NIST Framework v1.1 Core1
Uploaded by
Jose TC NetoNIST Framework v1.1 Core1
Uploaded by
Jose TC NetoFunction Category Subcategory Informative References
· CIS CSC 1
· COBIT 5 BAI09.01, BAI09.02
ID.AM-1: Physical devices and systems within · ISA 62443-2-1:2009 4.2.3.4
the organization are inventoried · ISA 62443-3-3:2013 SR 7.8
· ISO/IEC 27001:2013 A.8.1.1, A.8.1.2
· NIST SP 800-53 Rev. 4 CM-8, PM-5
· CIS CSC 2
· COBIT 5 BAI09.01, BAI09.02, BAI09.05
ID.AM-2: Software platforms and applications · ISA 62443-2-1:2009 4.2.3.4
within the organization are inventoried · ISA 62443-3-3:2013 SR 7.8
· ISO/IEC 27001:2013 A.8.1.1, A.8.1.2, A.12.5.1
· NIST SP 800-53 Rev. 4 CM-8, PM-5
· CIS CSC 12
Asset Management (ID.AM): The data, · COBIT 5 DSS05.02
personnel, devices, systems, and facilities that ID.AM-3: Organizational communication and · ISA 62443-2-1:2009 4.2.3.4
enable the organization to achieve business data flows are mapped
· ISO/IEC 27001:2013 A.13.2.1, A.13.2.2
purposes are identified and managed consistent
with their relative importance to organizational · NIST SP 800-53 Rev. 4 AC-4, CA-3, CA-9, PL-8
objectives and the organization’s risk strategy. · CIS CSC 12
ID.AM-4: External information systems are · COBIT 5 APO02.02, APO10.04, DSS01.02
catalogued · ISO/IEC 27001:2013 A.11.2.6
· NIST SP 800-53 Rev. 4 AC-20, SA-9
· CIS CSC 13, 14
ID.AM-5: Resources (e.g., hardware, devices, · COBIT 5 APO03.03, APO03.04, APO12.01, BAI04.02, BAI09.02
data, time, personnel, and software) are
· ISA 62443-2-1:2009 4.2.3.6
prioritized based on their classification,
criticality, and business value · ISO/IEC 27001:2013 A.8.2.1
· NIST SP 800-53 Rev. 4 CP-2, RA-2, SA-14, SC-6
· CIS CSC 17, 19
ID.AM-6: Cybersecurity roles and · COBIT 5 APO01.02, APO07.06, APO13.01, DSS06.03
responsibilities for the entire workforce and
· ISA 62443-2-1:2009 4.3.2.3.3
third-party stakeholders (e.g., suppliers,
customers, partners) are established · ISO/IEC 27001:2013 A.6.1.1
· NIST SP 800-53 Rev. 4 CP-2, PS-7, PM-11
· COBIT 5 APO08.01, APO08.04, APO08.05, APO10.03, APO10.04, APO10.05
ID.BE-1: The organization’s role in the supply
· ISO/IEC 27001:2013 A.15.1.1, A.15.1.2, A.15.1.3, A.15.2.1, A.15.2.2
chain is identified and communicated
· NIST SP 800-53 Rev. 4 CP-2, SA-12
ID.BE-2: The organization’s place in critical · COBIT 5 APO02.06, APO03.01
infrastructure and its industry sector is · ISO/IEC 27001:2013 Clause 4.1
identified and communicated · NIST SP 800-53 Rev. 4 PM-8
Business Environment (ID.BE): The
organization’s mission, objectives, · COBIT 5 APO02.01, APO02.06, APO03.01
ID.BE-3: Priorities for organizational mission,
stakeholders, and activities are understood and
objectives, and activities are established and · ISA 62443-2-1:2009 4.2.2.1, 4.2.3.6
prioritized; this information is used to inform
communicated · NIST SP 800-53 Rev. 4 PM-11, SA-14
cybersecurity roles, responsibilities, and risk
management decisions. · COBIT 5 APO10.01, BAI04.02, BAI09.02
ID.BE-4: Dependencies and critical functions
· ISO/IEC 27001:2013 A.11.2.2, A.11.2.3, A.12.1.3
for delivery of critical services are established
· NIST SP 800-53 Rev. 4 CP-8, PE-9, PE-11, PM-8, SA-14
ID.BE-5: Resilience requirements to support · COBIT 5 BAI03.02, DSS04.02
delivery of critical services are established for
· ISO/IEC 27001:2013 A.11.1.4, A.17.1.1, A.17.1.2, A.17.2.1
all operating states (e.g. under duress/attack,
during recovery, normal operations) · NIST SP 800-53 Rev. 4 CP-2, CP-11, SA-13, SA-14
· CIS CSC 19
· COBIT 5 APO01.03, APO13.01, EDM01.01, EDM01.02
ID.GV-1: Organizational cybersecurity policy
· ISA 62443-2-1:2009 4.3.2.6
is established and communicated
· ISO/IEC 27001:2013 A.5.1.1
· NIST SP 800-53 Rev. 4 -1 controls from all security control families
· CIS CSC 19
ID.GV-2: Cybersecurity roles and · COBIT 5 APO01.02, APO10.03, APO13.02, DSS05.04
Governance (ID.GV): The policies, responsibilities are coordinated and aligned · ISA 62443-2-1:2009 4.3.2.3.3
procedures, and processes to manage and with internal roles and external partners · ISO/IEC 27001:2013 A.6.1.1, A.7.2.1, A.15.1.1
monitor the organization’s regulatory, legal,
· NIST SP 800-53 Rev. 4 PS-7, PM-1, PM-2
risk, environmental, and operational
requirements are understood and inform the · CIS CSC 19
management of cybersecurity risk. ID.GV-3: Legal and regulatory requirements · COBIT 5 BAI02.01, MEA03.01, MEA03.04
regarding cybersecurity, including privacy and
· ISA 62443-2-1:2009 4.4.3.7
civil liberties obligations, are understood and
managed · ISO/IEC 27001:2013 A.18.1.1, A.18.1.2, A.18.1.3, A.18.1.4, A.18.1.5
· NIST SP 800-53 Rev. 4 -1 controls from all security control families
· COBIT 5 EDM03.02, APO12.02, APO12.05, DSS04.02
ID.GV-4: Governance and risk management · ISA 62443-2-1:2009 4.2.3.1, 4.2.3.3, 4.2.3.8, 4.2.3.9, 4.2.3.11, 4.3.2.4.3, 4.3.2.6.3
processes address cybersecurity risks · ISO/IEC 27001:2013 Clause 6
IDENTIFY (ID) · NIST SP 800-53 Rev. 4 SA-2, PM-3, PM-7, PM-9, PM-10, PM-11
· CIS CSC 4
· COBIT 5 APO12.01, APO12.02, APO12.03, APO12.04, DSS05.01, DSS05.02
ID.RA-1: Asset vulnerabilities are identified
and documented · ISA 62443-2-1:2009 4.2.3, 4.2.3.7, 4.2.3.9, 4.2.3.12
· ISO/IEC 27001:2013 A.12.6.1, A.18.2.3
· NIST SP 800-53 Rev. 4 CA-2, CA-7, CA-8, RA-3, RA-5, SA-5, SA-11, SI-2, SI-4, SI-5
· CIS CSC 4
· COBIT 5 BAI08.01
ID.RA-2: Cyber threat intelligence is received
· ISA 62443-2-1:2009 4.2.3, 4.2.3.9, 4.2.3.12
from information sharing forums and sources
· ISO/IEC 27001:2013 A.6.1.4
· NIST SP 800-53 Rev. 4 SI-5, PM-15, PM-16
Risk Assessment (ID.RA): The organization
understands the cybersecurity risk to
organizational operations (including mission,
functions, image, or reputation), organizational
assets, and individuals.
