0% found this document useful (0 votes)

24 views6 pages

CGRC Templates - Cyvitrix Learning

The document outlines various policy templates related to information security, risk management, asset classification, access control, and incident response, among others, all supporting NIST and ISO/IEC standards. Each template includes sections for purpose, scope, roles, procedures, records, and effectiveness monitoring. These templates aim to establish a comprehensive framework for managing security and compliance within an organization.

Uploaded by

Louie Mok

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

24 views6 pages

CGRC Templates - Cyvitrix Learning

Uploaded by

Louie Mok

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

Template Description

Information Security Policy Establishes the overarching security direction, principles, and
Template expectations for the organization, supporting NIST and ISO/IEC
requirements.

Risk Management Policy & Risk Defines the risk management approach and provides a structured register
Register Template for identifying, assessing, and tracking risks as required by NIST SP 800-37
and ISO/IEC 27001.

Asset Inventory & Classification Ensures all information assets are identified, classified, and managed in
Template accordance with NIST and ISO/IEC requirements.

Access Control Policy & User Access Defines access management principles and provides a checklist for
Review Checklist periodic user access reviews, supporting NIST AC controls and ISO/IEC
27001 Annex A.9.

Supplier Security Policy & Supplier Establishes requirements for managing supplier risks and provides a
List Template template for maintaining an approved supplier list, supporting NIST and
ISO/IEC 27001 A.15.

System Authorization & Security Documents the process for system authorization and ongoing security
Assessment Plan Template assessments, as required by NIST SP 800-37 and 800-53.

Continuous Monitoring Plan Defines the approach for ongoing monitoring of controls and risks,
Template supporting NIST SP 800-137 and ISO/IEC 27001 clause 9.
Incident Response Policy & Incident Establishes procedures for responding to security incidents and provides
Log Template a log template for evidence collection, supporting NIST IR controls and
ISO/IEC 27001 A.16.

Change Management Policy & Documents the process for managing changes to systems and controls,
Change Log Template ensuring traceability and compliance with NIST and ISO/IEC
requirements.

Training & Awareness Policy Defines requirements for security training and awareness, supporting
Template NIST AT controls and ISO/IEC 27001 clause 7.2.

Audit & Compliance Monitoring Outlines the approach for internal audits and compliance monitoring,
Policy Template supporting NIST and ISO/IEC 27001 clause 9.2.

Data Classification & Handling Policy Defines data classification levels and handling requirements, supporting
Template NIST and ISO/IEC 27001 A.8.

Vulnerability Management Policy & Documents the process for identifying, assessing, and remediating
Remediation Log Template vulnerabilities, supporting NIST RA and SI controls.

Backup & Recovery Policy Template Defines backup and recovery requirements to ensure data availability and
integrity, supporting NIST CP controls and ISO/IEC 27001 A.17.
Physical Security Policy Template Addresses physical security controls, even if out of scope for some
environments; includes placeholders where not applicable.

Document Control & Retention Establishes requirements for document management, versioning, and
Policy Template retention, supporting ISO/IEC 27001 clause 7.5.

Privacy & Data Protection Policy Defines privacy and data protection requirements, supporting NIST and
Template ISO/IEC 27701 where applicable.

Change Management Policy & Ensures changes to systems and processes are controlled and
Change Request Form documented, supporting NIST and ISO/IEC 27001 A.12.1.2.

Audit & Compliance Review Policy & Defines the process for conducting internal audits and compliance
Audit Checklist reviews, supporting NIST and ISO/IEC 27001 clause 9.2.

