Mapping of ISO/IEC 2700 Provided by David Ochel / Cross-Reference Sources: Column Legend for the "Map 27001: 27001 Requirement/Objective: CSF: CSF Subcategory: Source: Notes: References: [27001] [CSF] License: Version History: Version Date 1 2014-02-14
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mapping of ISO/IEC 27001:2013 Requirements and Control Objectives to the Cybersecurity Framework v 1.0 Subcategories
Provided by David Ochel / Secuilibrium, LLC.
Cross-Reference Sources:
Column Legend for the "Mapping" sheet:27001:
27001 Requirement/Objective:CSF:
CSF Subcategory:Source:
Notes:
References:[27001]
[CSF]
License:
Version History:Version Date
1 2014-02-14
Mapping of ISO/IEC 27001:2013 Requirements and Control Objectives to the Cybersecurity Framework v 1.0 Subcategories
Provided by David Ochel / Secuilibrium, LLC.
Column Legend for the "Mapping" sheet:Identifies clause number or control objective in Annex A of 27001.Heading of the clause or statement of the control objective from 27001. (Controls are not reproduced!)Identifies Subcategory from Table 2: Framework Core in Appendix A of CSF.Subcategory statement from CSF.Source of the provided cross-reference.
NotesInitial Version
The mapping is mainly derived from the CSF's Table 2 without (intentional) modification, indicated by "CSF" in the source column. A mapping of CSF Subcategories to non-Annex A requirements from 27001 (and in one case to an omitted (?) control objective from Annex A) has been added, identified by the "DO" in the source column.
The Cybersecurity Framework maps its Subcategory ID.GV-3 to ISO/IEC 27001 A.18.1. This has been interpreted as mapping it to all of the five control objectives A.18.1.1 through A.18.1.5.
Relevant numbers in control objective and subcategory identifiers were changed to a two-digit formatting in order to allow for easier sorting using Excel's mechanisms. (E.g., A.6.1.1 was reformatted to A06.1.1.)
ISO/IEC 27001:2013(E): International Standard ISO/IEC 27001, Information technology - Security techniques - Information security management systems - Requirements, Second edition 2013-10-01
Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, February 12, 2014
This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/deed.en_US.
27001 27001 Requirement/Objective04.1 Understanding the organization and its context04.2 Understanding the needs and expectations of interested parties04.3 Determining the scope of the information security management system04.4 Information security management system05.1 Leadership and commitment05.2 Policy05.3 Organizational roles, responsibilities, and authorities06.1 Actions to address risks and opportunities06.1.1 General06.1.1 General06.1.2 Information security risk assessment06.1.2 Information security risk assessment06.1.2 Information security risk assessment06.1.3 Information security risk treatment06.1.3 Information security risk treatment06.2 Information security objectives and planning to achieve them07.1 Resources07.2 Competence07.3 Awareness07.4 Communication07.5.1 General07.5.2 Creating and updating07.5.3 Control of documented information07.5.3 Control of documented information07.5.3 Control of documented information07.5.3 Control of documented information08.1 Operational planning and control08.2 Information security risk assessment08.3 Information security risk treatment09.1 Monitoring, measurement, analysis and evaluation09.1 Monitoring, measurement, analysis and evaluation09.2 Internal audit09.3 Management review10.1 Nonconformity and corrective action10.1 Nonconformity and corrective action10.1 Nonconformity and corrective action10.2 Continual improvementA.05.1.1A.05.1.2A.06.1.1A.06.1.1A.06.1.1
Policies for information securityReview of the policies for information securityInformation security roles and responsibilitiesInformation security roles and responsibilitiesInformation security roles and responsibilities
A.06.1.1A.06.1.1A.06.1.1A.06.1.1A.06.1.1A.06.1.2A.06.1.2A.06.1.3A.06.1.4A.06.1.5A.06.2.1A.06.2.2A.07.1.1A.07.1.1A.07.1.2A.07.2.1A.07.2.2A.07.2.2A.07.2.2A.07.2.2A.07.2.2A.07.2.3A.07.3.1A.07.3.1A.08.1.1A.08.1.1A.08.1.2A.08.1.2A.08.1.3A.08.1.4A.08.2.1A.08.2.2A.08.2.2A.08.2.3A.08.2.3A.08.2.3A.08.2.3A.08.2.3A.08.2.3A.08.3.1A.08.3.1A.08.3.1A.08.3.2
