Task | Tools to Identify and Classify Systems | Potentially Useful Classifications | Remediation Strategies |
---|
Patching | - FileMaker Pro (find functionality)
- Active Directory CM
| - In AD (thus, have CM) and networked
- Patched automatically and fully
- Not automatic - provide reason
- Not in AD and networked
- Airgapped (no recent, live data)
| If not automatic, make automatic. Else: airgapped and not in AD - as justifiably non-compliant.
Any way to patch those not in AD automatically? |
Encryption | - FileMaker Pro (find functionality)
- Active Directory CM
- LastPass keys
| - Encrypted & required
- Encrypted & not required
- Not encrypted, but required
- Not encrypted & not required
| Primary concern: "not encrypted, but required" systems. Must make compliant. Any way to automate such systems' encryption? |
Screen Lock | - FileMaker Pro (find functionality)
- Active Directory CM
| | Current solution: manually verify non-networked systems for screen lock compliance. |