A7

A7. (LO 1-4) Nolls is an online retailer that specializes in connecting local artisans directly to consumers. You work for a public accounting firm as an IT audit consultant and have been staffed on the Nolls cybersecurity engagement. Nolls hired your firm to help implement the NIST Cybersecurity Framework. Your team is performing a gap analysis to identify areas where Nolls lacks internal controls, and you have been tasked with mapping Nolls' existing internal controls to specific NIST control families. Use the word bank to identify the NIST family in which each of the following internal controls belongs. Internal controls: 1. The Human Resources and IT departments collaborate to provide annual training about phishing emails. 2. Nolls' IT department conducts penetration testing on an annual basis. 3. System resources are monitored to ensure that sufficient resources exist to support unexpected network traffic. 4. Nolls' corporate office requires two forms of identification for visitors to the data center. 5. System capacity, bandwidth, and redundancy are managed proactively. 6. Malicious code protection mechanisms are employed at access points of the information system. 7. Nolls' IT department scans for vulnerabilities randomly. 8. The corporate password requirements include a minimum of eight characters, along with at least one symbol, at least one number, and at least one capital letter