· CIS CSC 4
· COBIT 5 APO12.01, APO12.02, APO12.03, APO12.04
ID.RA-3: Threats, both internal and external,
Risk Assessment (ID.RA): The organization · ISA 62443-2-1:2009 4.2.3, 4.2.3.9, 4.2.3.12
are identified and documented
understands the cybersecurity risk to · ISO/IEC 27001:2013 Clause 6.1.2
organizational operations (including mission,
functions, image, or reputation), organizational · NIST SP 800-53 Rev. 4 RA-3, SI-5, PM-12, PM-16
assets, and individuals. · CIS CSC 4
· COBIT 5 DSS04.02
ID.RA-4: Potential business impacts and
· ISA 62443-2-1:2009 4.2.3, 4.2.3.9, 4.2.3.12
likelihoods are identified
· ISO/IEC 27001:2013 A.16.1.6, Clause 6.1.2
· NIST SP 800-53 Rev. 4 RA-2, RA-3, SA-14, PM-9, PM-11
· CIS CSC 4
ID.RA-5: Threats, vulnerabilities, likelihoods, · COBIT 5 APO12.02
and impacts are used to determine risk · ISO/IEC 27001:2013 A.12.6.1
· NIST SP 800-53 Rev. 4 RA-2, RA-3, PM-16
· CIS CSC 4
ID.RA-6: Risk responses are identified and · COBIT 5 APO12.05, APO13.02
prioritized · ISO/IEC 27001:2013 Clause 6.1.3
· NIST SP 800-53 Rev. 4 PM-4, PM-9
· CIS CSC 4
ID.RM-1: Risk management processes are · COBIT 5 APO12.04, APO12.05, APO13.02, BAI02.03, BAI04.02
established, managed, and agreed to by · ISA 62443-2-1:2009 4.3.4.2
organizational stakeholders · ISO/IEC 27001:2013 Clause 6.1.3, Clause 8.3, Clause 9.3
· NIST SP 800-53 Rev. 4 PM-9
Risk Management Strategy (ID.RM): The
organization’s priorities, constraints, risk · COBIT 5 APO12.06
tolerances, and assumptions are established ID.RM-2: Organizational risk tolerance is · ISA 62443-2-1:2009 4.3.2.6.5
and used to support operational risk decisions. determined and clearly expressed
· ISO/IEC 27001:2013 Clause 6.1.3, Clause 8.3
· NIST SP 800-53 Rev. 4 PM-9
ID.RM-3: The organization’s determination of · COBIT 5 APO12.02
risk tolerance is informed by its role in critical · ISO/IEC 27001:2013 Clause 6.1.3, Clause 8.3
infrastructure and sector specific risk analysis · NIST SP 800-53 Rev. 4 SA-14, PM-8, PM-9, PM-11
· CIS CSC 4
ID.SC-1: Cyber supply chain risk management · COBIT 5 APO10.01, APO10.04, APO12.04, APO12.05, APO13.02, BAI01.03, BAI02.03,
processes are identified, established, assessed, BAI04.02
· ISA 62443-2-1:2009 4.3.4.2
managed, and agreed to by organizational
stakeholders · ISO/IEC 27001:2013 A.15.1.1, A.15.1.2, A.15.1.3, A.15.2.1, A.15.2.2
· NIST SP 800-53 Rev. 4 SA-9, SA-12, PM-9
· COBIT 5 APO10.01, APO10.02, APO10.04, APO10.05, APO12.01, APO12.02, APO12.03,
ID.SC-2: Suppliers and third party partners of APO12.04, APO12.05, APO12.06, APO13.02, BAI02.03
information systems, components, and services · ISA 62443-2-1:2009 4.2.3.1, 4.2.3.2, 4.2.3.3, 4.2.3.4, 4.2.3.6, 4.2.3.8, 4.2.3.9, 4.2.3.10,
are identified, prioritized, and assessed using a 4.2.3.12,
·
4.2.3.13, 4.2.3.14
ISO/IEC 27001:2013 A.15.2.1, A.15.2.2
cyber supply chain risk assessment process
· NIST SP 800-53 Rev. 4 RA-2, RA-3, SA-12, SA-14, SA-15, PM-9
Supply Chain Risk Management (ID.SC): ID.SC-3: Contracts with suppliers and third-
· COBIT 5 APO10.01, APO10.02, APO10.03, APO10.04, APO10.05
The organization’s priorities, constraints, risk party partners are used to implement
appropriate measures designed to meet the · ISA 62443-2-1:2009 4.3.2.6.4, 4.3.2.6.7
tolerances, and assumptions are established
and used to support risk decisions associated objectives of an organization’s cybersecurity · ISO/IEC 27001:2013 A.15.1.1, A.15.1.2, A.15.1.3
with managing supply chain risk. The program and Cyber Supply Chain Risk
· NIST SP 800-53 Rev. 4 SA-9, SA-11, SA-12, PM-9
organization has established and implemented Management Plan.
