The Monitoring and Mitigation portfolio includes documents related to ongoing monitoring of vulnerabilities and threats, and response to vulnerabilties and incidents that are detected.
Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
Accounting Services - Credit Card Merchant Services and PCI Compliance (reconciliation, vulnerability scanning, transaction walk-thru's) (on bussvc.wisc.edu)
DoIT - Incident Reporting and Response Policy (please contact email@example.com)
HIPAA (on compliance.wisc.edu)
- 8.3 HIPAA Security Auditing Policy
- 8.8 Notification and Reporting Policy
UW System (on wisconin.edu)
- 1033 Information Security: Incident Response
- 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions)
- Computer Logging Statement
- Continuous Diagnostics and Mitigation Implementation Plan (under development)