Академический Документы
Профессиональный Документы
Культура Документы
1 CMR 17.00 NYDFS Cybersecurity Regulations ISO 27001:2013 Annex A Control NIST 800:53 NAIC Model Law
Section 4
Context of Organisation MSS DOC 4.1 4.1
Identification of Interested Parties Procedure MSS DOC 4.2 4.2 17.03 (1) c
17.03 (2) b
Legislation and Regulation MSS REC 4.2 4.2
Scope Statement MSS REC 4.3 4.3 17.03 (1) c
17.03 (2) b
Section 5
Information Security Policy ISMS DOC 5.2 5.1-5.2 17.03 (1) c 500.03 Cybersecurity policy 5.1.1/5.1.2 CA-1
17.03 (2) a 500.04 Chief Information Security Officer PL-1
17.03 (2) b PL-4
PL-8
PL-9
SC-1
SI-1
Roles and Responsibilities: Document Management Tool ISMS REC 5.3 5.3 17.03 (2) a PL-4
Section 6
Risk Management Procedure MSS DOC 6.1 500.02 Cybersecurity program CA-1 4C Risk assessment
500.09 Risk assessment CA-2 4D Risk management
CA-2 (1)
CA-2 (3)
CA-5
RA-1
RA-3
SI-2
SI-2 (1)
Risk Assessment Tool RM-ISMS DOC 6.1.2a 6.1.2 17.03 (1) c RA-1
17.03 (2) b RA-3
Statement of Applicability Work Instruction RM-ISMS DOC 6.1.3d 6.1.3d 17.03 (1) c 500.02 Cybersecurity program RA-3
17.03 (2) b 500.09 Risk assessment
Statement of Applicability Tool RM-ISMS SoA Tool 6.1.3d 17.03 (1) c RA-3
17.03 (2) b
Risk Treatment Plan RM-ISMS REC 6.1.3 6.1.3 CA-5
RA-3
Risk Management folder
Control A.6
Contact with Authorities ISMS-C DOC 6.1.3 17.03 (2) a 500.17 Notices to superintendent 6.1.3/6.1.4 12 Rules and regulations
Notebook Computer Security ISMS-C DOC 6.2.1 17.03 (2) c 6.2.1
17.04 (3)
Telework Security ISMS-C DOC 6.2.2 17.03 (2) c 6.2.2 AC-17
AC-17 (3)
Teleworker User Agreement ISMS-C DOC 6.2.2a 17.03 (2) c 6.2.2 AC-17 (6)
PL-4
Schedule ISMS-C REC 6.1.3 17.03 (2) a 500.17 Notices to superintendent 6.2.2
Teleworker Checklist ISMS-C REC 6.2.2b 17.03 (2) c 6.1.3/6.1.4
Control A.7
HR Department Requirements ISMS-C DOC 7.1 PS-1
PS-2
PS-8
Personnel Screening Requirements ISMS-C DOC 7.1.1 7.1.1 MA-5
MA-5 (1)
MA-5 (2)
MA-5 (3)
MA-5 (4)
PS-3
Employee Termination / Change of role ISMS-C DOC 7.3.1 17.03 (2) e 7.3.1/8.1.4 PS-4
PS-5
Termination / Change Checklist ISMS-C REC 7.3.1 17.03 (2) e 7.3.1/8.1.4 PS-4
PS-4 (1)
PS-4 (2)
PS-5
PS-6 (3)
Username Administration ISMS-C DOC 9.2.3A 17.03 (2) c 9.2.1/9.4.3 AC-2 (1)
17.04 (1) a AC-2 (3)
17.04 (1) b AC-2 (10)
17.04 (1) c IA-4 (1)
17.04 (2) a IA-5 (1)
17.04 (2) b IA-5 (3)
Required Cryptographic Controls ISMS-C REC 10.1.1 17.03 (2) b (3) 500.15 Encryption of non-public information 18.1.5