Business Continuity & Disaster Documents the approach to business continuity and disaster recovery,
Recovery Policy supporting NIST SP 800-34 and ISO/IEC 27001 A.17.
When to Use Sections (H1s)
Use when establishes the overarching security Information Security Policy • Purpose • Scope • Roles
direction, principles, and expectations for the & Responsibilities • Procedure / Method • Records &
organization, supporting NIST and ISO/IEC Evidence (forms/logs to keep) • KPIs & Effectiveness
requirements. Monitoring • References • Document Control

Use when defines the risk management approach and Risk Management Policy • Purpose • Scope • Roles &
provides a structured register for identifying, Responsibilities • Procedure / Method • Records &
assessing, and tracking risks as required by NIST SP Evidence (forms/logs to keep) • KPIs & Effectiveness
800-37 and ISO/IEC 27001. Monitoring • References • Document Control • Risk
Register Example

Use when ensures all information assets are Asset Inventory & Classification Policy • Purpose •
identified, classified, and managed in accordance with Scope • Roles & Responsibilities • Procedure / Method
NIST and ISO/IEC requirements. • Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control • Asset Inventory Example

Use when defines access management principles and Access Control Policy • Purpose • Scope • Roles &
provides a checklist for periodic user access reviews, Responsibilities • Procedure / Method • Records &
supporting NIST AC controls and ISO/IEC 27001 Annex Evidence (forms/logs to keep) • KPIs & Effectiveness
A.9. Monitoring • References • Document Control • User
Access Review Checklist

Use when establishes requirements for managing Supplier Security Policy • Purpose • Scope • Roles &
supplier risks and provides a template for maintaining Responsibilities • Procedure / Method • Records &
an approved supplier list, supporting NIST and Evidence (forms/logs to keep) • KPIs & Effectiveness
ISO/IEC 27001 A.15. Monitoring • References • Document Control •
Supplier List Example

Use when documents the process for system System Authorization & Security Assessment Plan •
authorization and ongoing security assessments, as Purpose • Scope • Roles & Responsibilities •
required by NIST SP 800-37 and 800-53. Procedure / Method • Records & Evidence (forms/logs
to keep) • KPIs & Effectiveness Monitoring •
References • Document Control

Use when defines the approach for ongoing Continuous Monitoring Plan • Purpose • Scope •
monitoring of controls and risks, supporting NIST SP Roles & Responsibilities • Procedure / Method •
800-137 and ISO/IEC 27001 clause 9. Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control
Use when establishes procedures for responding to Incident Response Policy • Purpose • Scope • Roles &
security incidents and provides a log template for Responsibilities • Procedure / Method • Records &
evidence collection, supporting NIST IR controls and Evidence (forms/logs to keep) • KPIs & Effectiveness
ISO/IEC 27001 A.16. Monitoring • References • Document Control •
Incident Log Example

Use when documents the process for managing Change Management Policy • Purpose • Scope •
changes to systems and controls, ensuring traceability Roles & Responsibilities • Procedure / Method •
and compliance with NIST and ISO/IEC requirements. Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control • Change Log Example

Use when defines requirements for security training Training & Awareness Policy • Purpose • Scope •
and awareness, supporting NIST AT controls and Roles & Responsibilities • Procedure / Method •
ISO/IEC 27001 clause 7.2. Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control

Use when outlines the approach for internal audits Audit & Compliance Monitoring Policy • Purpose •
and compliance monitoring, supporting NIST and Scope • Roles & Responsibilities • Procedure / Method
ISO/IEC 27001 clause 9.2. • Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control

Use when defines data classification levels and Data Classification & Handling Policy • Purpose •
handling requirements, supporting NIST and ISO/IEC Scope • Roles & Responsibilities • Procedure / Method
27001 A.8. • Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control

Use when documents the process for identifying, Vulnerability Management Policy • Purpose • Scope •
assessing, and remediating vulnerabilities, supporting Roles & Responsibilities • Procedure / Method •
NIST RA and SI controls. Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control • Remediation Log Example

Use when defines backup and recovery requirements Backup & Recovery Policy • Purpose • Scope • Roles
to ensure data availability and integrity, supporting & Responsibilities • Procedure / Method • Records &
NIST CP controls and ISO/IEC 27001 A.17. Evidence (forms/logs to keep) • KPIs & Effectiveness
Monitoring • References • Document Control
Use when addresses physical security controls, even if Physical Security Policy • Purpose • Scope • Roles &
out of scope for some environments; includes Responsibilities • Procedure / Method • Records &
placeholders where not applicable. Evidence (forms/logs to keep) • KPIs & Effectiveness
Monitoring • References • Document Control

