Control ID |
Control Description | Data Protection Classification | ||||||
Level 1 | Level 2 | Level 3 | Level 4 | |||||
SII-1 | Identify, report, and remediate system flaws in a timely manner. | essential | essential | essential | essential | |||
SII-2 | Provide protection from malicious code at designated locations within organizational systems. | required | required | essential | essential | |||
SII-3 | Monitor system security alerts and advisories and take action in response. | essential | essential | essential | essential | |||
SII-4 | Update malicious code protection mechanisms when new releases are available. | required | required | essential | essential | |||
SII-6 | Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. | recommended | recommended | required | essential |