· COBIT 5 APO10.01, APO10.03, APO10.04, APO10.05, MEA01.01, MEA01.02, MEA01.03,
the processes to identify, assess and manage MEA01.04, MEA01.05
supply chain risks. ID.SC-4: Suppliers and third-party partners are · ISA 62443-2-1:2009 4.3.2.6.7
routinely assessed using audits, test results, or
· ISA 62443-3-3:2013 SR 6.1
other forms of evaluations to confirm they are
meeting their contractual obligations. · ISO/IEC 27001:2013 A.15.2.1, A.15.2.2
· NIST SP 800-53 Rev. 4 AU-2, AU-6, AU-12, AU-16, PS-7, SA-9, SA-12
· CIS CSC 19, 20
· COBIT 5 DSS04.04
ID.SC-5: Response and recovery planning and · ISA 62443-2-1:2009 4.3.2.5.7, 4.3.4.5.11
testing are conducted with suppliers and third-
party providers · ISA 62443-3-3:2013 SR 2.8, SR 3.3, SR.6.1, SR 7.3, SR 7.4
· ISO/IEC 27001:2013 A.17.1.3
· NIST SP 800-53 Rev. 4 CP-2, CP-4, IR-3, IR-4, IR-6, IR-8, IR-9
· CIS CSC 1, 5, 15, 16
· COBIT 5 DSS05.04, DSS06.03
PR.AC-1: Identities and credentials are issued, · ISA 62443-2-1:2009 4.3.3.5.1
managed, verified, revoked, and audited for
authorized devices, users and processes · ISA 62443-3-3:2013 SR 1.1, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.7, SR 1.8, SR 1.9
· ISO/IEC 27001:2013 A.9.2.1, A.9.2.2, A.9.2.3, A.9.2.4, A.9.2.6, A.9.3.1, A.9.4.2, A.9.4.3
· NIST SP 800-53 Rev. 4 AC-1, AC-2, IA-1, IA-2, IA-3, IA-4, IA-5, IA-6, IA-7, IA-8, IA-9,
IA-10, IA-11
· COBIT 5 DSS01.04, DSS05.05
PR.AC-2: Physical access to assets is managed · ISA 62443-2-1:2009 4.3.3.3.2, 4.3.3.3.8
and protected · ISO/IEC 27001:2013 A.11.1.1, A.11.1.2, A.11.1.3, A.11.1.4, A.11.1.5, A.11.1.6, A.11.2.1, A.
11.2.3,
· A.11.2.5,
NIST A.11.2.6,
SP 800-53 Rev.A.11.2.7, A.11.2.8
4 PE-2, PE-3, PE-4, PE-5, PE-6, PE-8
· CIS CSC 12
· COBIT 5 APO13.01, DSS01.04, DSS05.03
· ISA 62443-2-1:2009 4.3.3.6.6
PR.AC-3: Remote access is managed
· ISA 62443-3-3:2013 SR 1.13, SR 2.6
· ISO/IEC 27001:2013 A.6.2.1, A.6.2.2, A.11.2.6, A.13.1.1, A.13.2.1
· NIST SP 800-53 Rev. 4 AC-1, AC-17, AC-19, AC-20, SC-15
· CIS CSC 3, 5, 12, 14, 15, 16, 18
Identity Management, Authentication and · COBIT 5 DSS05.04
PR.AC-4: Access permissions and
Access Control (PR.AC): Access to physical authorizations are managed, incorporating the · ISA 62443-2-1:2009 4.3.3.7.3
and logical assets and associated facilities is principles of least privilege and separation of · ISA 62443-3-3:2013 SR 2.1
limited to authorized users, processes, and duties
devices, and is managed consistent with the · ISO/IEC 27001:2013 A.6.1.2, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5
assessed risk of unauthorized access to · NIST SP 800-53 Rev. 4 AC-1, AC-2, AC-3, AC-5, AC-6, AC-14, AC-16, AC-24
authorized activities and transactions.
Identity Management, Authentication and
Access Control (PR.AC): Access to physical
and logical assets and associated facilities is
limited to authorized users, processes, and
devices, and is managed consistent with the
assessed risk of unauthorized access to
authorized activities and transactions. · CIS CSC 9, 14, 15, 18
· COBIT 5 DSS01.05, DSS05.02
PR.AC-5: Network integrity is protected (e.g., · ISA 62443-2-1:2009 4.3.3.4
network segregation, network segmentation) · ISA 62443-3-3:2013 SR 3.1, SR 3.8
· ISO/IEC 27001:2013 A.13.1.1, A.13.1.3, A.13.2.1, A.14.1.2, A.14.1.3
· NIST SP 800-53 Rev. 4 AC-4, AC-10, SC-7
· CIS CSC, 16
· COBIT 5 DSS05.04, DSS05.05, DSS05.07, DSS06.03
PR.AC-6: Identities are proofed and bound to · ISA 62443-2-1:2009 4.3.3.2.2, 4.3.3.5.2, 4.3.3.7.2, 4.3.3.7.4
credentials and asserted in interactions · ISA 62443-3-3:2013 SR 1.1, SR 1.2, SR 1.4, SR 1.5, SR 1.9, SR 2.1
· ISO/IEC 27001:2013, A.7.1.1, A.9.2.1
· NIST SP 800-53 Rev. 4 AC-1, AC-2, AC-3, AC-16, AC-19, AC-24, IA-1, IA-2, IA-4, IA-5,
IA-8, PE-2, PS-3
· CIS CSC 1, 12, 15, 16
PR.AC-7: Users, devices, and other assets are · COBIT 5 DSS05.04, DSS05.10, DSS06.10
authenticated (e.g., single-factor, multi-factor) · ISA 62443-2-1:2009 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7,
commensurate with the risk of the transaction 4.3.3.6.8, 4.3.3.6.9
(e.g., individuals’ security and privacy risks · ISA 62443-3-3:2013 SR 1.1, SR 1.2, SR 1.5, SR 1.7, SR 1.8, SR 1.9, SR 1.10
and other organizational risks) · ISO/IEC 27001:2013 A.9.2.1, A.9.2.4, A.9.3.1, A.9.4.2, A.9.4.3, A.18.1.4
· NIST SP 800-53 Rev. 4 AC-7, AC-8, AC-9, AC-11, AC-12, AC-14, IA-1, IA-2, IA-3, IA-4,
IA-5, IA-8, IA-9, IA-10, IA-11
· CIS CSC 17, 18
· COBIT 5 APO07.03, BAI05.07
PR.AT-1: All users are informed and trained · ISA 62443-2-1:2009 4.3.2.4.2
· ISO/IEC 27001:2013 A.7.2.2, A.12.2.1