Use when establishes requirements for document Document Control & Retention Policy • Purpose •
management, versioning, and retention, supporting Scope • Roles & Responsibilities • Procedure / Method
ISO/IEC 27001 clause 7.5. • Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control

Use when defines privacy and data protection Privacy & Data Protection Policy • Purpose • Scope •
requirements, supporting NIST and ISO/IEC 27701 Roles & Responsibilities • Procedure / Method •
where applicable. Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control

Use when ensures changes to systems and processes Change Management Policy • Purpose • Scope •
are controlled and documented, supporting NIST and Roles & Responsibilities • Procedure / Method •
ISO/IEC 27001 A.12.1.2. Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control • Change Request Form Example

Use when defines the process for conducting internal Audit & Compliance Review Policy • Purpose • Scope •
audits and compliance reviews, supporting NIST and Roles & Responsibilities • Procedure / Method •
ISO/IEC 27001 clause 9.2. Records & Evidence (forms/logs to keep) • KPIs &
Effectiveness Monitoring • References • Document
Control • Audit Checklist Example

Use when documents the approach to business Business Continuity & Disaster Recovery Policy •
continuity and disaster recovery, supporting NIST SP Purpose • Scope • Roles & Responsibilities •
800-34 and ISO/IEC 27001 A.17. Procedure / Method • Records & Evidence (forms/logs
to keep) • KPIs & Effectiveness Monitoring •
References • Document Control

