Flow

SOC 2 · CC5

CC5 · Control Activities

3 controls in this family.

SOC2-CC5-CONTROL-DESIGN

Control Selection and Design Process

Documented process for selecting, designing, and implementing controls in response to identified risks.

SOC2-CC5-SYSTEM-HARDENING

System Configuration and Hardening Standards

Baseline security configuration standards for servers, cloud infrastructure, and endpoints to reduce the attack surface.

SOC2-CC5-POLICY-MANAGEMENT

Policy and Procedure Management

Process for creating, reviewing, approving, and distributing security policies and procedures to ensure they remain current and enforced.

preventivemedium
Adopt

Control Selection and Design Process

Documented process for selecting, designing, and implementing controls in response to identified risks.

CC5.1

Testing: Annually

preventivehigh
Adopt

System Configuration and Hardening Standards

Baseline security configuration standards for servers, cloud infrastructure, and endpoints to reduce the attack surface.

CC5.2

Testing: Monthly

preventivemedium
Adopt

Policy and Procedure Management

Process for creating, reviewing, approving, and distributing security policies and procedures to ensure they remain current and enforced.

CC5.3

Testing: Annually