Control Implementation
CTRL-AST-001
RISK-AM-001, RISK-BC-003, RISK-EX-001, RISK-IR-003
Introduction/acquisition/deployment of new technology asset
[On-premise] Follow operations pipeline with agent installation for CMDB registration
IT Operations Team
IT Operations Support Team
CTRL-AST-001
RISK-AM-001, RISK-BC-003, RISK-EX-001, RISK-IR-003
Introduction/acquisition/deployment of new technology asset or change/modification of existing
[On-premise/Cloud SaaS] Manual input/update to CMDB and Taxonomy
IT Operations Team
-
CTRL-AST-001
RISK-AM-001, RISK-BC-003, RISK-EX-001, RISK-IR-003
Introduction/acquisition/deployment of new technology asset
[Azure Cloud] Follow pipeline for asset registration in CMDB
IT Cloud Services Team
IT Cloud Services Team
CTRL-AST-001
RISK-AM-001, RISK-BC-003, RISK-EX-001, RISK-IR-003
Introduction/acquisition/deployment of new technology asset
[AWS Cloud] Follow pipeline for registration in AWS-native tools (e.g., Aurora DB, MongoDB, EC2)
Portfolio Management Team
Portfolio Management Team
CTRL-AST-001
RISK-AM-001, RISK-BC-003, RISK-EX-001, RISK-IR-003
Introduction/acquisition/deployment of corporate end-user device (PC, Laptop, Mobile)
[Corporate End User Devices] Follow EUS pipeline to register/update inventory and CMDB
IT End User Services Team
IT End User Services Team
CTRL-BCD-002
RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-IR-002
Introduction of new resilience design or change
[On-premise] Define/update RTO/RPO in ITOG, follow PDLC OAT drill protocol
IT Operations Team
-
CTRL-BCD-002
RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-IR-002
Introduction of new resilience design or change
[Cloud IaaS/PaaS] Define/update RTO/RPO in ITOG, follow PDLC OAT drill protocol
Portfolio Management Team
Portfolio Management Team
CTRL-BCD-002
RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-IR-002
Acquisition of new Cloud SaaS service
[Cloud SaaS] Confirm RTO/RPO from provider meets ITOG/business requirements
Portfolio Management Team
Portfolio Management Team
CTRL-BCD-003
RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change of system, server, network
[On-premise] Follow storage pipeline for services with automated backup
IT Storage Team
IT Storage Team
CTRL-BCD-003
RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change of system, server, network
[On-premise] Define backup mechanism in ITOG per standards
Portfolio Management Team
Portfolio Management Team
CTRL-BCD-003
RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change of cloud-based resource
[Cloud IaaS/PaaS] Define backup mechanism in ITOG per standards
Portfolio Management Team
Portfolio Management Team
CTRL-BCD-003
RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Acquisition of new Cloud SaaS service
[Cloud SaaS] Confirm provider backup meets ITOG standards
Portfolio Management Team
Portfolio Management Team
CTRL-CAP-002
RISK-BC-001, RISK-BC-003, RISK-BC-004, RISK-SA-001
Introduction of new system/server/network/cloud resource
[On-premise/Cloud SaaS] Follow standard build for monitoring agent installation
IT Operations Team
IT Operations Support Team
CTRL-CAP-002
RISK-BC-001, RISK-BC-003, RISK-BC-004, RISK-SA-001
Change impacting performance
[On-premise/Cloud SaaS] Review/update monitoring metrics
IT Operations Team
-
CTRL-CAP-002
RISK-BC-001, RISK-BC-003, RISK-BC-004, RISK-SA-001
Introduction of new system/server/network/cloud resource
[AWS Cloud] Follow pipeline for performance logging/monitoring
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-CAP-002
RISK-BC-001, RISK-BC-003, RISK-BC-004, RISK-SA-001
Introduction of new system/server/network/cloud resource
[Azure Cloud] Follow pipeline for Azure Monitor
IT Cloud Services Team
IT Cloud Services Team
CTRL-CAP-002
RISK-BC-001, RISK-BC-003, RISK-BC-004, RISK-SA-001
Introduction of new system/server/network/cloud resource
[On-premise/Cloud SaaS] Define monitoring in ITOG/SOP
Portfolio Management Team
Portfolio Management Team
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/deployment of new system/server/network/cloud
[On-premise/Cloud] Follow standard build for BigFix installation/compliance scanning
IT Operations Team
