checklist

North American Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) Software Minimum Requirements:
- Coordinated management of compliance across all legal entities and functional roles.
- Relational database which serves as system of record for legal entities, functional roles and corresponding NERC and regional standards, requirements and measures, ISOtariffs, etc.
- Configurable tasks, roles and statuses.
- Automated task assignment and tracking based on regional and NERC audit schedules.

Download Free Business Continuity and Emergency Respon Plan Alignment Checklist

- How frequently do the program owners meet to discuss program issues and concerns?
- Have the program owners jointly met with local Emergency Response authorities to build a consensus on how events of various magnitudes can be managed best for both immediate and long-term impacts?
- Does the Emergency Response coordinator have sufficient influence to alter Business Continuity strategies if warranted, and vice versa?

Download Free SAS70 Outsourcing Project Implementation Contracts Evaluation Checklist

Purpose
This section describes in simple terms the purpose of the evaluation, how it relates to the customer, and the benefits the organization will receive from the evaluation process. It is essential that you use common terminology relevant to the organization to ensure that this material is understood.

Methodology
This section describes the methodology that will be used to conduct the evaluation. This is a good place to emphasize the IEM as a standard methodology to conduct technical INFOSEC evaluations, developed and approved by the National Security Agency. This section includes the phases, processes, and steps to be used during the evaluation.

Scope
This section is a detailed demonstration of the level of effort, boundaries, and limitations of the evaluation. Appropriate assumptions are a critical part of the scoping process. The scope section provides a detailed listing of known assumptions affecting the evaluation. Assumptions are critical in demonstrating an understanding of the customer environment and detailing how that environment will affect the evaluation. The types of assumptions may include number of physical locations, number and type of systems, number and type of networks, relevant POC information, information about scheduling of the technical scans and conducting the 10 baseline IEM activities, and any associated constraints that can be listed as assumptions.

Roles and responsibilities of customer staff

Download Free Access Control Supervision and Review

- Determine if the organization supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls.

- Examine access control policy, procedures addressing supervision and review of access control enforcement and usage, security plan or other relevant documents; reviewing for the measures to be employed to supervise and review user activities with respect to the enforcement and usage of information system access controls.

Download Free ISO 27001/ISO17799 Wireless LAN Security Summary

1. Develop an agency security policy that addresses the use of wireless technology, including 802.11.
A security policy is the foundation on which other countermeasures—the operational and technical ones—are rationalized and implemented. A documented security policy allows an organization to define acceptable architecture, implementation, and uses for 802.11 wireless technologies.

2. Ensure that users on the network are fully trained in computer security awareness and the risks associated with wireless technology (e.g., 802.11).
A security awareness program helps users to establish good security practices to prevent inadvertent or malicious intrusions into an organization’s information systems.