. Download of ClipArt: Level II Enabled	Windows	CIS MS Office 2007 v1.1.0 L2
1.1.3.5. Download of Templates: Level II Enabled	Windows	CIS MS Office 2007 v1.1.0 L2
1.1.3.9 Customer-Submitted Templates: Level I Enabled.	Windows	CIS MS Office 2007 v1.1.0 L1
1.1.12.9. Rely on VML for displaying graphics in browsers: Level II Disabled	Windows	CIS MS Office 2007 v1.1.0 L2
1.2.1.2. Attachment Previewing in Outlook: Level II Enabled	Windows	CIS MS Office 2007 v1.1.0 L2
1.3.6.1. Disable all Application Add-Ins: Level II Not Configured (Does Not Exist).	Windows	CIS MS Office 2007 v1.1.0 L2
1.4.5.1 Disable all Application Add-Ins: Level I not configured (Does Not Exist).	Windows	CIS MS Office 2007 v1.1.0 L1
1.6.3.1 Disable all Application Add-Ins: Level I Not Configured (Does Not Exist).	Windows	CIS MS Office 2007 v1.1.0 L1
1.7.3.1 Disable all Application Add-Ins: Level I Not Configured (Does Not Exist).	Windows	CIS MS Office 2007 v1.1.0 L1
2.1.1.6 User Configuration to Disable Excel Commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.1.1.7 Disable Specific Word Commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.1.1.8 Disabling Specific PowerPoint commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.1.1.9 Disable Access Commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.2.1.7 Disable Specific Word Commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.2.1.8 Disable Specific PowerPoint Commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.2.1.9 Disable Specific Access Commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.2.1.10 Disable Specific Excel Commands: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.2.1.14 File Type Restriction from InfoPath Forms as Attachments: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.2.1.14. File Type Restriction from InfoPath Forms as Attachments: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L2
2.2.1.16 Disable all Application Add-Ins: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L1
2.2.1.16. Disable all Application Add-Ins: Not Configured	Windows	CIS MS Office 2007 v1.1.0 L2
Managing Metrics and Improvement	amazon_aws	Tenable AWS Best Practice Audit

Detections

Analytics