AST-02.4 - Approved Baseline Deviations

Mechanisms exist to document and govern instances of approved deviations from established baseline configurations.

AST-02.5 - Network Access Control (NAC)

Automated mechanisms exist to employ Network Access Control (NAC), or a similar technology, which is capable of detecting unauthorized devices and disable network access to those unauthorized devices.

AST-02.6 - Dynamic Host Configuration Protocol (DHCP) Server Logging

Mechanisms exist to enable Dynamic Host Configuration Protocol (DHCP) server logging to improve asset inventories and assist in detecting unknown systems.

BCD-02.4 - Data Storage Location Reviews

Mechanisms exist to perform periodic security reviews of storage locations that contain sensitive / regulated data.

BCD-03 - Contingency Training

Mechanisms exist to adequately train contingency personnel and applicable stakeholders in their contingency roles and responsibilities.

BCD-03.1 - Simulated Events

Mechanisms exist to incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations.

CFG-02.2 - Automated Central Management & Verification

Automated mechanisms exist to govern and report on baseline configurations of systems through Continuous Diagnostics and Mitigation (CDM), or similar technologies.

CFG-02.3 - Retention Of Previous Configurations

Mechanisms exist to retain previous versions of baseline configuration to support roll back.