Cyber & IT Supervisory Forum - November 2023

Internal Use Only

R ‐ SAT v. 2.0: Question 14

NEW: Removed MFA references (now a separate question); added new considerations for patch management; technical and administrative controls to manage removeable media use; controls for changing default hardware and software settings; implementation of jump box, bastion host, or administrative VLAN for segregating privileged/admin access to sensitive servers or data; and procedures for resetting or replacing user credentials.

17

Internal Use Only

R ‐ SAT v. 2.0: Question 15

NEW: Minor rewording. Added phrase “actively participate” for emphasis in sub ‐ question addressing C ‐ suite participation in IRP testing.

18