· NIST SP 800-53 Rev. 4 AT-2, PM-13
· CIS CSC 5, 17, 18
· COBIT 5 APO07.02, DSS05.04, DSS06.03
PR.AT-2: Privileged users understand their
· ISA 62443-2-1:2009 4.3.2.4.2, 4.3.2.4.3
roles and responsibilities
· ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
· NIST SP 800-53 Rev. 4 AT-3, PM-13
Awareness and Training (PR.AT): The · CIS CSC 17
organization’s personnel and partners are
provided cybersecurity awareness education PR.AT-3: Third-party stakeholders (e.g., · COBIT 5 APO07.03, APO07.06, APO10.04, APO10.05
and are trained to perform their cybersecurity- suppliers, customers, partners) understand their · ISA 62443-2-1:2009 4.3.2.4.2
related duties and responsibilities consistent roles and responsibilities · ISO/IEC 27001:2013 A.6.1.1, A.7.2.1, A.7.2.2
with related policies, procedures, and
agreements. · NIST SP 800-53 Rev. 4 PS-7, SA-9, SA-16
· CIS CSC 17, 19
· COBIT 5 EDM01.01, APO01.02, APO07.03
PR.AT-4: Senior executives understand their
· ISA 62443-2-1:2009 4.3.2.4.2
roles and responsibilities
· ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
· NIST SP 800-53 Rev. 4 AT-3, PM-13
· CIS CSC 17
PR.AT-5: Physical and cybersecurity · COBIT 5 APO07.03
personnel understand their roles and · ISA 62443-2-1:2009 4.3.2.4.2
responsibilities · ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
· NIST SP 800-53 Rev. 4 AT-3, IR-2, PM-13
· CIS CSC 13, 14
· COBIT 5 APO01.06, BAI02.01, BAI06.01, DSS04.07, DSS05.03, DSS06.06
PR.DS-1: Data-at-rest is protected · ISA 62443-3-3:2013 SR 3.4, SR 4.1
· ISO/IEC 27001:2013 A.8.2.3
· NIST SP 800-53 Rev. 4 MP-8, SC-12, SC-28
· CIS CSC 13, 14
· COBIT 5 APO01.06, DSS05.02, DSS06.06
PR.DS-2: Data-in-transit is protected · ISA 62443-3-3:2013 SR 3.1, SR 3.8, SR 4.1, SR 4.2
· ISO/IEC 27001:2013 A.8.2.3, A.13.1.1, A.13.2.1, A.13.2.3, A.14.1.2, A.14.1.3
· NIST SP 800-53 Rev. 4 SC-8, SC-11, SC-12
· CIS CSC 1
· COBIT 5 BAI09.03
PR.DS-3: Assets are formally managed · ISA 62443-2-1:2009 4.3.3.3.9, 4.3.4.4.1
throughout removal, transfers, and disposition · ISA 62443-3-3:2013 SR 4.2
· ISO/IEC 27001:2013 A.8.2.3, A.8.3.1, A.8.3.2, A.8.3.3, A.11.2.5, A.11.2.7
· NIST SP 800-53 Rev. 4 CM-8, MP-6, PE-16
· CIS CSC 1, 2, 13
· COBIT 5 APO13.01, BAI04.04
Data Security (PR.DS): Information and PR.DS-4: Adequate capacity to ensure
records (data) are managed consistent with the availability is maintained · ISA 62443-3-3:2013 SR 7.1, SR 7.2
organization’s risk strategy to protect the · ISO/IEC 27001:2013 A.12.1.3, A.17.2.1
confidentiality, integrity, and availability of · NIST SP 800-53 Rev. 4 AU-4, CP-2, SC-5
information.
· CIS CSC 13
· COBIT 5 APO01.06, DSS05.04, DSS05.07, DSS06.02
PR.DS-5: Protections against data leaks are
· ISA 62443-3-3:2013 SR 5.2
implemented
· ISO/IEC 27001:2013 A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.
9.2.3,
· A.9.4.1,
NIST SP A.9.4.4, A.9.4.5,
800-53 Rev. A.10.1.1,
4 AC-4, AC-5,A.11.1.4, A.11.1.5,
AC-6, PE-19, A.11.2.1,
PS-3, A.13.1.1,
PS-6, SC-7, SC-8,A.13.1.3, A.
SC-13, SC-31,
13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3
SI-4
· CIS CSC 2, 3
PR.DS-6: Integrity checking mechanisms are · COBIT 5 APO01.06, BAI06.01, DSS06.02
used to verify software, firmware, and · ISA 62443-3-3:2013 SR 3.1, SR 3.3, SR 3.4, SR 3.8
information integrity · ISO/IEC 27001:2013 A.12.2.1, A.12.5.1, A.14.1.2, A.14.1.3, A.14.2.4
· NIST SP 800-53 Rev. 4 SC-16, SI-7
· CIS CSC 18, 20
PR.DS-7: The development and testing · COBIT 5 BAI03.08, BAI07.04
environment(s) are separate from the
production environment
PROTECT
(PR)
PR.DS-7: The development and testing
environment(s) are separate from the
production environment · ISO/IEC 27001:2013 A.12.1.4
PROTECT
· NIST SP 800-53 Rev. 4 CM-2
(PR)
· COBIT 5 BAI03.05
PR.DS-8: Integrity checking mechanisms are · ISA 62443-2-1:2009 4.3.4.4.4
used to verify hardware integrity · ISO/IEC 27001:2013 A.11.2.4
· NIST SP 800-53 Rev. 4 SA-10, SI-7
· CIS CSC 3, 9, 11
PR.IP-1: A baseline configuration of · COBIT 5 BAI10.01, BAI10.02, BAI10.03, BAI10.05
information technology/industrial control · ISA 62443-2-1:2009 4.3.4.3.2, 4.3.4.3.3
systems is created and maintained
incorporating security principles (e.g. concept · ISA 62443-3-3:2013 SR 7.6
of least functionality) · ISO/IEC 27001:2013 A.12.1.2, A.12.5.1, A.12.6.2, A.14.2.2, A.14.2.3, A.14.2.4
· NIST SP 800-53 Rev. 4 CM-2, CM-3, CM-4, CM-5, CM-6, CM-7, CM-9, SA-10
· CIS CSC 18
COBIT 5 APO13.01, BAI03.01, BAI03.02, BAI03.03
·
PR.IP-2: A System Development Life Cycle to
· ISA 62443-2-1:2009 4.3.4.3.3
manage systems is implemented