IT Infrastructure Team (for agent/build); IT Operations Team (for scanning)
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Change with OS/DB version upgrade
[On-premise/Cloud] Review/update configs per new standards, conduct scanning
IT Operations Team
-
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/deployment or change with version upgrade
[On-premise/Cloud] Follow standard build for AD GPO policy
IT Operations Team
IT Infrastructure Team
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/deployment or change with version upgrade
[On-premise/Cloud] Follow hardening guidelines
Portfolio Management Team
Portfolio Management Team
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Acquisition of new Cloud SaaS
[Cloud SaaS] Obtain provider assessment report on hardening
Portfolio Management Team
Portfolio Management Team
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/replacement of Windows PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for AD GPO
IT End User Services Team
IT End User Services Team
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/replacement of MacOS PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for JAMF
IT End User Services Team
IT End User Services Team
CTRL-CFG-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/replacement of Mobile/Tablet
[Corporate End User Devices] Follow EUS pipeline for MS Intune
IT End User Services Team
IT End User Services Team
CTRL-CLD-003
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction of new API service/technology
[On-premise] Follow security pipeline for Impreva WAF onboarding
IT Security Team
IT Platform & Network Security Team
CTRL-CLD-003
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction/change of API integration
[Messaging On-premise/Cloud] Follow integration pipeline for CAP.EMM Solace (auth/encryption)
IT Integration Team
IT Integration Team
CTRL-CLD-003
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction/change of API integration
[Restful API On-premise/Cloud] Follow integration pipeline for APIM (protection/auth/encryption)
IT Integration Team
IT Integration Team
CTRL-CLD-003
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction/change of website/mobile with API
[On-premise/Cloud] Follow security pipeline for Akamai WAF onboarding
IT Security Team
IT Platform & Network Security Team
CTRL-CLD-003
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction of new API service/technology
[AWS Cloud] Follow security pipeline for AWS WAF onboarding
IT Security Team
IT Platform & Network Security Team
CTRL-CLD-003
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction of new API service/technology
[Azure Cloud] Follow pipeline for API management/Databricks
IT Security Team
IT Platform & Network Security Team
CTRL-CLD-003
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction of new API service/technology
Follow best practices for API keys
Portfolio Management Team
Portfolio Management Team
CTRL-CLD-005
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction of new Cloud IaaS/PaaS/SaaS or tenant change
Obtain provider assessment report on tenant segregation
Portfolio Management Team
Portfolio Management Team
CTRL-CLD-006
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction of new Cloud/SaaS or network change
Obtain provider assessment report on secure protocols/encryption
Portfolio Management Team
Portfolio Management Team
CTRL-CLD-007
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction of new Cloud/SaaS or new sensitive data feed
Obtain provider assessment report on encrypted storage/access
Portfolio Management Team
Portfolio Management Team
CTRL-CRY-001
RISK-AC-004, RISK-AM-002, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction of new system/Cloud/SaaS/API or change
Implement data-in-transit encryption (e.g., HTTPS, SSL)
IT Data Protection Team
IT Data Protection Team
CTRL-CRY-003
RISK-AC-004, RISK-AM-002, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction of new system/Cloud/SaaS/DB/end-user device
Implement data-at-rest encryption (e.g., TDE, AES256)
Portfolio Management Team
Portfolio Management Team
CTRL-CRY-004
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change involving crypto keys
