Interdependency indicator -
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Newly identified vulnerabilities are mitigated or documented as accepted risks
Function:
RSRespond
Category:
RS.MIMitigation
Subcategory:
RS.MI-3Newly identified vulnerabilities are mitigated or documented as accepted risks
Informative references
CIS CSC 4
COBIT 5 APO12.06
ISO/IEC 27001:2013 A.12.6.1
NIST SP 800-53 Rev. 4 CA-7, RA-3, RA-5

Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.

Identified vulnerabilities are documented in order to improve response time for such resilience in the future
Recovery plans incorporate lessons learned
Function:
RCRecover
Category:
RC.IMImprovements
Subcategory:
RC.IM-1Recovery plans incorporate lessons learned
Informative references
 COBIT 5 APO12.06, BAI05.07, DSS04.08
ISA 62443-2-1:2009 4.4.3.4
ISO/IEC 27001:2013 A.16.1.6, Clause 10
NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Recovery planning and processes are improved by incorporating lessons learned into future activities.

Lessons learned aim at improving response time for such resilience in the future
Software platforms and applications within the organisation are inventoried
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-2Software platforms and applications within the organisation are inventoried
Informative references
CIS CSC 2 
COBIT 5 BAI09.01, BAI09.02, BAI09.05 
ISA 62443-2-1:2009 4.2.3.4 
ISA 62443-3-3:2013 SR 7.8 
ISO/IEC 27001:2013 A.8.1.1, A.8.1.2, A.12.5.1 
NIST SP 800-53 Rev. 4 CM-8, PM-5

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

Inventory of systems and application provides with an enterprise architecture that helps to localize resilience areas
Vulnerability scans are performed
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-8Vulnerability scans are performed
Informative references
 CIS CSC 4, 20
COBIT 5 BAI03.10, DSS05.01
ISA 62443-2-1:2009 4.2.3.1, 4.2.3.7
ISO/IEC 27001:2013 A.12.6.1
NIST SP 800-53 Rev. 4 RA-5

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

Identified vulnerabilities are documented in order to improve response time for such resilience in the future

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information