· ISO/IEC 27001:2013 A.6.1.5, A.14.1.1, A.14.2.1, A.14.2.5
· NIST SP 800-53 Rev. 4 PL-8, SA-3, SA-4, SA-8, SA-10, SA-11, SA-12, SA-15, SA-17, SI-
12, SI-13, SI-14, SI-16, SI-17
· CIS CSC 3, 11
· COBIT 5 BAI01.06, BAI06.01
PR.IP-3: Configuration change control · ISA 62443-2-1:2009 4.3.4.3.2, 4.3.4.3.3
processes are in place · ISA 62443-3-3:2013 SR 7.6
· ISO/IEC 27001:2013 A.12.1.2, A.12.5.1, A.12.6.2, A.14.2.2, A.14.2.3, A.14.2.4
· NIST SP 800-53 Rev. 4 CM-3, CM-4, SA-10
· CIS CSC 10
· COBIT 5 APO13.01, DSS01.01, DSS04.07
PR.IP-4: Backups of information are · ISA 62443-2-1:2009 4.3.4.3.9
conducted, maintained, and tested · ISA 62443-3-3:2013 SR 7.3, SR 7.4
· ISO/IEC 27001:2013 A.12.3.1, A.17.1.2, A.17.1.3, A.18.1.3
· NIST SP 800-53 Rev. 4 CP-4, CP-6, CP-9
· COBIT 5 DSS01.04, DSS05.05
PR.IP-5: Policy and regulations regarding the · ISA 62443-2-1:2009 4.3.3.3.1 4.3.3.3.2, 4.3.3.3.3, 4.3.3.3.5, 4.3.3.3.6
physical operating environment for
organizational assets are met · ISO/IEC 27001:2013 A.11.1.4, A.11.2.1, A.11.2.2, A.11.2.3
· NIST SP 800-53 Rev. 4 PE-10, PE-12, PE-13, PE-14, PE-15, PE-18
Information Protection Processes and · COBIT 5 BAI09.03, DSS05.06
Procedures (PR.IP): Security policies (that
address purpose, scope, roles, responsibilities, · ISA 62443-2-1:2009 4.3.4.4.4
management commitment, and coordination PR.IP-6: Data is destroyed according to policy · ISA 62443-3-3:2013 SR 4.2
among organizational entities), processes, and · ISO/IEC 27001:2013 A.8.2.3, A.8.3.1, A.8.3.2, A.11.2.7
procedures are maintained and used to manage
protection of information systems and assets. · NIST SP 800-53 Rev. 4 MP-6
· COBIT 5 APO11.06, APO12.06, DSS04.05
· ISA 62443-2-1:2009 4.4.3.1, 4.4.3.2, 4.4.3.3, 4.4.3.4, 4.4.3.5, 4.4.3.6, 4.4.3.7, 4.4.3.8
PR.IP-7: Protection processes are improved
· ISO/IEC 27001:2013 A.16.1.6, Clause 9, Clause 10
· NIST SP 800-53 Rev. 4 CA-2, CA-7, CP-2, IR-8, PL-2, PM-6
· COBIT 5 BAI08.04, DSS03.04
PR.IP-8: Effectiveness of protection
· ISO/IEC 27001:2013 A.16.1.6
technologies is shared
· NIST SP 800-53 Rev. 4 AC-21, CA-7, SI-4
· CIS CSC 19
PR.IP-9: Response plans (Incident Response · COBIT 5 APO12.06, DSS04.03
and Business Continuity) and recovery plans
· ISA 62443-2-1:2009 4.3.2.5.3, 4.3.4.5.1
(Incident Recovery and Disaster Recovery) are
in place and managed · ISO/IEC 27001:2013 A.16.1.1, A.17.1.1, A.17.1.2, A.17.1.3
· NIST SP 800-53 Rev. 4 CP-2, CP-7, CP-12, CP-13, IR-7, IR-8, IR-9, PE-17
· CIS CSC 19, 20
· COBIT 5 DSS04.04
PR.IP-10: Response and recovery plans are · ISA 62443-2-1:2009 4.3.2.5.7, 4.3.4.5.11
tested · ISA 62443-3-3:2013 SR 3.3
· ISO/IEC 27001:2013 A.17.1.3
· NIST SP 800-53 Rev. 4 CP-4, IR-3, PM-14
· CIS CSC 5, 16
PR.IP-11: Cybersecurity is included in human · COBIT 5 APO07.01, APO07.02, APO07.03, APO07.04, APO07.05
resources practices (e.g., deprovisioning, · ISA 62443-2-1:2009 4.3.3.2.1, 4.3.3.2.2, 4.3.3.2.3
personnel screening) · ISO/IEC 27001:2013 A.7.1.1, A.7.1.2, A.7.2.1, A.7.2.2, A.7.2.3, A.7.3.1, A.8.1.4
· NIST SP 800-53 Rev. 4 PS-1, PS-2, PS-3, PS-4, PS-5, PS-6, PS-7, PS-8, SA-21
· CIS CSC 4, 18, 20
PR.IP-12: A vulnerability management plan is · COBIT 5 BAI03.10, DSS05.01, DSS05.02
developed and implemented · ISO/IEC 27001:2013 A.12.6.1, A.14.2.3, A.16.1.3, A.18.2.2, A.18.2.3
· NIST SP 800-53 Rev. 4 RA-3, RA-5, SI-2
· COBIT 5 BAI03.10, BAI09.02, BAI09.03, DSS01.05
PR.MA-1: Maintenance and repair of · ISA 62443-2-1:2009 4.3.3.3.7
organizational assets are performed and logged,
with approved and controlled tools · ISO/IEC 27001:2013 A.11.1.2, A.11.2.4, A.11.2.5, A.11.2.6
Maintenance (PR.MA): Maintenance and · NIST SP 800-53 Rev. 4 MA-2, MA-3, MA-5, MA-6
repairs of industrial control and information
· CIS CSC 3, 5
system components are performed consistent
with policies and procedures. PR.MA-2: Remote maintenance of · COBIT 5 DSS05.04
organizational assets is approved, logged, and
· ISA 62443-2-1:2009 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8
performed in a manner that prevents
unauthorized access · ISO/IEC 27001:2013 A.11.2.4, A.15.1.1, A.15.2.1
· NIST SP 800-53 Rev. 4 MA-4
· CIS CSC 1, 3, 5, 6, 14, 15, 16
· COBIT 5 APO11.04, BAI03.05, DSS05.04, DSS05.07, MEA02.01
PR.PT-1: Audit/log records are determined,
documented, implemented, and reviewed in
accordance with policy
PR.PT-1: Audit/log records are determined, · ISA 62443-2-1:2009 4.3.3.3.9, 4.3.3.5.8, 4.3.4.4.7, 4.4.2.1, 4.4.2.2, 4.4.2.4
documented, implemented, and reviewed in
accordance with policy · ISA 62443-3-3:2013 SR 2.8, SR 2.9, SR 2.10, SR 2.11, SR 2.12