[On-premise] Follow key pipeline for secure store (e.g., vault)
IT Data Protection Team
IT Data Protection Team
CTRL-CRY-004
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change involving crypto keys
[Cloud Container] Implement Vault as golden source, sync with native tools
IT Cloud Platform Team
-
CTRL-CRY-004
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change involving crypto keys
[Azure Cloud] Follow pipeline for Azure Key Vault onboarding
IT Cloud Services Team
IT Cloud Services Team
CTRL-CRY-004
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change involving crypto keys
[AWS Cloud] Follow pipeline for Amazon KMS onboarding
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-CRY-004
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction/change involving crypto keys
[AWS Cloud] Follow pipeline for Amazon EKS Secret Manager
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-DCH-003
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of new server
[On-premise] Follow standard build for AD GPO
IT Infrastructure Team
-
CTRL-DCH-003
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of new server or endpoint device
[On-premise/Cloud] Follow standard build for BigFix/compliance scanning
IT Operations Team
IT Infrastructure Team (for agent/build); IT Operations Team (for scanning)
CTRL-DCH-003
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of new server or endpoint device
Configure barriers to restrict removable media
Portfolio Management Team
Portfolio Management Team
CTRL-DCH-003
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction/replacement of Windows PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for AD GPO
IT End User Services Team
IT End User Services Team
CTRL-DCH-003
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/replacement of Mobile/Tablet
[Corporate End User Devices] Follow EUS pipeline for JAMF
IT End User Services Team
IT End User Services Team
CTRL-DCH-003
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/replacement of MacOS PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for MS Intune
IT End User Services Team
IT End User Services Team
CTRL-DCH-007
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction of new network/environment or data flow
[On-premise/Cloud] Implement encryption for transfers
Portfolio Management Team
Portfolio Management Team
CTRL-DCH-007
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction of new network/environment or data flow (Internal+ data)
[Azure Cloud] Implement encryption for transfers
IT Cloud Services Team
IT Cloud Services Team
CTRL-DCH-008
RISK-AC-001, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-GV-001
Introduction of new system/server/network/cloud
[On-premise/Cloud] Define retention/purging in ITOG per policy
Portfolio Management Team
Portfolio Management Team
CTRL-DCH-008
RISK-AC-001, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-GV-001
Introduction of new system/server/network/cloud or decommissioning
[Azure Cloud] Define retention/purging in ITOG per policy
Portfolio Management Team
Portfolio Management Team
CTRL-DCH-010
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-GV-004, RISK-GV-005
Introduction of network with cross-border transfer
Consult Privacy & Compliance Team on transfers
Privacy & Compliance Team
Portfolio Management Team
CTRL-END-001
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/VM cloud
[On-premise/Cloud] Follow standard build for TrendMicro agent
IT Security Team
IT Infrastructure Team
CTRL-END-001
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/VM cloud
[On-premise/Cloud] Follow security pipeline for non-standard anti-malware
IT Security Team
IT Platform & Network Security Team
CTRL-END-001
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/VM cloud
[On-premise/Cloud] Install Carbon Black EDR on Internet-facing
IT Security Team
IT Platform & Network Security Team
CTRL-END-001
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new container cloud
[AWS Cloud Container] Follow pipeline for Aqua Enforcer
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-END-001
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Acquisition of new Cloud SaaS
