Core Security and The NIST Cybersecurity Framework
Text
Organizations worldwide are using the NIST Cybersecurity Framework to help them develop a cybersecurity maturity model. Using this framework, organizations assess their current security posture, agree to organizational goals, understand their gaps and develop plans to optimize its security posture.
Core Security, a Fortra Company, has solutions that can assist when implementing a robust cybersecurity model. The table below shows where our solutions may help you fill gaps in your cybersecurity implementation.
How Can Core Security Help You Become NIST Compliant?
Text
Category |
Subcategories |
Core Security Solution |
| Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy. | ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value. | Event Manager (SIEM) |
| ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established | Security Consulting Services | |
| Governance (ID.GV): The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk. | ID.GV-1: Organizational cybersecurity policy is established and communicated. | Security Consulting Services |
| ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners. | Security Consulting Services | |
| ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed. | Security Consulting Services | |
| ID.GV-4: Governance and risk management processes address cybersecurity risks. | Event Manager (SIEM) | |
| Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals. | ID.RA-1: Asset vulnerabilities are identified and documented. | |
| ID.RA-3: Threats, both internal and external, are identified and documented | Core Impact | |
| ID.RA-4: Potential business impacts and likelihoods are identified. | Security Consulting Services | |
| ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk. | Security Consulting Services | |
| ID.RA-6: Risk responses are identified and prioritized. | ||
| Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions. | ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders. | Security Consulting Services |
| ID.RM-2: Organizational risk tolerance is determined and clearly expressed. | Security Consulting Services | |
| ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis. | Security Consulting Services | |
| Supply Chain Risk Management (ID.SC): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks. | ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations. | |
| Identity Management, Authentication and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions. | PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes. | |
| PR.AC-2: Physical access to assets is managed and protected. | Core Access | |
| PR.AC-3: Remote access is managed. | Core Access | |
| PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties. | ||
| PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions. | Core Access | |
| PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks). | Secure Reset | |
| Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information. | R.DS-3: Assets are formally managed throughout removal, transfers, and disposition. | Core Access |
| Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets. | PR.IP-7: Protection processes are improved. | Security Consulting Services |
| PR.IP-12: A vulnerability management plan is developed and implemented. | Security Consulting Services | |
| Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements. | PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy. | |
| Anomalies and Events (DE.AE): Anomalous activity is detected and the potential impact of events is understood. | DE.AE-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy. | |
| DE.AE-2: Detected events are analyzed to understand attack targets and methods. | Event Manager (SIEM) | |
| DE.AE-3: Event data are collected and correlated from multiple sources and sensors. | Event Manager (SIEM) | |
| DE.AE-4: Impact of events is determined. | Event Manager (SIEM) | |
| DE.AE-5: Incident alert thresholds are established. | Event Manager (SIEM) | |
| Security Continuous Monitoring (DE.CM): The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. | DE.DP-2: Detection activities comply with all applicable requirements. | |
| DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events. | Event Manager (SIEM) | |
| DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events. | Event Manager (SIEM) | |
| DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed. | Event Manager (SIEM) | |
| DE.CM-8: Vulnerability scans are performed. | Security Consulting Services | |
| Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to ensure awareness of anomalous events. | DE.DP-2: Detection activities comply with all applicable requirements. | Security Consulting Services |
| DE.DP-3: Detection processes are tested. | Security Consulting Services | |
| Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident. | RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks. | Security Consulting Services |
| Improvements (RS.IM): Organizational response activities are improved by incorporating lessons learnt and previous detection/response activities. | RS.IM-1: Response plans incorporate lessons learned. | Security Consulting Services |
| RS.IM-2: Response strategies are updated. | Security Consulting Services |