ISO 27001:2013 to Cybersecurity Framework Mapping
No ratings yet
ISO 27001:2013 to Cybersecurity Framework Mapping
29 pages
Domain 05 Security Program Management and Oversight
No ratings yet
Domain 05 Security Program Management and Oversight
243 pages
Security Policy
No ratings yet
Security Policy
15 pages
Lecture 14 Information Security Policies
0% (1)
Lecture 14 Information Security Policies
34 pages
Security Management Policies and Practices: A Regional University Transcending Boundaries
No ratings yet
Security Management Policies and Practices: A Regional University Transcending Boundaries
27 pages
Is Security Policy 15 Point Checkup
No ratings yet
Is Security Policy 15 Point Checkup
14 pages
Project Gantt Chart V1.0
No ratings yet
Project Gantt Chart V1.0
6 pages
Cyber Unit 4
No ratings yet
Cyber Unit 4
11 pages
5th Lecture Information Security
No ratings yet
5th Lecture Information Security
10 pages
SSP Template
100% (1)
SSP Template
13 pages
ISO 27001 2022 Controls - XLSXV NIST
No ratings yet
ISO 27001 2022 Controls - XLSXV NIST
12 pages
Complianceforge Cybersecurity Documentation Template Examples
No ratings yet
Complianceforge Cybersecurity Documentation Template Examples
15 pages
ISO27001 Compliance With Netwrix
No ratings yet
ISO27001 Compliance With Netwrix
27 pages
Antdf 1234
No ratings yet
Antdf 1234
60 pages
IT4831E Lec06
No ratings yet
IT4831E Lec06
16 pages
ITRM Module 7
No ratings yet
ITRM Module 7
6 pages
Cybersecurity Frameworks Guide
100% (1)
Cybersecurity Frameworks Guide
38 pages
Planning Forsecurity
No ratings yet
Planning Forsecurity
70 pages
Cyber Frameworks and Audit Programs
No ratings yet
Cyber Frameworks and Audit Programs
15 pages
Security Plus SY0-701 Domain 5 Handout
No ratings yet
Security Plus SY0-701 Domain 5 Handout
126 pages
Information Security Management Policy
No ratings yet
Information Security Management Policy
7 pages
Lecture 35 1
No ratings yet
Lecture 35 1
43 pages
Security Policies
No ratings yet
Security Policies
12 pages
ISO 27001:2013 Gap Assessment Guide
100% (1)
ISO 27001:2013 Gap Assessment Guide
79 pages
Information Security Policy Essentials
No ratings yet
Information Security Policy Essentials
50 pages
Enhancing Security Through Strong Policies
No ratings yet
Enhancing Security Through Strong Policies
20 pages
SEC+ 601 Slides
No ratings yet
SEC+ 601 Slides
416 pages
Security Policies Summary
No ratings yet
Security Policies Summary
55 pages
Ais 7 - C5
No ratings yet
Ais 7 - C5
7 pages
UNIT 5 CS Notes As Per New Syllabus
No ratings yet
UNIT 5 CS Notes As Per New Syllabus
26 pages
Enterprise Authority To Operate (EATO) Controls Framework - 20240702
No ratings yet
Enterprise Authority To Operate (EATO) Controls Framework - 20240702
64 pages
IC ISO 27001 Business Continuity Checklist 10838
100% (1)
IC ISO 27001 Business Continuity Checklist 10838
8 pages
ISO 27001 - Statement of Applicability
100% (1)
ISO 27001 - Statement of Applicability
24 pages
Chapter5planningforsecurity Students 220327163030
No ratings yet
Chapter5planningforsecurity Students 220327163030
76 pages
Information Security Policy Template
No ratings yet
Information Security Policy Template
28 pages
ISO 27001 A14: Security in Development
100% (1)
ISO 27001 A14: Security in Development
51 pages
Mapping of NIST CSF To ISO
No ratings yet
Mapping of NIST CSF To ISO
9 pages
IS08 ICT Security Policy
No ratings yet
IS08 ICT Security Policy
12 pages
Template - ISO 27001 - SoA
No ratings yet
Template - ISO 27001 - SoA
15 pages
ZenGRC ISO Audit Checklist PDF
No ratings yet
ZenGRC ISO Audit Checklist PDF
28 pages
Information Systems Audit and Policy Guide
No ratings yet
Information Systems Audit and Policy Guide
35 pages
Information Security Policies and Practices
100% (1)
Information Security Policies and Practices
62 pages
IT Security Frameworks
No ratings yet
IT Security Frameworks
11 pages
Information Security Policy and Procedures
No ratings yet
Information Security Policy and Procedures
6 pages
Acceptable Use Policy for Security Management
No ratings yet
Acceptable Use Policy for Security Management
9 pages
Ic Iso 27001 Checklist 10838 PDF
No ratings yet
Ic Iso 27001 Checklist 10838 PDF
7 pages
Iso 27001 Checklist Template: Information Security Policies
No ratings yet
Iso 27001 Checklist Template: Information Security Policies
7 pages
IT Network Security Monitoring Guide
100% (1)
IT Network Security Monitoring Guide
3 pages
NIST800-53 Policy Mapping
No ratings yet
NIST800-53 Policy Mapping
2 pages
GSMA SAS SM Remote Audits Auditee Self Assessment v1 - 1
