Cyber & IT Supervisory Forum - November 2023

Internal Use Only

Control Assessment Examples

NIST Control No.

Person Responsible

Specific Safeguards In Place Alienvault in place to monitor network and Active Directory lockouts and logs.

Control Effectiveness

Overall Residual Risk

Control Concept

Establish mechanisms to monitor personnel activity for potential cybersecurity events or fraud. Implement security zones with network segmentation and access controls to protect network integrity.

DE.CM ‐ 3

Strong

Low

Network segmentation and access controls are in place.

Strong

Medium

PR.AC ‐ 5

15

15

Internal Use Only

Identifying Risk Acceptance/Mitigation Plans

16

16