· ISO/IEC 27001:2013 A.12.4.1, A.12.4.2, A.12.4.3, A.12.4.4, A.12.7.1
· NIST SP 800-53 Rev. 4 AU Family
· CIS CSC 8, 13
· COBIT 5 APO13.01, DSS05.02, DSS05.06
PR.PT-2: Removable media is protected and
· ISA 62443-3-3:2013 SR 2.3
its use restricted according to policy
· ISO/IEC 27001:2013 A.8.2.1, A.8.2.2, A.8.2.3, A.8.3.1, A.8.3.3, A.11.2.9
· NIST SP 800-53 Rev. 4 MP-2, MP-3, MP-4, MP-5, MP-7, MP-8
· CIS CSC 3, 11, 14
Protective Technology (PR.PT): Technical
security solutions are managed to ensure the · COBIT 5 DSS05.02, DSS05.05, DSS06.06
security and resilience of systems and assets, PR.PT-3: The principle of least functionality is · ISA 62443-2-1:2009 4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7,
consistent with related policies, procedures, incorporated by configuring systems to provide 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9,
only essential capabilities · ISA 62443-3-3:2013 SR 1.1, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9,
and agreements. 4.3.3.7.1,
SR 1.10, SR4.3.3.7.2,
1.11, SR4.3.3.7.3,
1.12, SR4.3.3.7.4
1.13, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7
· ISO/IEC 27001:2013 A.9.1.2
· NIST SP 800-53 Rev. 4 AC-3, CM-7
· CIS CSC 8, 12, 15
· COBIT 5 DSS05.02, APO13.01
PR.PT-4: Communications and control · ISA 62443-3-3:2013 SR 3.1, SR 3.5, SR 3.8, SR 4.1, SR 4.3, SR 5.1, SR 5.2, SR 5.3, SR 7.1,
networks are protected SR 7.6
· ISO/IEC 27001:2013 A.13.1.1, A.13.2.1, A.14.1.3
· NIST SP 800-53 Rev. 4 AC-4, AC-17, AC-18, CP-8, SC-7, SC-19, SC-20, SC-21, SC-22, SC-
23, SC-24, SC-25, SC-29, SC-32, SC-36, SC-37, SC-38, SC-39, SC-40, SC-41, SC-43
· COBIT 5 BAI04.01, BAI04.02, BAI04.03, BAI04.04, BAI04.05, DSS01.05
PR.PT-5: Mechanisms (e.g., failsafe, load · ISA 62443-2-1:2009 4.3.2.5.2
balancing, hot swap) are implemented to
· ISA 62443-3-3:2013 SR 7.1, SR 7.2
achieve resilience requirements in normal and
adverse situations · ISO/IEC 27001:2013 A.17.1.2, A.17.2.1
· NIST SP 800-53 Rev. 4 CP-7, CP-8, CP-11, CP-13, PL-8, SA-14, SC-6
· CIS CSC 1, 4, 6, 12, 13, 15, 16
DE.AE-1: A baseline of network operations · COBIT 5 DSS03.01
and expected data flows for users and systems · ISA 62443-2-1:2009 4.4.3.3
is established and managed · ISO/IEC 27001:2013 A.12.1.1, A.12.1.2, A.13.1.1, A.13.1.2
· NIST SP 800-53 Rev. 4 AC-4, CA-3, CM-2, SI-4
· CIS CSC 3, 6, 13, 15
· COBIT 5 DSS05.07
DE.AE-2: Detected events are analyzed to · ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7, 4.3.4.5.8
understand attack targets and methods · ISA 62443-3-3:2013 SR 2.8, SR 2.9, SR 2.10, SR 2.11, SR 2.12, SR 3.9, SR 6.1, SR 6.2
· ISO/IEC 27001:2013 A.12.4.1, A.16.1.1, A.16.1.4
· NIST SP 800-53 Rev. 4 AU-6, CA-7, IR-4, SI-4
Anomalies and Events (DE.AE): Anomalous · CIS CSC 1, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16
activity is detected and the potential impact of · COBIT 5 BAI08.02
events is understood. DE.AE-3: Event data are collected and
· ISA 62443-3-3:2013 SR 6.1
correlated from multiple sources and sensors
· ISO/IEC 27001:2013 A.12.4.1, A.16.1.7
· NIST SP 800-53 Rev. 4 AU-6, CA-7, IR-4, IR-5, IR-8, SI-4
· CIS CSC 4, 6
· COBIT 5 APO12.06, DSS03.01
DE.AE-4: Impact of events is determined
· ISO/IEC 27001:2013 A.16.1.4
· NIST SP 800-53 Rev. 4 CP-2, IR-4, RA-3, SI-4
· CIS CSC 6, 19
· COBIT 5 APO12.06, DSS03.01
DE.AE-5: Incident alert thresholds are
· ISA 62443-2-1:2009 4.2.3.10
established
· ISO/IEC 27001:2013 A.16.1.4
· NIST SP 800-53 Rev. 4 IR-4, IR-5, IR-8
· CIS CSC 1, 7, 8, 12, 13, 15, 16
DE.CM-1: The network is monitored to detect · COBIT 5 DSS01.03, DSS03.05, DSS05.07
potential cybersecurity events · ISA 62443-3-3:2013 SR 6.2
· NIST SP 800-53 Rev. 4 AC-2, AU-12, CA-7, CM-3, SC-5, SC-7, SI-4
· COBIT 5 DSS01.04, DSS01.05
DE.CM-2: The physical environment is · ISA 62443-2-1:2009 4.3.3.3.8
monitored to detect potential cybersecurity
events · ISO/IEC 27001:2013 A.11.1.1, A.11.1.2
· NIST SP 800-53 Rev. 4 CA-7, PE-3, PE-6, PE-20
· CIS CSC 5, 7, 14, 16
· COBIT 5 DSS05.07
DE.CM-3: Personnel activity is monitored to
· ISA 62443-3-3:2013 SR 6.2
detect potential cybersecurity events
· ISO/IEC 27001:2013 A.12.4.1, A.12.4.3
· NIST SP 800-53 Rev. 4 AC-2, AU-12, AU-13, CA-7, CM-10, CM-11
· CIS CSC 4, 7, 8, 12
· COBIT 5 DSS05.01
· ISA 62443-2-1:2009 4.3.4.3.8
DE.CM-4: Malicious code is detected
· ISA 62443-3-3:2013 SR 3.2
Security Continuous Monitoring (DE.CM):
DETECT (DE) The information system and assets are · ISO/IEC 27001:2013 A.12.2.1
monitored to identify cybersecurity events and · NIST SP 800-53 Rev. 4 SI-3, SI-8
verify the effectiveness of protective measures.