No ratings yet
GSMA SAS SM Remote Audits Auditee Self Assessment v1 - 1
235 pages
GSMA SAS SM Self Assessment CSPs v1.4
No ratings yet
GSMA SAS SM Self Assessment CSPs v1.4
420 pages
Ic Iso 27001 Checklist 10838 PDF
No ratings yet
Ic Iso 27001 Checklist 10838 PDF
7 pages
ISO27001 Applicability Statement
86% (7)
ISO27001 Applicability Statement
20 pages
ISO 27001 2022 Controls
No ratings yet
ISO 27001 2022 Controls
22 pages
ISO 27001:2013 Information Security Policies
0% (1)
ISO 27001:2013 Information Security Policies
116 pages
Chapter - 5 CompTIA Security+ SY0-701 Exam - Satender Kumar
No ratings yet
Chapter - 5 CompTIA Security+ SY0-701 Exam - Satender Kumar
30 pages
Compliors Sample IT Policy For PCI DSS 1 PDF
No ratings yet
Compliors Sample IT Policy For PCI DSS 1 PDF
87 pages
NIST Compliance Report
No ratings yet
NIST Compliance Report
42 pages
Iso 27001 - 2022 Compliance
No ratings yet
Iso 27001 - 2022 Compliance
11 pages
Security Policy
No ratings yet
Security Policy
7 pages
Roles and Responsibilities in The Authorization Process: Linkedin Youtube
No ratings yet
Roles and Responsibilities in The Authorization Process: Linkedin Youtube
13 pages
Data Sanitization, Archival, and Legal Hold Requirements: Ensuring Compliance and Integrity
No ratings yet
Data Sanitization, Archival, and Legal Hold Requirements: Ensuring Compliance and Integrity
12 pages
Domain 6 - Security Assessment & Testing
No ratings yet
Domain 6 - Security Assessment & Testing
20 pages
Domain 2 - Asset Security
No ratings yet
Domain 2 - Asset Security
15 pages
Domain 1 - Security & Risk Management
No ratings yet
Domain 1 - Security & Risk Management
89 pages
I 29 NZRP 0 I Iko 1 Ig RCQ VD
No ratings yet
I 29 NZRP 0 I Iko 1 Ig RCQ VD
7 pages
Caught Off Guard
No ratings yet
Caught Off Guard
1 page
Employment Contract
50% (2)
Employment Contract
2 pages
Avalon School Annual Report 2014-2015
0% (1)
Avalon School Annual Report 2014-2015
88 pages
Grade 12 Class Schedule 2020-2021
No ratings yet
Grade 12 Class Schedule 2020-2021
1 page
NH-55 Return Letter
No ratings yet
NH-55 Return Letter
1 page
ACC 211 Exam Question Bank
No ratings yet
ACC 211 Exam Question Bank
12 pages
SENTENCE TRANSFORMATION - Đã CH A
No ratings yet
SENTENCE TRANSFORMATION - Đã CH A
3 pages
AS TRUMP BATTLES THE ILLUMINATI Ali Abubakar Sadiq
100% (1)
AS TRUMP BATTLES THE ILLUMINATI Ali Abubakar Sadiq
4 pages
Income Tax Challan ITNS 280 Form
No ratings yet
Income Tax Challan ITNS 280 Form
1 page
Yulanda M. Faris Young Artists Program - Vancouver Opera: Application Form
No ratings yet
Yulanda M. Faris Young Artists Program - Vancouver Opera: Application Form
2 pages
NIOS Class 12 English Bifurcated Syllabus - 1750013053953
No ratings yet
NIOS Class 12 English Bifurcated Syllabus - 1750013053953
2 pages
SES Impact on Parenting Practices
No ratings yet
SES Impact on Parenting Practices
6 pages
Football Album
No ratings yet
Football Album
7 pages
Cyprus Snow Load Guidelines
No ratings yet
Cyprus Snow Load Guidelines
8 pages
Understanding UI/UX Design Essentials
No ratings yet
Understanding UI/UX Design Essentials
7 pages
College Master List - CSE
No ratings yet
College Master List - CSE
6 pages
Understanding iCloud Bypass Methods
No ratings yet
Understanding iCloud Bypass Methods
6 pages
Questionnaire For Correction or Change of Entries in Certificate of Live Birth
No ratings yet
Questionnaire For Correction or Change of Entries in Certificate of Live Birth
5 pages
Essential EmSat Idioms Guide
No ratings yet
Essential EmSat Idioms Guide
13 pages
Armour Stone Market Study NL & Labrador
100% (3)
Armour Stone Market Study NL & Labrador
83 pages
210-001-101-Flowchart - Revenue
No ratings yet
210-001-101-Flowchart - Revenue
7 pages
Key Concepts of IFRS 9 Explained
No ratings yet
Key Concepts of IFRS 9 Explained
15 pages
Church Engagement Assessment Survey
No ratings yet
Church Engagement Assessment Survey
3 pages
Building Survey Inquiry IG6 Details
No ratings yet
Building Survey Inquiry IG6 Details
5 pages
Postponement Strategies in SCM
No ratings yet
Postponement Strategies in SCM
11 pages
Linus Pauling Scientist and Peacemaker Clifford Mead Thomas Hager
No ratings yet
Linus Pauling Scientist and Peacemaker Clifford Mead Thomas Hager
474 pages
Military Format
No ratings yet
Military Format
4 pages
Race and Technology in Hopkinson's Fiction
100% (1)
Race and Technology in Hopkinson's Fiction
16 pages

CGRC Templates - Cyvitrix Learning

Uploaded by

CGRC Templates - Cyvitrix Learning

Uploaded by

Template Description

You might also like