17.04 (1) c
17.04 (3)
17.04 (5)
Control A.11
Physical and Environmental Security ISMS-C DOC 11.1.2 500.12 Multi-factor authentication 11.1.2/11.1.3/11.1.5 AC-19
AC-19 (4)
MA-3 (1)
MA-5
MA-5 (1)
MA-5 (2)
MA-5 (3)
MA-5 (4)
MA-5 (5)
PE-1
PE-2
PE-3
PE-3 (1)
PE-3 (2)
SC-7 (14)
Fire Door Monitoring ISMS-C DOC 11.1.2A 17.03 (2) g 11.1.1/11.1.2/11.1.3 PE-3
PE-3 (3)
PE-6
PE-6 (1)
PE-6 (2)
PE-6 (3)
PE-6 (4)
Fire Alarm Monitoring ISMS-C DOC 11.1.2B 17.03 (2) g 11.1.1/11.1.4 PE-3 (3)
PE-6
PE-6 (1)
PE-6 (2)
PE-6 (3)
PE-6 (4)
PE-13
PE-13 (1)
PE-13 (4)
Burglar Alarm Monitoring ISMS-C DOC 11.1.2C 17.03 (2) g 11.1.1/11.1.4 PE-3 (3)
PE-6
PE-6 (1)
PE-6 (2)
PE-6 (3)
PE-6 (4)
Reception Area ISMS-C DOC 11.1.2D 17.03 (2) g 11.1.1/11.1.2 PE-2 (2)
PE-2 (3)
PE-3
PE-3 (3)
PE-6
PE-6 (1)
PE-6 (2)
PE-6 (3)
PE-6 (4)
PE-8
PE-8 (1)
Fire Suppression ISMS-C DOC 11.2.1A 17.03 (2) b (3) 11.1.4/11.2.1/11.2.4 PE-13
PE-13 (2)
PE-13 (3)
PE-13 (4)
Physical Perimeter Security ISMS-C DOC 11.1.11 17.03 (2) g 11.1.1/11.1.2/11.1.3 PE-3
Information Security Assets for Disposal ISMS-C REC 11.2.7 11.2.7
Control A.12
Documented Procedures ISMS-C DOC 12.1.1 17.03 (2) b (3) 12.1.1 AC-4 (5)
CM-1
CM-2
CM-2 (1)
CM-2 (2)
CM-2 (3)
CM-3
CM-7 (3)
MA-1
PL-7
SA-5
SI-7 (16)
SC-38
SC-43
Control of Operational Software ISMS-C DOC 12.1.1A 12.5.1 CM-6
CM-6 (1)
CM-7
CM-7 (1)
CM-7 (2)
CM-10
CM-10 (1)
MA-1
SA-5
SI-7
SI-7 (1)
SI-7 (2)
SI-7 (3)
SI-7 (5)
SI-7 (6)
SI-7 (7)
SI-7 (8)
SI-7 (9)
SI-7 (10)
SI-7 (11)
SI-7 (12)
SI-7 (15)
SA-22
SA-22 (1)
Change Control Procedure ISMS-C DOC 12.1.2 17.03 (2) b (3) 12.1.2/12.5.1/15.2.2/14.2.2 CM-3
CM-3 (1)
CM-3 (2)
CM-3 (3)
CM-3 (4)
CM-3 (5)
CM-3 (6)
CM-4
CM-4 (1)
CM-4 (2)
CM-5
CM-5 (1)
CM-5 (2)
CM-5 (3)
CM-5 (4)
CM-5 (5)
CM-5 (6)
CM-6 (2)
MA-1
MA-2
MA-2 (2)
System Planning and Acceptance ISMS-C DOC 12.1.3 17.03 (2) b (3) 12.1.3/12.5.1/14.2.3/14.2.9/14.3.1 CM-9
CM-9 (1)
RA-2
SA-2
SA-13
SI-10
SI-10 (1)
SI-10 (2)
SI-10 (4)
SI-10 (5)
SC-25
SC-36
SA-18
SA-19
Operational Test and Development Environment ISMS-C DOC 12.1.4 17.03 (2) b (3) 12.1.4 CM-2 (6)
CM-4 (1)
Policy Against Malware ISMS-C DOC 12.2.1 17.04 (7) 12.2.1 SC-18
SC-18 (1)
SC-18 (2)
SC-18 (3)
SC-18 (4)
SC-18 (5)
SI-3
SI-3 (1)
SI-3 (8)
SI-3 (9)
SI-7 (14)
Controls Against Malware ISMS-C DOC 12.2.1A 17.04 (7) 12.2.1 MA-3 (2)
SC-7 (12)
SC-7 (18)
SC-18
SC-18 (1)
SC-18 (2)
SC-18 (3)
SC-18 (4)
SC-18 (5)
SI-3
SI-3 (2)
SI-3 (4)
SI-3 (6)
SI-3 (7)
SI-3 (10)
SI-16
SC-44
