documentation

documentation Controls

7 controls across 4 frameworks.

CISA CPG

A cybersecurity policy is established, approved, and communicated

Governance and Training / Governance and Training

An incident response plan is documented and maintained

Response and Recovery / Response and Recovery

Maintain written security policies, procedures, and records for six years from creation or last effective date

Policies & Procedures / Documentation

The end of incident recovery is declared based on criteria, and incident-related documentation is completed

Recover / Incident Recovery Plan Execution

Security information is communicated internally

Security / Communication and Information

Control activities are selected and developed to mitigate risks

Security / Control Activities

Controls are deployed through policies and procedures

Security / Control Activities