Core Security and The NIST Cybersecurity Framework

Text

Organizations worldwide are using the NIST Cybersecurity Framework to help them develop a cybersecurity maturity model. Using this framework, organizations assess their current security posture, agree to organizational goals, understand their gaps and develop plans to optimize its security posture.

Core Security, a HelpSystems Company, has solutions that can assist when implementing a robust cybersecurity model. The table below shows where our solutions may help you fill gaps in your cybersecurity implementation.  

How Can Core Security Help You Become NIST Compliant?

Text

Category

Subcategories

Core Security Solution

Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy. ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value. Event Manager (SIEM)
ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established Security Consulting Services
Governance (ID.GV): The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk. ID.GV-1: Organizational cybersecurity policy is established and communicated. Security Consulting Services
ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners. Security Consulting Services
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed. Security Consulting Services
ID.GV-4: Governance and risk management processes address cybersecurity risks. Event Manager (SIEM)
Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals. ID.RA-1: Asset vulnerabilities are identified and documented.

Core Impact

Event Manager (SIEM)

ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources. Network Insight
ID.RA-3: Threats, both internal and external, are identified and documented Core Impact
ID.RA-4: Potential business impacts and likelihoods are identified. Security Consulting Services
ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk. Security Consulting Services
ID.RA-6: Risk responses are identified and prioritized.

Security Consulting Services

Event Manager (SIEM)

Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions. ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders. Security Consulting Services
ID.RM-2: Organizational risk tolerance is determined and clearly expressed. Security Consulting Services
ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis. Security Consulting Services
Supply Chain Risk Management (ID.SC): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks. ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.

Security Consulting Services

Core Impact

Identity Management, Authentication and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions. PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes.

Core Access

Core Compliance

Core Certify

PR.AC-2: Physical access to assets is managed and protected. Core Access
PR.AC-3: Remote access is managed. Core Access
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.

Core Access

Core Role Designer

PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions. Core Access
PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks). Secure Reset
Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information. R.DS-3: Assets are formally managed throughout removal, transfers, and disposition. Core Access
Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets. PR.IP-7: Protection processes are improved. Security Consulting Services
PR.IP-12: A vulnerability management plan is developed and implemented. Security Consulting Services
Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements. PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Event Manager (SIEM)

Core Access

Core Compliance

Core Certify

Anomalies and Events (DE.AE): Anomalous activity is detected and the potential impact of events is understood. DE.AE-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Event Manager (SIEM)

Network Insight

DE.AE-2: Detected events are analyzed to understand attack targets and methods. Event Manager (SIEM)
DE.AE-3: Event data are collected and correlated from multiple sources and sensors. Event Manager (SIEM)
DE.AE-4: Impact of events is determined. Event Manager (SIEM)
DE.AE-5: Incident alert thresholds are established. Event Manager (SIEM)
Security Continuous Monitoring (DE.CM): The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. DE.DP-2: Detection activities comply with all applicable requirements.

Event Manager (SIEM)

Network Insight

DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events. Event Manager (SIEM)
DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events. Event Manager (SIEM)
DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed. Event Manager (SIEM)
DE.CM-8: Vulnerability scans are performed. Security Consulting Services
Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to ensure awareness of anomalous events. DE.DP-2: Detection activities comply with all applicable requirements. Security Consulting Services
DE.DP-3: Detection processes are tested. Security Consulting Services
Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident. RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks. Security Consulting Services
Improvements (RS.IM): Organizational response activities are improved by incorporating lessons learnt and previous detection/response activities. RS.IM-1: Response plans incorporate lessons learned. Security Consulting Services
RS.IM-2: Response strategies are updated. Security Consulting Services