Vulnerability Management ISMS-C DOC 12.6.1 17.03 (2) b (3) 500.05 Penetration testing and vulnerability assessments CA-8
CA-8 (1)
CA-8 (2)
MA-3
MA-3 (4)
MA-4
PE-3 (6)
RA-5
RA-5 (1)
RA-5 (2)
RA-5 (3)
RA-5 (4)
RA-5 (5)
RA-5 (6)
RA-5 (8)
RA-5 (10)
RA-6
SI-2
SI-2 (5)
SI-2 (6)
SC-35
SC-36 (1)
System Auditing Procedure ISMS-C DOC 12.7.1 17.03 (2) b (3) 500.06 Audit trail 12.6.1/12.7.1 AU-1
500.14 Training and monitoring AU-2
AU-2 (3)
AU-3
AU-3 (1)
AU-3 (2)
AU-4
AU-5
AU-5 (1)
AU-5 (2)
AU-5 (3)
AU-5 (4)
AU-15
IR-6 (1)
SI-2
Control A.14
Software and Service Acquisition Procedure ISMS-C DOC 14.1.1 500.08 Application security 14.1.2/14.1.3 SA-1
500.11 Third-party service provider security policy SA-2
SA-4
SA-4 (1)
SA-4 (2)
SA-4 (3)
SA-4 (5)
SA-4 (6)
SA-4 (7)
SA-4 (8)
SA-4 (9)
SA-4 (10)
SA-5
SA-9 (2)
SA-9 (5)
SA-10
SA-10 (1)
SA-10 (2)
SA-10 (3)
SA-10 (4)
SA-10 (5)
SA-10 (6)
SA-12 (1)
SA-12 (2)
SA-12 (7)
SA-12 (8)
SA-12 (10)
SA-13
SI-10
SI-14
SI-14 (1)
SI-15
SI-16
SC-27
SC-29
SC-29 (1)
SA-16
SA-17
SA-17 (1)
SA-17 (2)
SA-17 (3)
E-commerce & Online Transactions ISMS-C DOC 14.1.2 17.03 (2) c 14.2.1 AC-22
17.04 (3) AC-23
IA-4 (3)
Secure Development Policy ISMS-C DOC 14.2.1 500.08 Application security AC-21 (2)
CA-6
SA-1
SA-3
SA-8
SI-10
SA-20
Control A.15
Information Security Policy for Supplier Relationships ISMS-C DOC 15.1.1 17.03 (2) f (2) 500.11 Third-party service provider security policy AC-20 4F Oversight of third-party service provider arrangements
AC-20 (1)
AC-20 (2)
AC-20 (3)
AC-20 (4)
IR-4 (10)
IR-6 (3)
PL-8 (2)
SA-9 (1)
SA-9 (3)
SA-9 (4)
SA-11
SA-11 (1)
SA-11 (2)
SA-11 (3)
SA-11 (4)
SA-11 (5)
SA-11 (6)
SA-11 (7)
SA-11 (8)
SA-12 (5)
SA-12 (9)
SA-12 (11)
SA-12 (12)
SA-12 (13)
SA-12 (14)
SA-13
SA-15 (1)
SA-15 (6)
SA-15 (10)
SA-18
SA-18 (1)
SA-18 (2)
SA-19
SA-19 (1)
SA-19 (2)
SA-19 (3)
SA-19 (4)
SA-21
SA-21 (1)
Third-Party Service Contracts ISMS-C DOC 15.1.2 17.03 (2) f (1) 500.11 Third-party service provider security policy 15.1.2/15.2.1/15.2.2 AU-16
17.03 (2) f (2) IA-9
IA-9 (1)
IA-9 (2)
IR-4 (10)
IR-6 (3)
SA-4 (3)
SA-4 (5)
SA-4 (8)
SA-9
SA-9 (1)
SA-9 (2)
SA-9 (3)
SA-10
SA-10 (1)
SA-10 (2)
SA-10 (3)
SA-10 (4)
SA-10 (5)
SA-10 (6)
SA-11
SA-11 (1)
SA-11 (2)
SA-11 (3)
SA-11 (4)
SA-11 (5)
SA-11 (6)
SA-11 (7)
SA-11 (8)
SA-12 (2)
SA-12 (5)
SA-12 (7)
SA-12 (8)
SA-12 (9)
SA-12 (11)
SA-12 (12)
SA-15 (1)
External Parties ISMS-C DOC 15.2.2 17.03 (2) f (1) 500.11 Third-party service provider security policy 13.2.2/15.1.1/15.1.2/15.1.3/15.2.2 AU-16
17.03 (2) f (2) AU-16 (1)
AU-16 (2)
