Downloadable policy templates, incident response playbooks, and compliance checklists
Account provisioning, access controls, security awareness training, equipment assignment, and acceptable use policy acknowledgment.
Account deprovisioning, access revocation, equipment return, knowledge transfer, and exit interview security review.
Annual training schedule, phishing simulation program, and compliance tracking for all employees.
Defines acceptable and prohibited use of organizational IT resources, internet access, and data handling.
Comprehensive policy covering data classification, access controls, incident reporting, and security responsibilities.
Template for inter-agency or vendor agreements covering data sharing, security requirements, and responsibilities.
Framework for classifying data sensitivity levels and corresponding handling requirements.
Complete IR plan aligned with NIST SP 800-61 Rev. 2 covering preparation, detection, containment, eradication, and recovery.
Step-by-step checklist for responding to ransomware incidents including isolation, assessment, and recovery procedures.
Templates for notifying affected individuals, regulators, and law enforcement of data breaches per state requirements.
Internal and external communication templates and procedures during security incidents.
Process for identifying, assessing, prioritizing, and remediating vulnerabilities across the organization.
Controls for managing changes to IT systems, including approval workflows and rollback procedures.
Data backup schedules, retention policies, and recovery testing procedures.
Timelines and procedures for testing and deploying security patches across all systems.
Simplified worksheet for identifying Bulk Electric System cyber assets for small utilities.
Template for documenting physical security controls around critical cyber assets.
Procedures for managing electronic access to BES cyber systems.