Interdependency indicator -
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
External service provider activity is monitored to detect potential cybersecurity events
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-6External service provider activity is monitored to detect potential cybersecurity events
Informative references
 COBIT 5 APO07.06, APO10.05
ISO/IEC 27001:2013 A.14.2.7, A.15.2.1
NIST SP 800-53 Rev. 4 CA-7, PS-7, SA-4, SA-9, SI-4

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

Monitoring and detection tools allow to quickly identify loss of service capabilities
Response strategies are updated
Function:
RSRespond
Category:
RS.IMImprovements
Subcategory:
RS.IM-2Response strategies are updated
Informative references
 COBIT 5 BAI01.13, DSS04.08
ISO/IEC 27001:2013 A.16.1.6, Clause 10
NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Organisational response activities are improved by incorporating lessons learned from current and previous detection/response activities.

Mitigation of incidents will reduce loss of service capabilities
The impact of the incident is understood
Function:
RSRespond
Category:
RS.ANAnalysis
Subcategory:
RS.AN-2The impact of the incident is understood
Informative references
 COBIT 5 DSS02.02
ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7, 4.3.4.5.8
ISO/IEC 27001:2013 A.16.1.4, A.16.1.6
NIST SP 800-53 Rev. 4 CP-2, IR-4

Analysis is conducted to ensure effective response and support recovery activities.

Understanding the impact of an incident in an holistic view will result in applying the right controls in order to reduce the loss of service capabilities
Vulnerability scans are performed
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-8Vulnerability scans are performed
Informative references
 CIS CSC 4, 20
COBIT 5 BAI03.10, DSS05.01
ISA 62443-2-1:2009 4.2.3.1, 4.2.3.7
ISO/IEC 27001:2013 A.12.6.1
NIST SP 800-53 Rev. 4 RA-5

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

Performing vulnerability scans enable to quickly identify loss of service capabilities
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-5Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Informative references
 CIS CSC 13, 14
COBIT 5 APO03.03, APO03.04, APO12.01, BAI04.02, BAI09.02
ISA 62443-2-1:2009 4.2.3.6
ISO/IEC 27001:2013 A.8.2.1
NIST SP 800-53 Rev. 4 CP-2, RA-2, SA-14, SC-6

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

Classify resources according to their criticality and value will enable to localise loss of service capabilities
Incidents are contained
Function:
RSRespond
Category:
RS.MIMitigation
Subcategory:
RS.MI-1Incidents are contained
Informative references
 CIS CSC 19
COBIT 5 APO12.06
ISA 62443-2-1:2009 4.3.4.5.6
ISA 62443-3-3:2013 SR 5.1, SR 5.2, SR 5.4
ISO/IEC 27001:2013 A.12.2.1, A.16.1.5
NIST SP 800-53 Rev. 4 IR-4

Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.

Incidents handling affects directly the loss of service capabilities

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information