IR-4 (10)
IR-6 (3)
MA-4
MA-4 (1)
MA-4 (2)
MA-4 (3)
MA-4 (4)
MA-4 (5)
MA-4 (6)
PS-7
SA-11
SA-11 (1)
SA-11 (2)
SA-11 (3)
SA-11 (4)
SA-11 (5)
SA-11 (6)
SA-11 (7)
SA-11 (8)
SA-12
SA-12 (5)
SA-12 (9)
SA-12 (11)
SA-12 (12)
SA-12 (14)
SA-12 (15)
SA-14
SA-15
SA-15 (1)
SA-15 (2)
SA-15 (3)
SA-15 (4)
SA-15 (5)
SA-15 (6)
SA-15 (7)
SA-15 (8)
SA-15 (9)
SA-15 (10)
Control A.16
Reporting the Information Security Weaknesses & Events ISMS-C DOC 16.1.2-3 17.03 (2) j 500.06 Audit trail 16.1.1/16.1.2/16.1.3/18.2.3 IR-1
IR-2
IR-6
IR-6 (1)
IR-7
IR-7 (1)
IR-7 (2)
SI-4 (7)
SI-4 (12)
SI-4 (24)
SI-11
Responding to Information Security Reports ISMS-C DOC 16.1.5 17.03 (2) j 500.06 Audit trail 16.1.1/16.1.2/16.1.4/16.1.5/16.1.6 IR-1 5A Investigation of a data breach
500.16 Incident response plan IR-4 5B During investigation
500.17 Notices to superintendant IR-4 (1) 6A Notification of a data breach
IR-4 (2) 6B Notification to the Commissioner
IR-4 (3) 6C Notification to consumer reporting agencies
IR-4 (4) 6D Notification to consumers
IR-4 (5) 6E Notice regarding data breaches of third-party service
IR-4 (6) providers
IR-4 (7) 6F Delaying notice
IR-4 (8) 7 Consumer protections following a data breach
IR-4 (9)
IR-5
IR-5 (1)
IR-6 (2)
IR-6 (3)
IR-7
IR-7 (1)
IR-7 (2)
IR-8
IR-9
IR-9 (1)
IR-9 (2)
IR-9 (3)
IR-9 (4)
IR-10
Control A.18
Intellectial Property Rights ISMS-C DOC 18.1.2A 18.1.2
IPR Compliance ISMS-C DOC 18.1.2B 18.1.2
Control of Records ISMS-C DOC 18.1.3 7.5.3 17.03 (2) g 18.1.3
Retention of Records ISMS-C DOC 18.1.3A 17.03 (2) g 500.06 Audit trail 18.1.3
500.13 Limitations on data retention
500.17 Notices to superintendant
Data Protection and Privacy ISMS-C DOC 18.1.4 17.01 (1) (2) 18.1.4 SI-12
17.02
17.03 (1)
17.03 (1) d
17.03 (2) c
17.03 (2) e
17.03 (2) f (1)
17.03 (2) f (2)
17.03 (2) g
17.03 (2) I
17.04 (1) d
17.04 (2) a
17.04 (3)
17.04 (4)
17.04 (6)
17.04 (8)
Terms and Conditions of Website Use ISMS-C DOC 18.1.4B 17.01 (1) (2) 18.1.4
17.02
17.03 (1) d
17.03 (2) c
17.03 (2) e
17.03 (2) f (1)
17.03 (2) f (2)
17.03 (2) I
17.04 (1) d
17.04 (2) a
17.04 (3)
17.04 (4)
17.04 (6)
17.04 (8)
Training and Development Procedure MSS DOC 7.2.3 7.2 17.03 (2) b (1) 500.10 Cybersecurity personnel and intelligence CP-3 (2)
IR-2
IR-2 (1)
IR-2 (2)
PS-1
PS-3 (2)
Leavers Process MSS DOC 7.2.4 7.2.4 17.03 (2) b (1) PS-1
Awareness Procedure MSS DOC 7.3 7.3 17.03 (2) b (1) 500.14 Training and monitoring AT-1
17.04 (8) SI-4 (17)
Communication Procedure MSS DOC 7.4 7.4 17.04 (8) AC-22