Information security roles and responsibilitiesInformation security roles and responsibilitiesInformation security roles and responsibilitiesInformation security roles and responsibilitiesInformation security roles and responsibilitiesSegregation of dutiesSegregation of dutiesContact with authoritiesContact with special interest groupsInformation security in project managementMobile device policyTeleworkingScreeningScreeningTerms and conditions of employmentManagement responsibilitiesInformation security awareness, education and trainingInformation security awareness, education and trainingInformation security awareness, education and trainingInformation security awareness, education and trainingInformation security awareness, education and trainingDisciplinary processTermination or change of employment responsibilitiesTermination or change of employment responsibilitiesInventory of assetsInventory of assetsOwnership of assetsOwnership of assetsAcceptable use of assetsReturn of assetsClassification of informationLabelling of informationLabelling of informationHandling of assetsHandling of assetsHandling of assetsHandling of assetsHandling of assetsHandling of assetsManagement of removable mediaManagement of removable mediaManagement of removable mediaDisposal of media
A.08.3.2A.08.3.3A.08.3.3A.09.1.1A.09.1.2A.09.1.2A.09.1.2A.09.2.1A.09.2.2A.09.2.3A.09.2.3A.09.2.4A.09.2.5A.09.2.6A.09.3.1A.09.4.1A.09.4.1A.09.4.2A.09.4.3A.09.4.4A.09.4.4A.09.4.5
Disposal of mediaPhysical media transferPhysical media transferAccess control policyAccess to networks and network servicesAccess to networks and network servicesAccess to networks and network servicesUser registration and de-registrationUser access provisioningManagement of privileged access rightsManagement of privileged access rightsManagement of secret authentication information of usersReview of user access rightsRemoval or adjustment of access rightsUse of secret authentication informationInformation access restrictionInformation access restrictionSecure log-on proceduresPassword management systemUse of privileged utility programsUse of privileged utility programsAccess control to program source code
A.10.1.1 Policy on the use of cryptographic controlsA.10.1.2 Key managementA.11.1.1 Physical security perimeterA.11.1.2 Physical entry controlsA.11.1.2 Physical entry controlsA.11.1.3 Securing offices, rooms and facilitiesA.11.1.4 Protecting against external and environmental threatsA.11.1.4 Protecting against external and environmental threatsA.11.1.4 Protecting against external and environmental threatsA.11.1.5 Working in secure areasA.11.1.6 Delivery and loading areasA.11.2.1 Equipment siting and protectionA.11.2.2 Supporting utilitiesA.11.2.2 Supporting utilitiesA.11.2.3 Cabling securityA.11.2.3 Cabling securityA.11.2.3 Cabling securityA.11.2.4 Equipment maintenanceA.11.2.4 Equipment maintenanceA.11.2.5 Removal of assetsA.11.2.6 Security of equipment and assets off-premises
A.11.2.7 Secure disposal or re-use of equipmentA.11.2.7 Secure disposal or re-use of equipmentA.11.2.8 Unattended user equipmentA.11.2.9 Clear desk and clear screen policyA.12.1.1 Documented operating proceduresA.12.1.2 Change managementA.12.1.2 Change managementA.12.1.3 Capacity managementA.12.1.4 Separation of development, testing and operational environmentsA.12.2.1 Controls against malwareA.12.2.1 Controls against malwareA.12.2.1 Controls against malwareA.12.3.1 Information backupA.12.3.1 Information backupA.12.4.1 Event loggingA.12.4.1 Event loggingA.12.4.1 Event loggingA.12.4.2 Protection of log informationA.12.4.3 Administrator and operator logsA.12.4.3 Administrator and operator logsA.12.4.4 Clock synchronisationA.12.5.1 Installation of software on operational systemsA.12.5.1 Installation of software on operational systemsA.12.5.1 Installation of software on operational systemsA.12.5.1 Installation of software on operational systemsA.12.6.1 Management of technical vulnerabilitiesA.12.6.1 Management of technical vulnerabilitiesA.12.6.1 Management of technical vulnerabilitiesA.12.6.1 Management of technical vulnerabilitiesA.12.6.1 Management of technical vulnerabilitiesA.12.6.2 Restrictions on software installationA.12.6.2 Restrictions on software installationA.12.7.1 Information systems audit controlsA.13.1.1 Network controlsA.13.1.1 Network controlsA.13.1.1 Network controlsA.13.1.1 Network controlsA.13.1.2 Security of network servicesA.13.1.3 Segregation in networksA.13.1.3 Segregation in networksA.13.2.1 Information transfer policies and proceduresA.13.2.1 Information transfer policies and proceduresA.13.2.1 Information transfer policies and procedures
A.14.2.4 Restrictions on changes to software packages
A.16.1.4 Assessment of and decision on information security events