· CIS CSC 7, 8
· COBIT 5 DSS05.01
DE.CM-5: Unauthorized mobile code is
· ISA 62443-3-3:2013 SR 2.4
detected
· ISO/IEC 27001:2013 A.12.5.1, A.12.6.2
· NIST SP 800-53 Rev. 4 SC-18, SI-4, SC-44
DE.CM-6: External service provider activity is · COBIT 5 APO07.06, APO10.05
monitored to detect potential cybersecurity · ISO/IEC 27001:2013 A.14.2.7, A.15.2.1
events
DE.CM-6: External service provider activity is
monitored to detect potential cybersecurity
events · NIST SP 800-53 Rev. 4 CA-7, PS-7, SA-4, SA-9, SI-4
· CIS CSC 1, 2, 3, 5, 9, 12, 13, 15, 16
DE.CM-7: Monitoring for unauthorized · COBIT 5 DSS05.02, DSS05.05
personnel, connections, devices, and software is
performed · ISO/IEC 27001:2013 A.12.4.1, A.14.2.7, A.15.2.1
· NIST SP 800-53 Rev. 4 AU-12, CA-7, CM-3, CM-8, PE-3, PE-6, PE-20, SI-4
· CIS CSC 4, 20
· COBIT 5 BAI03.10, DSS05.01
DE.CM-8: Vulnerability scans are performed · ISA 62443-2-1:2009 4.2.3.1, 4.2.3.7
· ISO/IEC 27001:2013 A.12.6.1
· NIST SP 800-53 Rev. 4 RA-5
· CIS CSC 19
DE.DP-1: Roles and responsibilities for · COBIT 5 APO01.02, DSS05.01, DSS06.03
detection are well defined to ensure · ISA 62443-2-1:2009 4.4.3.1
accountability · ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
· NIST SP 800-53 Rev. 4 CA-2, CA-7, PM-14
· COBIT 5 DSS06.01, MEA03.03, MEA03.04
DE.DP-2: Detection activities comply with all · ISA 62443-2-1:2009 4.4.3.2
applicable requirements · ISO/IEC 27001:2013 A.18.1.4, A.18.2.2, A.18.2.3
· NIST SP 800-53 Rev. 4 AC-25, CA-2, CA-7, SA-18, SI-4, PM-14
· COBIT 5 APO13.02, DSS05.02
· ISA 62443-2-1:2009 4.4.3.2
Detection Processes (DE.DP): Detection
processes and procedures are maintained and DE.DP-3: Detection processes are tested · ISA 62443-3-3:2013 SR 3.3
tested to ensure awareness of anomalous · ISO/IEC 27001:2013 A.14.2.8
events.
· NIST SP 800-53 Rev. 4 CA-2, CA-7, PE-3, SI-3, SI-4, PM-14
· CIS CSC 19
· COBIT 5 APO08.04, APO12.06, DSS02.05
DE.DP-4: Event detection information is · ISA 62443-2-1:2009 4.3.4.5.9
communicated · ISA 62443-3-3:2013 SR 6.1
· ISO/IEC 27001:2013 A.16.1.2, A.16.1.3
· NIST SP 800-53 Rev. 4 AU-6, CA-2, CA-7, RA-5, SI-4
· COBIT 5 APO11.06, APO12.06, DSS04.05
DE.DP-5: Detection processes are · ISA 62443-2-1:2009 4.4.3.4
continuously improved · ISO/IEC 27001:2013 A.16.1.6
· NIST SP 800-53 Rev. 4, CA-2, CA-7, PL-2, RA-5, SI-4, PM-14
· CIS CSC 19
Response Planning (RS.RP): Response · COBIT 5 APO12.06, BAI01.10
processes and procedures are executed and RS.RP-1: Response plan is executed during or
· ISA 62443-2-1:2009 4.3.4.5.1
maintained, to ensure response to detected after an incident
cybersecurity incidents. · ISO/IEC 27001:2013 A.16.1.5
· NIST SP 800-53 Rev. 4 CP-2, CP-10, IR-4, IR-8
· CIS CSC 19
· COBIT 5 EDM03.02, APO01.02, APO12.03
RS.CO-1: Personnel know their roles and order
· ISA 62443-2-1:2009 4.3.4.5.2, 4.3.4.5.3, 4.3.4.5.4
of operations when a response is needed
· ISO/IEC 27001:2013 A.6.1.1, A.7.2.2, A.16.1.1
· NIST SP 800-53 Rev. 4 CP-2, CP-3, IR-3, IR-8
· CIS CSC 19
· COBIT 5 DSS01.03
RS.CO-2: Incidents are reported consistent
· ISA 62443-2-1:2009 4.3.4.5.5
with established criteria
· ISO/IEC 27001:2013 A.6.1.3, A.16.1.2
· NIST SP 800-53 Rev. 4 AU-6, IR-6, IR-8
· CIS CSC 19
Communications (RS.CO): Response
activities are coordinated with internal and · COBIT 5 DSS03.04
external stakeholders (e.g. external support RS.CO-3: Information is shared consistent
· ISA 62443-2-1:2009 4.3.4.5.2
from law enforcement agencies). with response plans
· ISO/IEC 27001:2013 A.16.1.2, Clause 7.4, Clause 16.1.2
· NIST SP 800-53 Rev. 4 CA-2, CA-7, CP-2, IR-4, IR-8, PE-6, RA-5, SI-4
· CIS CSC 19
· COBIT 5 DSS03.04
RS.CO-4: Coordination with stakeholders
· ISA 62443-2-1:2009 4.3.4.5.5
occurs consistent with response plans
· ISO/IEC 27001:2013 Clause 7.4
· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8
· CIS CSC 19
RS.CO-5: Voluntary information sharing · COBIT 5 BAI08.04
occurs with external stakeholders to achieve
broader cybersecurity situational awareness · ISO/IEC 27001:2013 A.6.1.4
· NIST SP 800-53 Rev. 4 SI-5, PM-15
· CIS CSC 4, 6, 8, 19
· COBIT 5 DSS02.04, DSS02.07
RS.AN-1: Notifications from detection systems · ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7, 4.3.4.5.8
are investigated · ISA 62443-3-3:2013 SR 6.1
· ISO/IEC 27001:2013 A.12.4.1, A.12.4.3, A.16.1.5
· NIST SP 800-53 Rev. 4 AU-6, CA-7, IR-4, IR-5, PE-6, SI-4
· COBIT 5 DSS02.02
RESPOND (RS) RS.AN-2: The impact of the incident is · ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7, 4.3.4.5.8
understood · ISO/IEC 27001:2013 A.16.1.4, A.16.1.6
· NIST SP 800-53 Rev. 4 CP-2, IR-4
Analysis (RS.AN): Analysis is conducted to · COBIT 5 APO12.06, DSS03.02, DSS05.07
ensure effective response and support recovery
activities. · ISA 62443-3-3:2013 SR 2.8, SR 2.9, SR 2.10, SR 2.11, SR 2.12, SR 3.9, SR 6.1
RS.AN-3: Forensics are performed
· ISO/IEC 27001:2013 A.16.1.7
RESPOND (RS)
Analysis (RS.AN): Analysis is conducted to
ensure effective response and support recovery
activities. RS.AN-3: Forensics are performed
· NIST SP 800-53 Rev. 4 AU-7, IR-4
· CIS CSC 19
· COBIT 5 DSS02.02
RS.AN-4: Incidents are categorized consistent
· ISA 62443-2-1:2009 4.3.4.5.6
with response plans
· ISO/IEC 27001:2013 A.16.1.4
· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-5, IR-8
RS.AN-5: Processes are established to receive,
analyze and respond to vulnerabilities disclosed · CIS CSC 4, 19