[Cloud SaaS] Obtain provider assessment on anti-malware
Portfolio Management Team
Portfolio Management Team
CTRL-END-001
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of Windows PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for Trend Micro
IT End User Services Team
IT End User Services Team
CTRL-END-002
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/cloud
[On-premise/Cloud] Follow standard build for Carbon Black EDR on Internet-facing
IT Security Team
IT Infrastructure Team
CTRL-END-002
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/cloud
[On-premise/Cloud] Follow security pipeline for non-standard anti-malware
IT Security Team
IT Platform & Network Security Team
CTRL-END-002
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/cloud
[Azure Cloud] Follow pipeline for threat protection (e.g., Azure Defender)
IT Cloud Services Team
IT Cloud Services Team
CTRL-END-002
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of Windows PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for Carbon Black
IT End User Services Team
IT End User Services Team
CTRL-END-002
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of Mobile/Tablet
[Corporate End User Devices] Follow EUS pipeline for JAMF
IT End User Services Team
IT End User Services Team
CTRL-END-002
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of MacOS PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for MS Intune
IT End User Services Team
IT End User Services Team
CTRL-END-002
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of Desktop/Kiosk
[Corporate End User Devices] Implement physical security measures
Portfolio Management Team
Portfolio Management Team
CTRL-END-003
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/cloud
[On-premise] Follow standard build for AD GPO
IT Infrastructure Team
-
CTRL-END-003
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction of new system/server/cloud or endpoint
[On-premise/Cloud] Follow standard build for BigFix/compliance scanning
IT Operations Team
IT Infrastructure Team (for agent/build); IT Operations Team (for scanning)
CTRL-END-003
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of Windows PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for AD GPO
IT End User Services Team
IT End User Services Team
CTRL-END-003
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of MacOS PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for JAMF
IT End User Services Team
IT End User Services Team
CTRL-END-003
RISK-AC-004, RISK-AM-002, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-EX-002
Introduction/replacement of Mobile/Tablet
[Corporate End User Services] Follow EUS pipeline for MS Intune
IT End User Services Team
IT End User Services Team
CTRL-IAC-001
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of new system/server/network/cloud (with new user access)
Follow security pipeline for WIAM onboarding
IT IAM Team
IT IAM Support Team
CTRL-IAC-001
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of new system/server/network/cloud (with new user access)
Integrate with AD domain, create WIAM groups
IT IAM Team
IT Infrastructure Team (for AD)
CTRL-IAC-001
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction or change introducing new user access
Define account management procedure/R&R per standards
Portfolio Management Team
Portfolio Management Team
CTRL-IAC-002
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002, RISK-GV-004, RISK-GV-005
Introduction of new system/server/network/cloud (with external access)
Follow security pipeline for WIAM onboarding
IT IAM Team
IT IAM Support Team
CTRL-IAC-002
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002, RISK-GV-004, RISK-GV-005
Introduction of new system/server/network/cloud (with external access)
Enforce domain account creation, integrate AD/WIAM groups
IT IAM Team
IT Infrastructure Team (for AD)
CTRL-IAC-002
RISK-AC-001, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002, RISK-GV-004, RISK-GV-005
Introduction or change enabling external access
Implement authentication for external users
Portfolio Management Team
Portfolio Management Team
CTRL-IAC-003