A.13.2.1 Information transfer policies and proceduresA.13.2.1 Information transfer policies and proceduresA.13.2.1 Information transfer policies and proceduresA.13.2.2 Agreements on information transferA.13.2.3 Electronic messagingA.13.2.3 Electronic messagingA.13.2.4 Confidentiality or non-disclosure agreementsA.14.1.1 Information security requirements analysis and specificationA.14.1.2 Securing application services on public networksA.14.1.2 Securing application services on public networksA.14.1.2 Securing application services on public networksA.14.1.3 Protecting application services transactionsA.14.1.3 Protecting application services transactionsA.14.1.3 Protecting application services transactionsA.14.2.1 Secure development policyA.14.2.2 System change control proceduresA.14.2.2 System change control proceduresA.14.2.3 Technical review of applications after operating platform changesA.14.2.3 Technical review of applications after operating platform changesA.14.2.4 Restrictions on changes to software packages
A.14.2.5 Secure system engineering principlesA.14.2.6 Secure development environmentA.14.2.7 Outsourced developmentA.14.2.8 System security testingA.14.2.9 System acceptance testingA.14.3.1 Protection of test dataA.15.1.1 Information security policy for supplier relationshipsA.15.1.2 Addressing security within supplier agreementsA.15.1.3 Information and communication technology supply chainA.15.2.1 Monitoring and review of supplier servicesA.15.2.1 Monitoring and review of supplier servicesA.15.2.1 Monitoring and review of supplier servicesA.15.2.2 Managing changes to supplier servicesA.16.1.1 Responsibilities and proceduresA.16.1.1 Responsibilities and proceduresA.16.1.1 Responsibilities and proceduresA.16.1.2 Reporting information security eventsA.16.1.2 Reporting information security eventsA.16.1.2 Reporting information security eventsA.16.1.3 Reporting information security weaknessesA.16.1.4 Assessment of and decision on information security events
A.16.1.4 Assessment of and decision on information security eventsA.16.1.5 Response to information security incidentsA.16.1.5 Response to information security incidentsA.16.1.5 Response to information security incidentsA.16.1.5 Response to information security incidentsA.16.1.5 Response to information security incidentsA.16.1.6 Learning from information security incidentsA.16.1.6 Learning from information security incidentsA.16.1.6 Learning from information security incidentsA.16.1.6 Learning from information security incidentsA.16.1.7 Collection of evidenceA.17.1.1 Planning information security continuityA.17.1.1 Planning information security continuityA.17.1.2 Implementing information security continuityA.17.1.2 Implementing information security continuityA.17.1.2 Implementing information security continuityA.17.1.3 Verify, review and evaluate information security continuityA.17.1.3 Verify, review and evaluate information security continuityA.17.2.1 Availability of information processing facilitiesA.18.1.1 Identification of applicable legislation and contractual requirementsA.18.1.2 Intellectual property rightsA.18.1.3 Protection of recordsA.18.1.4 Privacy and protection of personally identifiable informationA.18.1.5 Regulation of cryptographic controlsA.18.2.1 Independent review of information securityA.18.2.2 Compliance with security policies and standardsA.18.2.3 Technical compliance review
CSFID.BE-2ID.BE-2ID.BE-2ID.GV-1ID.GV-4ID.GV-1ID.GV-2ID.RM-1ID.RM-3PR.IP-07ID.RA-3ID.RA-4ID.RM-2ID.RA-6ID.RM-2
PR.AT-1RS.CO-4
PR.DS-1PR.DS-2PR.DS-3PR.DS-4
ID.RA-5ID.RA-6DE.DP-1PR.PT-1
RC.IM-1RC.IM-2RS.IM-2
ID.GV-1
DE.DP-1ID.AM-6ID.GV-2
PR.AT-2PR.AT-3PR.AT-4PR.AT-5RS.CO-1PR.AC-4PR.DS-5RS.CO-2ID.RA-2PR.IP-02
PR.AC-3PR.DS-5PR.IP-11PR.DS-5ID.GV-2PR.AT-1PR.AT-2PR.AT-3PR.AT-4PR.AT-5
PR.DS-5PR.IP-11ID.AM-1ID.AM-2ID.AM-1ID.AM-2
PR.IP-11ID.AM-5PR.DS-5PR.PT-2PR.DS-1PR.DS-2PR.DS-3PR.DS-5PR.IP-06PR.PT-2PR.DS-3PR.IP-06PR.PT-2PR.DS-3
PR.IP-06PR.DS-3PR.PT-2PR.DS-5PR.AC-4PR.DS-5PR.PT-3PR.AC-1PR.AC-1PR.AC-4PR.DS-5PR.AC-1
PR.AC-1PR.AC-4PR.DS-5PR.AC-1PR.AC-1PR.AC-4PR.DS-5PR.DS-5
PR.AC-2PR.AC-2PR.MA-1
ID.BE-5PR.AC-2PR.IP-05
PR.AC-2PR.IP-05ID.BE-4PR.IP-05ID.BE-4PR.AC-2PR.IP-05PR.MA-1PR.MA-2PR.MA-1ID.AM-4
PR.DS-3PR.IP-06
PR.PT-2
PR.IP-01PR.IP-03ID.BE-4PR.DS-7DE.CM-4PR.DS-6RS.MI-2PR.DS-4PR.IP-04DE.CM-3PR.PT-1RS.AN-1PR.PT-1PR.PT-1RS.AN-1PR.PT-1DE.CM-5PR.DS-6PR.IP-01PR.IP-03DE.CM-8ID.RA-1ID.RA-5PR.IP-12RS.MI-3PR.IP-01PR.IP-03PR.PT-1PR.AC-3PR.AC-5PR.DS-2PR.PT-4
PR.AC-5PR.DS-5ID.AM-3PR.AC-3PR.AC-5
PR.DS-2PR.DS-5PR.PT-4
PR.DS-2PR.DS-5PR.DS-5PR.IP-02PR.DS-2PR.DS-5PR.DS-6PR.DS-2PR.DS-5PR.DS-6PR.IP-02PR.IP-01PR.IP-03PR.IP-01PR.IP-03PR.IP-01PR.IP-03PR.IP-02
DE.CM-6DE.DP-3
PR.MA-2
ID.BE-1DE.CM-6ID.BE-1PR.MA-2ID.BE-1DE.AE-2PR.IP-09RS.CO-1DE.DP-4RS.CO-2RS.CO-3
DE.AE-2DE.AE-4
RS.AN-4RC.RP-1RS.AN-1RS.MI-1RS.MI-2RS.RP-1DE.DP-5PR.IP-08RS.AN-2RS.IM-1RS.AN-3ID.BE-5PR.IP-09ID.BE-5PR.IP-04PR.IP-09PR.IP-04PR.IP-10ID.BE-5ID.GV-3ID.GV-3ID.GV-3ID.GV-3ID.GV-3
PR.IP-12ID.RA-1DE.AE-1DE.AE-3DE.AE-5DE.CM-1DE.CM-2DE.CM-7DE.DP-2ID.BE-3PR.IP-04RC.CO-1RC.CO-2RC.CO-3RS.CO-5
