| ๐ผ CC7.1 To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities. | 5 | | | |
| ย ย ย ย ๐ผ CC7.1-1 Uses Defined Configuration Standards | | 4 | 5 | |
| ย ย ย ย ๐ผ CC7.1-2 Monitors Infrastructure and Software | | 9 | 12 | |
| ย ย ย ย ๐ผ CC7.1-3 Implements Change-Detection Mechanisms | | | 3 | |
| ย ย ย ย ๐ผ CC7.1-4 Detects Unknown or Unauthorized Components | | | 3 | |
| ย ย ย ย ๐ผ CC7.1-5 Conducts Vulnerability Scans | | | | |
| ๐ผ CC7.2 The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events. | 4 | | | |
| ย ย ย ย ๐ผ CC7.2-1 Implements Detection Policies, Procedures, and Tools | | | 7 | |
| ย ย ย ย ๐ผ CC7.2-2 Designs Detection Measures | | | 7 | |
| ย ย ย ย ๐ผ CC7.2-3 Implements Filters to Analyze Anomalies | | 9 | 18 | |
| ย ย ย ย ๐ผ CC7.2-4 Monitors Detection Tools for Effective Operation | | | 1 | |
| ๐ผ CC7.3 The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures. | 7 | | | |
| ย ย ย ย ๐ผ CC7.3-1 Responds to Security Incidents | | | 2 | |
| ย ย ย ย ๐ผ CC7.3-2 Communicates and Reviews Detected Security Events | | | 2 | |
| ย ย ย ย ๐ผ CC7.3-3 Develops and Implements Procedures to Analyze Security Incidents | | | 2 | |
| ย ย ย ย ๐ผ CC7.3-4 Assesses the Impact on Confidential Information | | | 2 | |
| ย ย ย ย ๐ผ CC7.3-5 Determines Confidential Information Used or Disclosed | | | 2 | |
| ย ย ย ย ๐ผ CC7.3-6 Assesses the Impact on Personal Information | | | | |
| ย ย ย ย ๐ผ CC7.3-7 Determines Personal Information Used or Disclosed | | | | |
| ๐ผ CC7.4 The entity responds to identified security incidents by executing a defined incident-response program to understand, contain, remediate, and communicate security incidents, as appropriate. | 14 | | | |
| ย ย ย ย ๐ผ CC7.4-1 Assigns Roles and Responsibilities | | | | |
| ย ย ย ย ๐ผ CC7.4-2 Contains and Responds to Security Incidents | | | | |
| ย ย ย ย ๐ผ CC7.4-3 Mitigates Ongoing Security Incidents | | | | |
| ย ย ย ย ๐ผ CC7.4-4 Resolves Security Incidents | | | | |
| ย ย ย ย ๐ผ CC7.4-5 Restores Operations | | | | |
| ย ย ย ย ๐ผ CC7.4-6 Develops and Implements Communication Protocols for Security Incidents | | | | |
| ย ย ย ย ๐ผ CC7.4-7 Obtains Understanding of Nature of Incident and Determines Containment Strategy | | | | |
| ย ย ย ย ๐ผ CC7.4-8 Remediates Identified Vulnerabilities | | | | |
| ย ย ย ย ๐ผ CC7.4-9 Communicates Remediation Activities | | | | |
| ย ย ย ย ๐ผ CC7.4-10 Evaluates the Effectiveness of Incident Response | | | | |
| ย ย ย ย ๐ผ CC7.4-11 Periodically Evaluates Incidents | | | | |
| ย ย ย ย ๐ผ CC7.4-12 Applies Breach Response Procedures | | | | |
| ย ย ย ย ๐ผ CC7.4-13 Communicates Unauthorized Use and Disclosure | | | | |
| ย ย ย ย ๐ผ CC7.4-14 Application of Sanctions | | | | |
| ๐ผ CC7.5 The entity identifies, develops, and implements activities to recover from identified security incidents. | 6 | | | |
| ย ย ย ย ๐ผ CC7.5-1 Restores the Affected Environment | | | | |
| ย ย ย ย ๐ผ CC7.5-2 Communicates Information About the Incident | | | | |
| ย ย ย ย ๐ผ CC7.5-3 Determines Root Cause of the Incident | | | | |
| ย ย ย ย ๐ผ CC7.5-4 Implements Changes to Prevent and Detect Recurrences | | | | |
| ย ย ย ย ๐ผ CC7.5-5 Improves Response and Recovery Procedures | | | | |
| ย ย ย ย ๐ผ CC7.5-6 Implements Incident Recovery Plan Testing | | | | |