RISK-AC-001, RISK-AC-003, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of system with remote access or migration to cloud
Follow security pipeline for WIAM with MFA (Passkey)
IT IAM Team
IT IAM Support Team
CTRL-IAC-003
RISK-AC-001, RISK-AC-003, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of system with remote access or migration to cloud
Implement third-party software token MFA
Portfolio Management Team
Portfolio Management Team
CTRL-IAC-003
RISK-AC-001, RISK-AC-003, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002
Introduction of system with remote access or migration to cloud
[AWS Cloud] Follow pipeline for hardware token (YuBiKey) for root
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-IAC-004
RISK-AC-004
Introduction of new system/server/network/cloud
Follow security pipeline for WIAM onboarding
IT IAM Team
IT IAM Support Team
CTRL-IAC-004
RISK-AC-004
Introduction of new system/server/network/cloud
Define account management procedure/R&R per standards
Portfolio Management Team
Portfolio Management Team
CTRL-IAC-005
RISK-AC-004, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction or change updating permission design
Follow security pipeline for WIAM onboarding
IT IAM Team
IT IAM Support Team
CTRL-IAC-005
RISK-AC-004, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction or change updating permission design
Define account management procedure/R&R per standards
Portfolio Management Team
Portfolio Management Team
CTRL-IAC-005
RISK-AC-004, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004
Introduction or change updating permission design
[Azure Cloud] Follow pipeline for RBAC via ACL
IT Cloud Services Team
IT Cloud Services Team
CTRL-IAC-007
RISK-AC-001, RISK-AC-002, RISK-AC-003, RISK-AC-004, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002, RISK-IR-001
Introduction of new system/server/network/cloud
Follow standard build for CyberArk PAM onboarding (local admin)
IT Operations Team
IT Infrastructure Team
CTRL-IAC-007
RISK-AC-001, RISK-AC-002, RISK-AC-003, RISK-AC-004, RISK-BC-001, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-002, RISK-IR-001
Introduction of new system/server/network/cloud
Onboard privileged accounts from ITOG to CyberArk PAM
IT Operations Team
IT Operations Support Team
CTRL-IAC-008
RISK-AC-001, RISK-AC-004
Introduction of new system/server/network/cloud
Follow security pipeline for WIAM onboarding
IT IAM Team
IT IAM Support Team
CTRL-IAC-008
RISK-AC-001, RISK-AC-004
Introduction of new system/server/network/cloud
[On-premise] Follow standard build for AD GPO password policy
IT IAM Team
IT Infrastructure Team
CTRL-IAC-008
RISK-AC-001, RISK-AC-004
Introduction of new system/server/network/cloud
Implement password requirements per standards
Portfolio Management Team
Portfolio Management Team
CTRL-MON-001
RISK-AC-003, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-001, RISK-EX-002, RISK-IR-001, RISK-IR-002
Introduction of new system/server/network/cloud
Follow SIEM pipeline for Splunk agent/log onboarding
IT Cyber Defense Team
IT Cyber Defense Team
CTRL-MON-001
RISK-AC-003, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-001, RISK-EX-002, RISK-IR-001, RISK-IR-002
Introduction of new system/server/network/cloud
Define log type/mechanism for SOC review via SIEM
IT Cyber Defense Team
IT Cyber Defense Team
CTRL-MON-001
RISK-AC-003, RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-EX-001, RISK-EX-002, RISK-IR-001, RISK-IR-002
Introduction of new system/server/network/cloud
Align with SOC on log type/mechanism/process
IT Security Operations Team
IT Security Operations Team
CTRL-NET-001
RISK-BC-003, RISK-EX-001
Introduction/change of network (on-premise/cloud)
[On-premise] Follow security pipeline for firewall onboarding
IT Security Team
IT Platform & Network Security Team
CTRL-NET-001
RISK-BC-003, RISK-EX-001
Introduction/change of network (on-premise/cloud)
[AWS Cloud] Follow security pipeline for virtual firewall
IT Security Team
IT Platform & Network Security Team
CTRL-NET-002
RISK-BC-003, RISK-EX-001
Introduction/change of network (on-premise/cloud)
[On-premise/Cloud] Follow DDoS pipeline for Akamai Prolexic
IT Security Team
