Find Controls – Secure Roadmap

Business Risk

Business Interruption (0)

Financial Fraud (0)

Loss of Sensitive Information (0)

Regulatory Compliance (0)

Reputation damage (0)

Cyber Threat

Solution Category

Function: Access Control

No (0)

Yes (0)

Function:Threat Protection

No (0)

Yes (0)

Function:Detect & Respond

No (0)

Yes (0)

Cyber Event Mitigations

Enforcement Point

Cloud services (0)

Email client (0)

Email gateway (0)

Email servers (0)

Endpoint (0)

Security operations center (soc) (0)

Source Context Data

NIST SP 800-53

MITRE ATT&CK

T1040 network sniffing (0)

T1070 indicator removal on host (0)

T1204 user execution (0)

T1530 data from cloud storage (0)

T1565 data manipulation (0)

T1566 phishing (0)

ISO/IEC 27001

CMMC

SOX

PCI DSS

NERC

Cip-004-6 r4 personnel and training (0)

Cip-007-6 r2 security patch management (0)

Cip-007-6 r4 system security management (0)

Cip-007-6 r5 account management (0)

Cip-008-6 r1 incident response planning (0)

Cip-009-6 r1 recovery plans (0)

Cip-010-3 r1 configuration change management (0)

Cip-011-2 r1 information protection (0)

Cip-011-2 r2 information protection (0)

HIPAA

164.308(a)(1)(ii)(d) security management process (0)

164.308(a)(5)(ii)(a) security awareness (0)

164.308(a)(5)(ii)(b) protection from malicious software (0)

164.308(a)(6)(ii) response and reporting (0)

164.308(a)(7)(ii)(a) contingency plan - data backup (0)

164.312(a)(2)(iv) encryption and decryption (0)

164.312(b) audit controls (0)

164.312(e)(2)(ii) transmission security (0)

164.316(b)(2)(i) documentation (0)

FISMA

GLBA

501.15(a)(1) information security procedures (0)

501.15(a)(2)(iv) security awareness training (0)

501.15(a)(4) data protection (0)

501.15(a)(6) incident response (0)

501.15(a)(7) monitoring (0)

501.15(a)(8) record retention (0)

501.16(b)(2) information handling (0)

GDPR

Article 30 records of processing (0)

Article 32(1)(a) encryption (0)

Article 32(1)(b) security of processing (0)

Article 32(1)(d) technical measures (0)

Article 32(2) risk assessment (0)

Article 33(1) notification of a personal data breach (0)

Article 34 communication of a personal data breach (0)

Article 39(1)(b) staff training (0)

Article 5(1)(f) integrity and confidentiality (0)

CCPA

1798.100(b) risk assessments (0)

1798.105(d)(1) data retention (0)

1798.150(a) security measures (0)

1798.150(b) breach notification (0)

10 Controls Found

Business Risk

Cyber Threat

Solution Category

Function: Access Control

Function:Threat Protection

Function:Detect & Respond

Cyber Event Mitigations

Enforcement Point

Source Context Data

NIST SP 800-53

MITRE ATT&CK

ISO/IEC 27001

CMMC

SOX

PCI DSS

NERC

HIPAA

FISMA

GLBA

GDPR

CCPA

Mitigation Method

Business Risk Contributing Factors

Industry Standard Terms

Cyber Missions

Industry Analyst Firm Terms

Controls

Email Security – Behavioral Analysis

Email Security – Archiving and Compliance

Email Security – Spam Filtering

Email Security – Phishing Protection

Email Security – Malware Protection

Email Security – Data Loss

Email Security – Encryption

Email Security – Advanced Threat Detection

Email Security – Response and Remediation

Email Security – Phishing Button

Follow Us