NIST Cyber Security Framework
-
-
-
-
-
-
- NIST CSF
- 1. Identify
- Asset Management
- Business Environment
- Governance
- Risk Assessment
- Risk Management Strategy
- Supply Chain Risk Management
- 2. Protect
- Identity Management, Authentication & Access Control
- Awareness & Training
- Data Security
- Information Protection Processes & Procedures
- Maintenance
- Protective Technology
- 3. Detect
- Anomalies & Events
- Detection Processes
- Security Continuous Monitoring
- 4. Respond
- Analysis
- Communications
- Improvements
- Mitigation
- Response Planning
- 5. Recover
- Communications
- Improvements
- Recovery Planning
-
-
-
- NIST CSF
- Aggregation
-
(NIST CSF - Identify)
-
(NIST CSF - Protect)
-
(NIST CSF - Detect)
-
(NIST CSF - Respond)
-
(NIST CSF - Recover)
-
(Identify - Asset Management)
-
(Identify - Business Environment)
-
(Identify - Governance)
-
(Identify - Risk Assessment)
-
(Identify - Risk Management Strategy)
-
(Identify - Supply Chain Risk Management)
-
(Protect - Awareness & Training)
-
(Protect - Data Security)
-
(Protect - Identity Management, Authentication, Access Control)
-
(Protect - Information Protection Processes & Procedures)
-
(Protect - Maintenance)
-
(Protect - Protective Technology)
-
(Detect - Anomalies & Events)
-
(Detect - Detection Processes)
-
(Detect - Security Continuous Monitoring)
-
(Respond - Analysis)
-
(Respond - Communications)
-
(Respond - Improvements)
-
(Respond - Mitigation)
-
(Respond - Response Planning)
-
(Recover - Communications)
-
(Recover - Improvements)
-
(Recover - Recovery Planning)
-
(Asset Management - Software Inventory)
-
(Asset Management - Security Roles & Responsibilities)
-
(Asset Management - Data Flow Mapping)
-
(Asset Management - Hardware Inventory)
-
(Asset Management - Critical Assets)
-
(Asset Management - External System Catalogue)
-
(Business Environment - Supply Chain)
-
(Business Environment - Critical Infrastructure)
-
(Business Environment - Mission)
-
(Business Environment - Critical Services)
-
(Business Environment - Business Resilience)
-
(Governance - Cybersecurity Policy)
-
(Governance - Cybersecurity Role Alignment)
-
(Governance - Legal & Regulatory Requirements)
-
(Governance - Cyber Risk Management)
-
(Risk Assessment - Risk-based Approach)
-
(Risk Assessment - Impacts & Likelihood)
-
(Risk Assessment - Threat Intelligence)
-
(Risk Assessment - Risk Response)
-
(Risk Assessment - Threat Register)
-
(Risk Assessment - Asset Vulnerability)
-
(Risk Management Strategy - Risk Tolerance)
-
(Risk Management Strategy - Risk Analysis)
-
(Risk Management Strategy - Risk Management Processes)
-
(Supply Chain Risk Management - SC Risk Process)
-
(Supply Chain Risk Management - SC Risk Assessments)
-
(Supply Chain Risk Management - SC Audits)
-
(Supply Chain Risk Management - SC Resilience Tests)
-
(Supply Chain Risk Management - Contractually Enforced)
-
(Identity Management, Authentication, Access Control - Credential Management)
-
(Identity Management, Authentication, Access Control - Physical Access)
-
(Identity Management, Authentication, Access Control - Access Management)
-
(Identity Management, Authentication, Access Control - Remote Access)
-
(Identity Management, Authentication, Access Control - Network Integrity)
-
(Identity Management, Authentication, Access Control - Authentication Strength)
-
(Identity Management, Authentication, Access Control - Identity Management)
-
(Awareness & Training - Users)
-
(Awareness & Training - Privileged Users)
-
(Awareness & Training - Third Parties)
-
(Awareness & Training - Executives)
-
(Awareness & Training - Security Personnel)
-
(Data Security - Data at Rest)
-
(Data Security - Data in Transit)
-
(Data Security - Data Lifecycle)
-
(Data Security - Data Capacity)
-
(Data Security - Data Integrity)
-
(Data Security - Data Leakage)
-
(Data Security - Non-Production Environments)
-
(Data Security - Hardware Integrity)
-
(Information Protection Processes & Procedures - Security Baselines)
-
(Information Protection Processes & Procedures - Backup Capability)
-
(Information Protection Processes & Procedures - Secure SDLC)
-
(Information Protection Processes & Procedures - Configuration Control)
-
(Information Protection Processes & Procedures - Compliance)
-
(Information Protection Processes & Procedures - Data Disposal)
-
(Information Protection Processes & Procedures - Protection Processes)
-
(Information Protection Processes & Procedures - Effectiveness)
-
(Information Protection Processes & Procedures - Incident Response)
-
(Information Protection Processes & Procedures - Vulnerability Management)
-
(Information Protection Processes & Procedures - Recovery)
-
(Information Protection Processes & Procedures - HR Security)
-
(Maintenance - Asset Maintenance)
-
(Maintenance - Remote Maintenance)
-
(Protective Technology - Audit)
-
(Protective Technology - Removable Media)
-
(Protective Technology - Least Functionality)
-
(Protective Technology - Network Protection)
-
(Protective Technology - Resilience)
-
(Anomalies & Events - Network Baselines)
-
(Anomalies & Events - Network Monitoring)
-
(Anomalies & Events - Central Analysis)
-
(Anomalies & Events - Impact Analysis)
-
(Anomalies & Events - Incident Detection)
-
(Detection Processes - Accountability)
-
(Detection Processes - Compliance)
-
(Detection Processes - Verification)
-
(Detection Processes - Reporting)
-
(Detection Processes - Continuous Improvement)
-
(Security Continuous Monitoring - Network Monitoring)
-
(Security Continuous Monitoring - Environmental Monitoring)
-
(Security Continuous Monitoring - Personnel Monitoring)
-
(Security Continuous Monitoring - Malicious Code)
-
(Security Continuous Monitoring - Mobile Code)
-
(Security Continuous Monitoring - Service Provider Monitoring)
-
(Security Continuous Monitoring - Unauthorised Connections)
-
(Security Continuous Monitoring - Vulnerability Scanning)
-
(Analysis - Investigation Process)
-
(Analysis - Impact Determination)
-
(Analysis - Forensics)
-
(Analysis - Incident Categorisation)
-
(Analysis - Bug Reporting)
-
(Communications - Response Procedures)
-
(Communications - Incident Reporting)
-
(Communications - Information Sharing)
-
(Communications - Stakeholder Communication)
-
(Communications - Information Sharing)
-
(Improvements - Learn from Experience)
-
(Improvements - Strategy Review)
-
(Mitigation - Mitigation)
-
(Mitigation - Containment)
-
(Mitigation - Exceptions)
-
(Response Planning - Response Plan)
-
(Communications - Public Relations)
-
(Communications - Reputation)
-
(Communications - Recovery Response)
-
(Improvements - Learn from Experience)
-
(Improvements - Strategy Review)
-
(Recovery Planning - Plan Execution)
-
- NIST CSF
- 1. Identify
- 2. Protect
- 3. Detect
- 4. Respond
- 5. Recover
- Overview