IT Platform & Network Security Team
CTRL-NET-002
RISK-BC-003, RISK-EX-001
Introduction/change of network (on-premise/cloud)
[AWS Cloud] Follow pipeline for AWS Shield
Portfolio Management Team
Portfolio Management Team
CTRL-NET-003
RISK-BC-003, RISK-EX-001
Introduction/change of network (on-premise)
[On-premise] Follow network process for ACL
IT Network Team
IT Network Team
CTRL-NET-003
RISK-BC-003, RISK-EX-001
Introduction/change of network (cloud)
[AWS Cloud] Follow pipeline for network ACL config
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-NET-004
RISK-AC-004, RISK-BC-003
Introduction/change of network (on-premise)
[On-premise] Follow network process for segmentation
IT Network Team
IT Network Team
CTRL-NET-004
RISK-AC-004, RISK-BC-003
Introduction/change of network (cloud)
[AWS Cloud] Follow pipeline for VPC
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-NET-004
RISK-AC-004, RISK-BC-003
Introduction/change of network (cloud)
[Azure Cloud] Follow pipeline for VNet
IT Cloud Services Team
IT Cloud Services Team
CTRL-NET-005
RISK-AC-004, RISK-BC-003
Introduction/change of network (on-premise/cloud)
Follow security pipeline for CheckPoint IPS
IT Security Team
IT Platform & Network Security Team
CTRL-NET-006
RISK-AC-001, RISK-AC-004, RISK-BC-003
Introduction/replacement of end-user device
[Corporate End User Devices] Follow EUS pipeline for Ivanti Pulse Secure
IT End User Services Team
IT End User Services Team
CTRL-NET-006
RISK-AC-001, RISK-AC-004, RISK-BC-003
Introduction of new system/server/network/cloud
[AWS Cloud] Follow pipeline for remote access via ECP.RAC
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-NET-006
RISK-AC-001, RISK-AC-004, RISK-BC-003
Introduction of new system/server/network/cloud
[AWS Cloud] Follow pipeline for bastion/jump host
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-NET-006
RISK-AC-001, RISK-AC-004, RISK-BC-003
Introduction of new system/server/network/cloud
[Azure Cloud] Follow pipeline for jump host/portal
IT Cloud Services Team
IT Cloud Services Team
CTRL-NET-007
RISK-AC-004, RISK-BC-003
Introduction/change of wireless network
Follow network process for WiFi per standards
IT Network Team
IT Network Team
CTRL-NET-008
RISK-BC-002, RISK-BC-003
Introduction/replacement of Windows PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for ForcePoint DLP
IT End User Services Team
IT End User Services Team
CTRL-NET-008
RISK-BC-002, RISK-BC-003
Introduction of cloud resources/service
[Corporate End User Devices] Follow EUS pipeline for NetSkope CASB
IT End User Services Team
IT End User Services Team
CTRL-NET-008
RISK-BC-002, RISK-BC-003
Introduction/change of endpoint with sensitive data
Implement DLP rules for data storage/processing
IT Data Protection Team
IT Security Design Team (new rules); IT Data Protection Team (existing)
CTRL-NET-008
RISK-BC-002, RISK-BC-003
Introduction/change of cloud resource/data flow
[Cloud] Implement data exchange/masking per guidelines
Portfolio Management Team
Portfolio Management Team
CTRL-NET-008
RISK-BC-002, RISK-BC-003
Introduction/replacement of Mobile/Tablet
[Corporate End User Devices] Follow EUS pipeline for MS Intune
IT End User Services Team
IT End User Services Team
CTRL-NET-008
RISK-BC-002, RISK-BC-003
Introduction/replacement of MacOS PC/Laptop
[Corporate End User Devices] Follow EUS pipeline for Ivanti Pulse Secure
IT End User Services Team
IT End User Services Team
CTRL-NET-009
RISK-BC-002, RISK-GV-006
Introduction/change of network (on-premise/cloud)
Follow security pipeline for firewall content filtering
IT Security Team
IT Platform & Network Security Team
CTRL-PES-001
RISK-AC-001, RISK-AC-004, RISK-AM-001, RISK-BC-001, RISK-BC-002, RISK-BC-004
Introduction of new hardware asset
[On-premise] Follow operations pipeline to deploy to ITOB
IT Operations Team
-
CTRL-PES-001
RISK-AC-001, RISK-AC-004, RISK-AM-001, RISK-BC-001, RISK-BC-002, RISK-BC-004
Introduction of new Cloud IaaS/PaaS/SaaS
[Cloud] Obtain provider assessment on physical access
Portfolio Management Team
Portfolio Management Team
CTRL-PES-002
RISK-AM-001, RISK-BC-001
Introduction of new Cloud IaaS/PaaS/SaaS
[Cloud] Obtain provider assessment on environmental security
