Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
IMPACT
Description
Geographical distribution of services (e.g. cross border services potentially affected by an incident)
Number of Controls
4 Cooperation Group
7 ISO IEC 27002
4 NIST Cybersecurity Framework
13 Cobit5
Mappings to: Cooperation Group (4) ISO IEC 27002 (7) NIST Cybersecurity Framework (4) Cobit5 (13)
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Dependencies and critical functions for delivery of critical services are established
Function:
IDIdentify
Category:
ID.BEBusiness Environment
Subcategory:
ID.BE-4Dependencies and critical functions for delivery of critical services are established
Informative references
 COBIT 5 APO10.01, BAI04.02, BAI09.02
ISO/IEC 27001:2013 A.11.2.2, A.11.2.3, A.12.1.3
NIST SP 800-53 Rev. 4 CP-8, PE-9, PE-11, PM-8, SA-14

The organisation’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

 Geographical distribution as indicator may be related to the establishment of critical functions and zones of dependencies for delivery of critical services
Asset vulnerabilities are identified and documented
Function:
IDIdentify
Category:
ID.RARisk Assessment
Subcategory:
ID.RA-1Asset vulnerabilities are identified and documented
Informative references
CCS CSC 4
 COBIT 5 APO12.01, APO12.02, APO12.03, APO12.04
ISA 62443-2-1:2009 4.2.3, 4.2.3.7, 4.2.3.9, 4.2.3.12
 ISO/IEC 27001:2013 A.12.6.1, A.18.2.3
 NIST SP 800-53 Rev. 4 CA-2, CA-7, CA-8, RA-3, RA-5, SA-5, SA-11, SI-2, SI-4, SI-5

The organisation understands the cybersecurity risk to organisational operations (including mission, functions, image, or reputation), organisational assets, and individuals.

 Geographical distribution as indicator may be related to the localisation and documentation of asset vulnerabilities
Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-3Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities
Informative references
 CIS CSC 17
COBIT 5 APO07.03, APO07.06, APO10.04, APO10.05
ISA 62443-2-1:2009 4.3.2.4.2
ISO/IEC 27001:2013 A.6.1.1, A.7.2.1, A.7.2.2
NIST SP 800-53 Rev. 4 PS-7, SA-9, SA-16

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

 Geographical distribution as an indicator plays a role in identifying third - party stakeholders and ensure that they understand their roles and responsabilities.
Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-6Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Informative references
CIS CSC 17, 19
COBIT 5 APO01.02, APO07.06, APO13.01, DSS06.03
ISA 62443-2-1:2009 4.3.2.3.3
ISO/IEC 27001:2013 A.6.1.1
NIST SP 800-53 Rev. 4 CP-2, PS-7, PM-11

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

 Geographical distribution as an indicator plays a role in identifying the entire workforce as well as third - party stakeholders and ensure that they understand their roles and responsabilities.

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies