Interdependency indicator -
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Notifications from detection systems are investigated
Function:
RSRespond
Category:
RS.ANAnalysis
Subcategory:
RS.AN-1Notifications from detection systems are investigated
Informative references
 CIS CSC 4, 6, 8, 19
COBIT 5 DSS02.04, DSS02.07
ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7, 4.3.4.5.8
ISA 62443-3-3:2013 SR 6.1
ISO/IEC 27001:2013 A.12.4.1, A.12.4.3, A.16.1.5
NIST SP 800-53 Rev. 4 AU-6, CA-7, IR-4, IR-5, PE-6, SI-4

Analysis is conducted to ensure effective response and support recovery activities.

Investigation and forensics may be linked with the mean downtime as an indicator
The impact of the incident is understood
Function:
RSRespond
Category:
RS.ANAnalysis
Subcategory:
RS.AN-2The impact of the incident is understood
Informative references
 COBIT 5 DSS02.02
ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7, 4.3.4.5.8
ISO/IEC 27001:2013 A.16.1.4, A.16.1.6
NIST SP 800-53 Rev. 4 CP-2, IR-4

Analysis is conducted to ensure effective response and support recovery activities.

Understanding the impact of an incident in an holistic view will result in applying the right controls in order to reduce the loss of service capabilities
Forensics are performed
Function:
RSRespond
Category:
RS.ANAnalysis
Subcategory:
RS.AN-3Forensics are performed
Informative references
 COBIT 5 APO12.06, DSS03.02, DSS05.07
ISA 62443-3-3:2013 SR 2.8, SR 2.9, SR 2.10, SR 2.11, SR 2.12, SR 3.9, SR 6.1
ISO/IEC 27001:2013 A.16.1.7
NIST SP 800-53 Rev. 4 AU-7, IR-4

Analysis is conducted to ensure effective response and support recovery activities.

Investigation and forensics may be linked with the mean downtime as an indicator
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-5Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Informative references
 CIS CSC 13, 14
COBIT 5 APO03.03, APO03.04, APO12.01, BAI04.02, BAI09.02
ISA 62443-2-1:2009 4.2.3.6
ISO/IEC 27001:2013 A.8.2.1
NIST SP 800-53 Rev. 4 CP-2, RA-2, SA-14, SC-6

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

Classify resources according to their criticality and value will enable to localise loss of service capabilities
Incidents are categorized consistent with response plans
Function:
RSRespond
Category:
RS.ANAnalysis
Subcategory:
RS.AN-4Incidents are categorized consistent with response plans
Informative references
 CIS CSC 19
COBIT 5 DSS02.02
ISA 62443-2-1:2009 4.3.4.5.6
ISO/IEC 27001:2013 A.16.1.4
NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-5, IR-8

Analysis is conducted to ensure effective response and support recovery activities.

Identified vulnerabilities are documented in order to improve response time for such resilience in the future

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information