Portfolio Management Team
Portfolio Management Team
CTRL-RSK-002
RISK-BC-002, RISK-BC-003, RISK-BC-004, RISK-GV-002, RISK-GV-004, RISK-GV-005
Introduction of system/service with Personal Data
Consult Privacy & Compliance Team on PIA
Privacy & Compliance Team
Portfolio Management Team
CTRL-SEA-001
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-002, RISK-IR-001
Introduction/change of system/network/cloud architecture
Follow PDLC pipeline for TSG/ADB endorsement
Portfolio Management Team
Portfolio Management Team
CTRL-TDA-001
RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change involving development/codebase
Refer to Secure Coding Self-Service for scan
IT Security Design Team
IT Application Security Team
CTRL-TDA-001
RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change involving development/codebase
Perform peer code review (compensating; owner approval needed)
Portfolio Management Team
Portfolio Management Team
CTRL-TDA-001
RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change of URL/API endpoint
Conduct DAST scan
IT Vulnerability Management Team
IT Vulnerability Management Team
CTRL-TDA-001
RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change involving development/codebase
[AWS Cloud] Follow pipeline for IaC security scanning
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-TDA-002
RISK-AC-004, RISK-BC-002, RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change impacting environment separation
Implement network segmentation for dev/test/prod
IT Network Team
IT Network Team
CTRL-TDA-004
RISK-AC-004, RISK-BC-002, RISK-BC-003
Introduction involving prod data in dev/test
Follow pipeline for requesting prod data usage with owner approval
Portfolio Management Team
Portfolio Management Team
CTRL-VPM-001
RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change of system/server/network/cloud
Onboard to security pipeline for pre-prod vulnerability scan
IT Vulnerability Management Team
IT Vulnerability Management Team
CTRL-VPM-002
RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change of system/server/network/cloud
[On-premise] Follow standard build for BigFix agent
IT Infrastructure Team
IT Infrastructure Team
CTRL-VPM-002
RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change of system/server/network/cloud
[AWS Cloud] Define patching mechanism (e.g., self-patching, AMI)
IT Cloud Platform Team
IT Cloud Platform Team
CTRL-VPM-002
RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change of Windows end-user device
[Corporate End User Devices] Follow provisioning for SCCM agent
IT End User Services Team
IT End User Services Team
CTRL-VPM-002
RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change of Mobile/Tablet
[Corporate End User Devices] Follow provisioning for Jamf agent
IT End User Services Team
IT End User Services Team
CTRL-VPM-002
RISK-BC-003, RISK-EX-001, RISK-EX-002
Introduction/change of MacOS end-user device
[Corporate End User Devices] Follow EUS pipeline for MS Intune
IT End User Services Team
IT End User Services Team
CTRL-VPM-003
RISK-EX-001
Introduction/change of system/server/network/cloud
Onboard to security pipeline for vulnerability scanning
IT Vulnerability Management Team
IT Vulnerability Management Team
CTRL-VPM-003
RISK-EX-001
Acquisition of new Cloud SaaS
[Cloud SaaS] Obtain provider assessment on scanning/management
Portfolio Management Team
Portfolio Management Team
CTRL-VPM-004
RISK-EX-001
Introduction/change of Internet-facing component
Engage security team for pen testing per criteria
IT Vulnerability Management Team
IT Vulnerability Management Team
CTRL-VPM-004
RISK-EX-001
Acquisition of new Cloud SaaS
[Cloud SaaS] Obtain provider assessment on pen testing
Portfolio Management Team
Portfolio Management Team
CTRL-WEB-001
RISK-AC-004, RISK-BC-001, RISK-BC-003
Introduction of Internet-facing system/cloud
[On-premise] Follow security pipeline for Impreva WAF
IT Security Team
IT Platform & Network Security Team
CTRL-WEB-001
RISK-AC-004, RISK-BC-001, RISK-BC-003
Introduction of Internet-facing system/cloud
[AWS Cloud] Follow security pipeline for AWS WAF
IT Security Team
IT Platform & Network Security Team
Last updated
Was this helpful?