to the organization from internal and external · COBIT 5 EDM03.02, DSS05.07
sources (e.g. internal testing, security bulletins, · NIST SP 800-53 Rev. 4 SI-5, PM-15
or security researchers)
· CIS CSC 19
· COBIT 5 APO12.06
· ISA 62443-2-1:2009 4.3.4.5.6
RS.MI-1: Incidents are contained
· ISA 62443-3-3:2013 SR 5.1, SR 5.2, SR 5.4
· ISO/IEC 27001:2013 A.12.2.1, A.16.1.5
· NIST SP 800-53 Rev. 4 IR-4
Mitigation (RS.MI): Activities are performed · CIS CSC 4, 19
to prevent expansion of an event, mitigate its · COBIT 5 APO12.06
effects, and resolve the incident. RS.MI-2: Incidents are mitigated · ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.10
· ISO/IEC 27001:2013 A.12.2.1, A.16.1.5
· NIST SP 800-53 Rev. 4 IR-4
· CIS CSC 4
RS.MI-3: Newly identified vulnerabilities are · COBIT 5 APO12.06
mitigated or documented as accepted risks · ISO/IEC 27001:2013 A.12.6.1
· NIST SP 800-53 Rev. 4 CA-7, RA-3, RA-5
· COBIT 5 BAI01.13
RS.IM-1: Response plans incorporate lessons · ISA 62443-2-1:2009 4.3.4.5.10, 4.4.3.4
Improvements (RS.IM): Organizational learned · ISO/IEC 27001:2013 A.16.1.6, Clause 10
response activities are improved by
· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8
incorporating lessons learned from current and
previous detection/response activities. · COBIT 5 BAI01.13, DSS04.08
RS.IM-2: Response strategies are updated · ISO/IEC 27001:2013 A.16.1.6, Clause 10
· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8
· CIS CSC 10
Recovery Planning (RC.RP): Recovery
processes and procedures are executed and RC.RP-1: Recovery plan is executed during or · COBIT 5 APO12.06, DSS02.05, DSS03.04
maintained to ensure restoration of systems or after a cybersecurity incident · ISO/IEC 27001:2013 A.16.1.5
assets affected by cybersecurity incidents.
· NIST SP 800-53 Rev. 4 CP-10, IR-4, IR-8
· COBIT 5 APO12.06, BAI05.07, DSS04.08
RC.IM-1: Recovery plans incorporate lessons · ISA 62443-2-1:2009 4.4.3.4
learned · ISO/IEC 27001:2013 A.16.1.6, Clause 10
Improvements (RC.IM): Recovery planning
and processes are improved by incorporating · NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8
lessons learned into future activities. · COBIT 5 APO12.06, BAI07.08
RECOVER
(RC) RC.IM-2: Recovery strategies are updated · ISO/IEC 27001:2013 A.16.1.6, Clause 10
· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8
· COBIT 5 EDM03.02
RC.CO-1: Public relations are managed
· ISO/IEC 27001:2013 A.6.1.4, Clause 7.4
Communications (RC.CO): Restoration
activities are coordinated with internal and RC.CO-2: Reputation is repaired after an · COBIT 5 MEA03.02
external parties (e.g. coordinating centers, incident · ISO/IEC 27001:2013 Clause 7.4
Internet Service Providers, owners of attacking RC.CO-3: Recovery activities are · COBIT 5 APO12.06
systems, victims, other CSIRTs, and vendors). communicated to internal and external
· ISO/IEC 27001:2013 Clause 7.4
stakeholders as well as executive and
management teams · NIST SP 800-53 Rev. 4 CP-2, IR-4
You might also like
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeFrom EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life4/5 (6431)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreFrom EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are4/5 (1173)
- Never Split the Difference: Negotiating As If Your Life Depended On ItFrom EverandNever Split the Difference: Negotiating As If Your Life Depended On It4.5/5 (992)
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceFrom EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race4/5 (1016)
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersFrom EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy Answers4.5/5 (361)
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaFrom EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America4.5/5 (279)
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyFrom EverandThe World Is Flat 3.0: A Brief History of the Twenty-first Century3.5/5 (2289)
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryFrom EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story3.5/5 (233)
- USAID-BHA EAG Annex A-Technical Information and Sector Requirements February 2022No ratings yetUSAID-BHA EAG Annex A-Technical Information and Sector Requirements February 2022225 pages
- Athena Cyber Security Services Offering - Proposal-V1.0-110521No ratings yetAthena Cyber Security Services Offering - Proposal-V1.0-11052123 pages
- CISSP - Domain 1 - Security Risk Management0% (1)CISSP - Domain 1 - Security Risk Management118 pages
- 2 Clause-Wise Requirements of ISMS Management System100% (1)2 Clause-Wise Requirements of ISMS Management System25 pages
- CISA Tabletop Exercise Package Insider ThreatNo ratings yetCISA Tabletop Exercise Package Insider Threat28 pages
- Securing and Managing Storage InfrastructureNo ratings yetSecuring and Managing Storage Infrastructure51 pages
- Us 16 Malone Using An Expanded Cyber Kill Chain Model To Increase Attack ResiliencyNo ratings yetUs 16 Malone Using An Expanded Cyber Kill Chain Model To Increase Attack Resiliency27 pages
- Hack Like A Pro How To Hack Windows Vista 7 & 8 With The NewNo ratings yetHack Like A Pro How To Hack Windows Vista 7 & 8 With The New8 pages
- Retail Client - Risks and Risk Ratings TemplateNo ratings yetRetail Client - Risks and Risk Ratings Template31 pages
- CN17-PWC-Mayur Mehata-IsA 99 Cyber Security StandardNo ratings yetCN17-PWC-Mayur Mehata-IsA 99 Cyber Security Standard22 pages
