Interdependency indicator -
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Dependencies and critical functions for delivery of critical services are established
Function:
IDIdentify
Category:
ID.BEBusiness Environment
Subcategory:
ID.BE-4Dependencies and critical functions for delivery of critical services are established
Informative references
 COBIT 5 APO10.01, BAI04.02, BAI09.02
ISO/IEC 27001:2013 A.11.2.2, A.11.2.3, A.12.1.3
NIST SP 800-53 Rev. 4 CP-8, PE-9, PE-11, PM-8, SA-14

The organisation’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

Geographical distribution as indicator may be related to the establishment of critical functions and zones of dependencies for delivery of critical services
Asset vulnerabilities are identified and documented
Function:
IDIdentify
Category:
ID.RARisk Assessment
Subcategory:
ID.RA-1Asset vulnerabilities are identified and documented
Informative references
CCS CSC 4
 COBIT 5 APO12.01, APO12.02, APO12.03, APO12.04
ISA 62443-2-1:2009 4.2.3, 4.2.3.7, 4.2.3.9, 4.2.3.12
 ISO/IEC 27001:2013 A.12.6.1, A.18.2.3
 NIST SP 800-53 Rev. 4 CA-2, CA-7, CA-8, RA-3, RA-5, SA-5, SA-11, SI-2, SI-4, SI-5

The organisation understands the cybersecurity risk to organisational operations (including mission, functions, image, or reputation), organisational assets, and individuals.

Geographical distribution as indicator may be related to the localisation and documentation of asset vulnerabilities
Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-3Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities
Informative references
 CIS CSC 17
COBIT 5 APO07.03, APO07.06, APO10.04, APO10.05
ISA 62443-2-1:2009 4.3.2.4.2
ISO/IEC 27001:2013 A.6.1.1, A.7.2.1, A.7.2.2
NIST SP 800-53 Rev. 4 PS-7, SA-9, SA-16

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

Geographical distribution as an indicator plays a role in identifying third - party stakeholders and ensure that they understand their roles and responsabilities.
Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-6Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Informative references
CIS CSC 17, 19
COBIT 5 APO01.02, APO07.06, APO13.01, DSS06.03
ISA 62443-2-1:2009 4.3.2.3.3
ISO/IEC 27001:2013 A.6.1.1
NIST SP 800-53 Rev. 4 CP-2, PS-7, PM-11

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

Geographical distribution as an indicator plays a role in identifying the entire workforce as well as third - party stakeholders and ensure that they understand their roles and responsabilities.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information