NIST SP 800-171
Consists of 14 Families
3.1: Access Control
Control of who has physical access to company file systems.
3.3: Audit and Accountability
The ability to catch system events and trace the events back to the origin.
3.5: Identification and Authentication
The ability to identify users and authenticate that identification.
Plans to keep data secure when any maintenance is needed.
3.9: Personnel Security
Policy and procedure to protect organizational users.
3.11: Risk Assessment
Policy and procedure to regularly assess risk within the organization.
3.13: Systems and Communications Protections
Protection of data while it is being sent or received.
3.2: Awareness and Training
Training organizational users on the importance of cyber-security.
3.4: Configuration Management
Managing the base configuration of all organizational systems.
3.6: Incident Response
Details regarding the organizational response should an incident occur.
3.8: Media Protection
Protection of the physical storage point for organizational data
3.10: Physical Protection
Protection measures for the physical environment or organizational facility.
3.12: Security Assessment
Policy and procedure to regularly assess security measures.
3.14: System and Information Integrity
Ensuring all information contains what it should contain.