CSF SubcategoryThe organization’s place in critical infrastructure and its industry sector is identified and communicatedThe organization’s place in critical infrastructure and its industry sector is identified and communicatedThe organization’s place in critical infrastructure and its industry sector is identified and communicated
Governance and risk management processes address cybersecurity risks
Risk management processes are established, managed, and agreed to by organizational stakeholdersThe organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysisProtection processes are continuously improvedThreats, both internal and external, are identified and documentedPotential business impacts and likelihoods are identifiedOrganizational risk tolerance is determined and clearly expressedRisk responses are identified and prioritizedOrganizational risk tolerance is determined and clearly expressed
Coordination with stakeholders occurs consistent with response plans
Recovery plans incorporate lessons learnedRecovery strategies are updatedResponse strategies are updated
Organizational information security policy is established
Roles and responsibilities for detection are well defined to ensure accountabilityCybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are establishedInformation security roles & responsibilities are coordinated and aligned with internal roles and external partners
Privileged users understand roles & responsibilitiesThird-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilitiesSenior executives understand roles & responsibilitiesPhysical and information security personnel understand roles & responsibilitiesPersonnel know their roles and order of operations when a response is neededAccess permissions are managed, incorporating the principles of least privilege and separation of dutiesProtections against data leaks are implementedEvents are reported consistent with established criteriaThreat and vulnerability information is received from information sharing forums and sourcesA System Development Life Cycle to manage systems is implemented
Remote access is managedProtections against data leaks are implementedCybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)Protections against data leaks are implementedInformation security roles & responsibilities are coordinated and aligned with internal roles and external partnersAll users are informed and trainedPrivileged users understand roles & responsibilitiesThird-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilitiesSenior executives understand roles & responsibilitiesPhysical and information security personnel understand roles & responsibilities
Protections against data leaks are implementedCybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)Physical devices and systems within the organization are inventoriedSoftware platforms and applications within the organization are inventoriedPhysical devices and systems within the organization are inventoriedSoftware platforms and applications within the organization are inventoried
Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business valueProtections against data leaks are implementedRemovable media is protected and its use restricted according to policyData-at-rest is protectedData-in-transit is protectedAssets are formally managed throughout removal, transfers, and dispositionProtections against data leaks are implementedData is destroyed according to policyRemovable media is protected and its use restricted according to policyAssets are formally managed throughout removal, transfers, and dispositionData is destroyed according to policyRemovable media is protected and its use restricted according to policyAssets are formally managed throughout removal, transfers, and disposition
Data is destroyed according to policyAssets are formally managed throughout removal, transfers, and dispositionRemovable media is protected and its use restricted according to policyProtections against data leaks are implementedAccess permissions are managed, incorporating the principles of least privilege and separation of dutiesProtections against data leaks are implementedAccess to systems and assets is controlled, incorporating the principle of least functionalityIdentities and credentials are managed for authorized devices and usersIdentities and credentials are managed for authorized devices and usersAccess permissions are managed, incorporating the principles of least privilege and separation of dutiesProtections against data leaks are implementedIdentities and credentials are managed for authorized devices and users
Identities and credentials are managed for authorized devices and usersAccess permissions are managed, incorporating the principles of least privilege and separation of dutiesProtections against data leaks are implementedIdentities and credentials are managed for authorized devices and usersIdentities and credentials are managed for authorized devices and usersAccess permissions are managed, incorporating the principles of least privilege and separation of dutiesProtections against data leaks are implementedProtections against data leaks are implemented
Physical access to assets is managed and protectedPhysical access to assets is managed and protectedMaintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools
Resilience requirements to support delivery of critical services are establishedPhysical access to assets is managed and protectedPolicy and regulations regarding the physical operating environment for organizational assets are met
Physical access to assets is managed and protectedPolicy and regulations regarding the physical operating environment for organizational assets are metDependencies and critical functions for delivery of critical services are establishedPolicy and regulations regarding the physical operating environment for organizational assets are metDependencies and critical functions for delivery of critical services are establishedPhysical access to assets is managed and protectedPolicy and regulations regarding the physical operating environment for organizational assets are metMaintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled toolsRemote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized accessMaintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled toolsExternal information systems are catalogued
Assets are formally managed throughout removal, transfers, and dispositionData is destroyed according to policy
Removable media is protected and its use restricted according to policy
A baseline configuration of information technology/industrial control systems is created and maintainedConfiguration change control processes are in placeDependencies and critical functions for delivery of critical services are establishedThe development and testing environment(s) are separate from the production environmentMalicious code is detectedIntegrity checking mechanisms are used to verify software, firmware, and information integrityIncidents are mitigatedAdequate capacity to ensure availability is maintainedBackups of information are conducted, maintained, and tested periodicallyPersonnel activity is monitored to detect potential cybersecurity eventsAudit/log records are determined, documented, implemented, and reviewed in accordance with policyNotifications from detection systems are investigatedAudit/log records are determined, documented, implemented, and reviewed in accordance with policyAudit/log records are determined, documented, implemented, and reviewed in accordance with policyNotifications from detection systems are investigatedAudit/log records are determined, documented, implemented, and reviewed in accordance with policyUnauthorized mobile code is detectedIntegrity checking mechanisms are used to verify software, firmware, and information integrityA baseline configuration of information technology/industrial control systems is created and maintainedConfiguration change control processes are in placeVulnerability scans are performedAsset vulnerabilities are identified and documentedThreats, vulnerabilities, likelihoods, and impacts are used to determine riskA vulnerability management plan is developed and implementedNewly identified vulnerabilities are mitigated or documented as accepted risksA baseline configuration of information technology/industrial control systems is created and maintainedConfiguration change control processes are in placeAudit/log records are determined, documented, implemented, and reviewed in accordance with policyRemote access is managedPR.AC-5Network integrity is protected, incorporating network segregation where appropriateData-in-transit is protectedCommunications and control networks are protected
PR.AC-5Network integrity is protected, incorporating network segregation where appropriateProtections against data leaks are implementedOrganizational communication and data flows are mappedRemote access is managedPR.AC-5Network integrity is protected, incorporating network segregation where appropriate
Data-in-transit is protectedProtections against data leaks are implementedCommunications and control networks are protected
Data-in-transit is protectedProtections against data leaks are implementedProtections against data leaks are implementedA System Development Life Cycle to manage systems is implementedData-in-transit is protectedProtections against data leaks are implementedIntegrity checking mechanisms are used to verify software, firmware, and information integrityData-in-transit is protectedProtections against data leaks are implementedIntegrity checking mechanisms are used to verify software, firmware, and information integrityA System Development Life Cycle to manage systems is implementedA baseline configuration of information technology/industrial control systems is created and maintainedConfiguration change control processes are in placeA baseline configuration of information technology/industrial control systems is created and maintainedConfiguration change control processes are in placeA baseline configuration of information technology/industrial control systems is created and maintainedConfiguration change control processes are in placeA System Development Life Cycle to manage systems is implemented
External service provider activity is monitored to detect potential cybersecurity eventsDetection processes are tested
Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access
The organization’s role in the supply chain is identified and communicatedExternal service provider activity is monitored to detect potential cybersecurity eventsThe organization’s role in the supply chain is identified and communicatedRemote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized accessThe organization’s role in the supply chain is identified and communicatedDetected events are analyzed to understand attack targets and methodsResponse plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managedPersonnel know their roles and order of operations when a response is neededEvent detection information is communicated to appropriate partiesEvents are reported consistent with established criteriaInformation is shared consistent with response plans
Detected events are analyzed to understand attack targets and methodsImpact of events is determined
Incidents are categorized consistent with response plansRecovery plan is executed during or after an eventNotifications from detection systems are investigatedIncidents are containedIncidents are mitigatedResponse plan is executed during or after an eventDetection processes are continuously improvedEffectiveness of protection technologies is shared with appropriate partiesThe impact of the incident is understoodResponse plans incorporate lessons learnedForensics are performedResilience requirements to support delivery of critical services are establishedResponse plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managedResilience requirements to support delivery of critical services are establishedBackups of information are conducted, maintained, and tested periodicallyResponse plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managedBackups of information are conducted, maintained, and tested periodicallyResponse and recovery plans are testedResilience requirements to support delivery of critical services are establishedLegal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managedLegal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managedLegal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managedLegal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managedLegal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
A vulnerability management plan is developed and implementedAsset vulnerabilities are identified and documentedA baseline of network operations and expected data flows for users and systems is established and managedEvent data are aggregated and correlated from multiple sources and sensorsIncident alert thresholds are establishedThe network is monitored to detect potential cybersecurity eventsThe physical environment is monitored to detect potential cybersecurity eventsMonitoring for unauthorized personnel, connections, devices, and software is performedDetection activities comply with all applicable requirementsPriorities for organizational mission, objectives, and activities are established and communicatedBackups of information are conducted, maintained, and tested periodicallyPublic relations are managedReputation after an event is repairedRecovery activities are communicated to internal stakeholders and executive and management teamsVoluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness
SourceDODODODODODODODODODODODODODODODODODODODODODODODODODODODODODODODODODODODODOCSFCSFCSFCSFCSF
CSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSF
CSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSF
CSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSF
CSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFDO
CSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSFCSF
Related Documents