Document Control MSS DOC 7.5.3 7.5.3 17.03 (1)
Information Security Manager Job Description ISMS REC 7.2.1A 7.2 17.03 (2) b (1)
Head of Risk Job Description ISMS REC 7.2.1B 7.2 17.03 (2) b (1)
Chief Information Security Officer (CISO) Job Description ISMS REC 7.2.1C 7.2 17.03 (2) b (1) 500.04 Chief Information Security Officer
Competence Matrix MSS REC 7.2 7.2 17.03 (2) b (1)
Job Description MSS REC 7.2.1 7.2 17.03 (2) b (1) PS-3 (1)
Induction Checklist MSS REC 7.2.2 7.2.1 17.03 (2) b (1) PS-3 (2)
Training Record Matrix MSS REC 7.2.3 7.2 17.03 (2) b (1) AT-1
AT-2
AT-2 (1)
AT-2 (2)
AT-3
AT-3 (1)
AT-3 (2)
AT-3 (3)
AT-3 (4)
AT-4
Internal Audit Procedure MSS DOC 9.2 9.2 17.03 (2) b AU-1
17.03 (2) b (2) AU-2
17.03 (2) h CA-7 (1)
SI-2
SI-6
SI-6 (3)
Management Review of the ISMS MSS DOC 9.3 9.3 17.03 (2) b 5.1.1/5.1.2 SI-2 4E Oversight by Board of Directors
17.03 (2) h
17.03 (2) i
Monitoring and Measurement Register MSS REC 9.1 9.1 17.03 (2) h
Internal Audit Schedule MSS REC 9.2.1 9.2 17.03 (2) b
17.03 (2) b (2)
17.03 (2) h
Internal Audit Report Lead Sheet MSS REC 9.2.2 9.2 17.03 (2) b
17.03 (2) b (2)
17.03 (2) h
Management Review Record MSS REC 9.3 9.3 17.03 (2) b
17.03 (2) h
17.03 (2) i
Section 10
Non-Conformity Procedure MSS DOC 10.1 10.1 17.03 (2) b MA-1
17.03 (2) h MA-6
SI-2
SI-2 (1)
SI-2 (2)
SI-2 (3)
Continual Improvement Procedure MSS DOC 10.2 10.2 17.03 (2) h MA-1 4G Program adjustments
SI-2
SI-2 (1)
Corrective Action Report MSS REC 10.1.1 10.2 17.03 (2) b
17.03 (2) h
Non-Conformance Report MSS REC 10.1.1A 10.1 17.03 (2) b
17.03 (2) h
Non-Conformance Report Log MSS REC 10.1.1B 10.1 17.03 (2) b
17.03 (2) h
NIST Documents
Maintenance of Information Systems NIST DOC MA MA-1
MA-2
MA-2 (2)
MA-3
MA-3 (1)
MA-3 (2)
MA-3 (4)
MA-4
MA-4 (1)
MA-4 (2)
MA-4 (3)
MA-4 (5)
MA-5
MA-5 (1)
MA-5 (2)
MA-5 (3)
MA-5 (4)
MA-5 (5)
MA-6
MA-6 (1)
MA-6 (2)
MA-6 (3)
Other documents
a.IntroductionISO27001ISMS
b.ToolkitGuidance
ContentsListISMS
CopyrightLicenseISMS
InfoSecManualv3.2 All 500.00 Introduction All AC-5 4A Implementation of an information security program (clause
500.02 Cybersecurity program (clauses 0.1 & 3 in manual) AC-17 (2) 3 in manual)
500.17 Notices to superintendant (clauses 4 in manual) CA-3 4E Oversight by Board of Directors (clause 3.1 b5 in manual)
CA-5 (1)
MA-3
MA-3 (1)
PE-18 (1)
PL-1
PL-8
PL-8 (1)
PL-9
SI-5
SI-5 (1)
SI-8
SI-8 (1)
SI-8 (2)
SI-8 (3)
SC-38
toolkitmap.xml
UserInput
vsRisk_ToolkitGuidance