Cybersecurity Procedure Coverage

In a previous post, I outlined the required topics for cybersecurity policies. In this post, I will cover the required procedures from various cybersecurity standards and in a future post will cover cybersecurity-related supporting documents.

The table below lists items or topics that should be addressed either in various procedures or SOP manuals. This list is based on NIST standards, including the Risk Management Framework, Cybersecurity Framework, and PCI DSS. Of course, you can map these listed below to ISO 27001 and other standards.

This table covers required procedure items and the type, along with references to industry standards and guidelines. These can be placed into one overall SOP manual or broken into smaller documents.

Table 1