Core Security Solutions and the NIST Cybersecurity Framework

CORE SECURITY AND THE NIST CYBERSECURITY FRAMEWORK


Organizations world-wide are using the NIST Cybersecurity Framework to help them develop a cybersecurity maturity model. Using this framework, organizations assess their current security posture, agree to organizational goals, understand their gaps and develop plans to optimize its security posture. 

Core Security, a HelpSystems Company, has solutions that can assist when implementing a robust cybersecurity model. The table below shows where our solutions may help you fill gaps in your cybersecurity implementation.  

HOW CAN CORE SECURITY HELP YOU BECOME NIST COMPLIANT

Category

Subcategories

Core Security Solution

Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.

ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value.

Event Manager (SIEM)

ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established

Security Consulting Services

Governance (ID.GV): The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

ID.GV-1: Organizational cybersecurity policy is established and communicated.

Security Consulting Services

ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners.

Security Consulting Services

ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed.

Security Consulting Services

ID.GV-4: Governance and risk management processes address cybersecurity risks.

Event Manager (SIEM)

Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

ID.RA-1: Asset vulnerabilities are identified and documented.

Core Impact

Event Manager (SIEM)

ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources.

Network Insight

ID.RA-3: Threats, both internal and external, are identified and documented

Core Impact

ID.RA-4: Potential business impacts and likelihoods are identified.

Security Consulting Services

ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk.

Security Consulting Services

ID.RA-6: Risk responses are identified and prioritized.

Security Consulting Services

Event Manager (SIEM)

Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders.

Security Consulting Services

ID.RM-2: Organizational risk tolerance is determined and clearly expressed.

Security Consulting Services

ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis.

Security Consulting Services

Supply Chain Risk Management (ID.SC): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.

ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.

Security Consulting Services

Core Impact

Identity Management, Authentication and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes.

Core Access

Core Compliance

Core Certify

PR.AC-2: Physical access to assets is managed and protected.

Core Access

PR.AC-3: Remote access is managed.

Core Access

PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.

Core Access

Core Role Designer

PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.

Core Access

PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks).

Secure Reset

Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition.

Core Access

Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

PR.IP-7: Protection processes are improved.

Security Consulting Services

PR.IP-12: A vulnerability management plan is developed and implemented.

Security Consulting Services

Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Event Manager (SIEM)

Core Access

Core Compliance

Core Certify

Anomalies and Events (DE.AE): Anomalous activity is detected and the potential impact of events is understood.

DE.AE-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Event Manager (SIEM)

Network Insight

DE.AE-2: Detected events are analyzed to understand attack targets and methods.

Event Manager (SIEM)

DE.AE-3: Event data are collected and correlated from multiple sources and sensors.

Event Manager (SIEM)

DE.AE-4: Impact of events is determined.

Event Manager (SIEM)

DE.AE-5: Incident alert thresholds are established.

Event Manager (SIEM)

Security Continuous Monitoring (DE.CM): The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

DE.CM-1: The network is monitored to detect potential cybersecurity events.

Event Manager (SIEM)

Network Insight

DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events.

Event Manager (SIEM)

DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events.

Event Manager (SIEM)

DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed.

Event Manager (SIEM)

DE.CM-8: Vulnerability scans are performed.

Security Consulting Services

Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to ensure awareness of anomalous events.

DE.DP-2: Detection activities comply with all applicable requirements.

Security Consulting Services

DE.DP-3: Detection processes are tested.

Security Consulting Services

Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.

RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks.

Security Consulting Services

Improvements (RS.IM): Organizational response activities are improved by incorporating lessons leent and previous detection/response activities.

RS.IM-1: Response plans incorporate lessons learned.

Security Consulting Services

RS.IM-2: Response strategies are updated.

Security Consulting Services

Achieve NIST Compliance with Core Security 

Our innovative security solutions have helped serve customers across the sector comply with federal regulations. Learn how we can help your organization.
LEARN MORE