Security Controls

5.1 Authorized and Responsible Use

4 Policy Principles – Individual Accountability

4 Policy Principles – Least Privilege

4 Policy Principles – Protection of Information Assets

5.3 Prohibition of Security Control Circumvention

5.4 Incident Reporting and Cooperation

5.5 Accountability and Auditability

5.6 Policy Awareness and Acknowledgment

6.1 Authorized Devices

6.2 Endpoint Security and User Responsibilities

6.3 Software and Hardware Restrictions

6.4 Loss, Theft, and Compromise

7 Passwords and Credentials Use

8.1 Authorized and Professional Use

8.2 Prohibited Activities

8.3 Email and Messaging Security

8.4 Monitoring and Auditability

8.5 Performance and Resource Protection

9 Cloud Services and External Hosting Use

10 Removable Media and Data Transfer

10.3 Data Transfer Restrictions

13 Printing and Physical Handling

14 Clean Desk and Secure Office Behavior

15 Video Conferencing and Approved Communication Tools