Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
RELIABILITY, DEPENDABILITY, RESILIENCE
Description
Redundancy of services (e.g. alternative services, etc.)
Number of Controls
2 Cooperation Group
14 ISO IEC 27002
4 NIST Cybersecurity Framework
6 Cobit5
Mappings to: Cooperation Group (2) ISO IEC 27002 (14) NIST Cybersecurity Framework (4) Cobit5 (6)
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
A System Development Life Cycle to manage systems is implemented
Function:
PRProtect
Category:
PR.IPInformation Protection Processes and Procedures
Subcategory:
PR.IP-2A System Development Life Cycle to manage systems is implemented
Informative references
 CIS CSC 18
COBIT 5 APO13.01, BAI03.01, BAI03.02, BAI03.03
ISA 62443-2-1:2009 4.3.4.3.3
ISO/IEC 27001:2013 A.6.1.5, A.14.1.1, A.14.2.1, A.14.2.5
NIST SP 800-53 Rev. 4 PL-8, SA-3, SA-4, SA-8, SA-10, SA-11, SA-12, SA-15, SA-17, SI-12, SI-13, SI-14, SI-16, SI-17

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

 An SDLC implementation may lead to the identification and localisation of redundancy of services
Organisational communication and data flows are mapped
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-3Organisational communication and data flows are mapped
Informative references
CIS CSC 12
COBIT 5 DSS05.02
ISA 62443-2-1:2009 4.2.3.4
ISO/IEC 27001:2013 A.13.2.1, A.13.2.2
NIST SP 800-53 Rev. 4 AC-4, CA-3, CA-9, PL-8

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

 Mapping data flow may lead to the identification and localisation of redundancy of services
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-5Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Informative references
 CIS CSC 13, 14
COBIT 5 APO03.03, APO03.04, APO12.01, BAI04.02, BAI09.02
ISA 62443-2-1:2009 4.2.3.6
ISO/IEC 27001:2013 A.8.2.1
NIST SP 800-53 Rev. 4 CP-2, RA-2, SA-14, SC-6

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

 Classify resources according to their criticality and value will enable to localise redundancy of services
A baseline configuration of information technology/industrial control systems is created and maintained
Function:
PRProtect
Category:
PR.IPInformation Protection Processes and Procedures
Subcategory:
PR.IP-1A baseline configuration of information technology/industrial control systems is created and maintained
Informative references
 CIS CSC 3, 9, 11
COBIT 5 BAI10.01, BAI10.02, BAI10.03, BAI10.05
ISA 62443-2-1:2009 4.3.4.3.2, 4.3.4.3.3
ISA 62443-3-3:2013 SR 7.6
ISO/IEC 27001:2013 A.12.1.2, A.12.5.1, A.12.6.2, A.14.2.2, A.14.2.3, A.14.2.4
NIST SP 800-53 Rev. 4 CM-2, CM-3, CM-4, CM-5, CM-6, CM-7, CM-9, SA-10

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

 A baseline configuration of IT may lead to the identification and localisation of redundancy of services

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies