NIST Cyber Security Framework (CSF)

By : 6clicks
The NIST Cyber Security Framework was originally developed by NIST for voluntary use by critical infrastructure owners and operators. However, it is now in widespread adoption by government departments and agencies across the United States, and in the industry more generally. It is organised into functions and categories. Functions organise basic cybersecurity activities at their highest level. These Functions are Identify, Protect, Detect, Respond, and Recover. Categories are the subdivisions of a Function into groups of cybersecurity outcomes closely tied to programmatic needs and particular activities. This download includes the NIST Cyber Security Framework core controls only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.
In stock

Details

This download includes the NIST Cyber Security Framework core controls only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.

The NIST Cyber Security Framework was originally developed by NIST for voluntary use by critical infrastructure owners and operators. However, it is now in widespread adoption by government departments and agencies across the United States, and in the industry more generally.

It is organised into functions and categories. Functions organize basic cybersecurity activities at their highest level. These Functions are Identify, Protect, Detect, Respond, and Recover. Categories are the subdivisions of a Function into groups of cybersecurity outcomes closely tied to programmatic needs and particular activities.

The NIST Cyber Security Framework includes 108 controls across 22 high level functions and categories which are:

  • Identify (ID)- Asset Management (ID.AM)
  • Identify (ID) - Business Environment (ID.BE)
  • Identify (ID) - Governance (ID.GV)
  • Identify (ID) - Risk Assessment (ID.RA)
  • Identify (ID) - Risk Management Strategy (ID.RM)
  • Identify (ID) - Supply Chain Risk Management(ID.SC)
  • Protect (PR) - Identity Management, Authentication and Access Control (PR.AC)
  • Protect (PR) - Awareness and Training (PR.AT)
  • Protect (PR) - Data Security (PR.DS)
  • Protect (PR) - Information Protection Processes and Procedures (PR.IP)
  • Protect (PR) - Maintenance (PR.MA)
  • Protect (PR) - Protective Technology (PR.PT)
  • Detect (DE) - Anomalies and Events (DE.AE)
  • Detect (DE) - Security Continuous Monitoring (DE.CM)
  • Detect (DE) - Detection Processes (DE.DP)
  • Respond (RS) - Response Planning (RS.RP)
  • Respond (RS) - Communications (RS.CO)
  • Respond (RS) - Analysis (RS.AN)
  • Respond (RS) - Mitigation (RS.MI)
  • Respond (RS) - Improvements (RS.IM)
  • Recover (RC) - Recovery Planning (RC.RP)
  • Recover (RC) - Improvements (RC.IM)
  • Recover (RC) - Communications (RC.CO)

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.

More Information

More Information
Jurisdiction All
Type Laws or related obligations