AC.L2-3.1.2
AC.L2-3.1.2: Transaction & Function Control
Limit user actions to only what their job function requires
AT.L2-3.2.1
AT.L2-3.2.1: Security Awareness Training
Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
AT.L2-3.2.2
AT.L2-3.2.2: Role-Based Training
Personnel with security duties receive training specific to their assigned information security responsibilities
AU.L2-3.3.2
AU.L2-3.3.2: User Accountability
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
CM.L2-3.4.1
CM.L2-3.4.1: Baseline Configurations
Document and maintain the approved state of every system and keep an inventory of everything connected to your network
IR.L2-3.6.2
IR.L2-3.6.2: Incident Reporting
Document and report confirmed incidents to internal leadership and external authorities as required
PE.L2-3.10.1
PE.L2-3.10.1: Limit Physical Access
Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals.
PE.L2-3.10.2
PE.L2-3.10.2: Monitor Physical Facility
Maintain surveillance and environmental controls over your physical facility.
SC.L2-3.13.2
SC.L2-3.13.2: Security Engineering Principles
Build security into your systems from the start, not as an afterthought