Sisältökirjasto

NIST

NIST Cybersecurity Framework

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

Vaatimuskehikon kuvaus

NIST Cybersecurity Framework is a collaborative effort coordinated by The National Institute of Standards and Technology (NIST, part of the U.S. Department of Commerce) and involving industry, academia, and government.

Framework is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

Advanced tasks e.g. about risk management and incident detection, response and recovery
Advanced documentation e.g. on information security risks
Generic cyber security guidelines for empoyees, priviliged users, senior management and other stakeholders

‍

Liittyvät digiturvateemat

Tietosuoja

Tietoturva

Julkinen sektori

Sisältyvät vaatimukset:

108

Vaatimuskehikkoon sisältyvät vaatimukset

DE

NIST

DETECT

DE.AE

NIST

Anomalies and Events

DE.AE-1

NIST

Baseline of network operations

DE.AE-2

NIST

Analyze detected events

DE.AE-3

NIST

Event data

DE.AE-4

NIST

Impact of events

DE.AE-5

NIST

Incident alert thresholds

DE.CM

NIST

Security Continuous Monitoring

DE.CM-1

NIST

The network monitoring

DE.CM-2

NIST

The physical environment monitoring

DE.CM-3

NIST

Personnel activity

DE.CM-4

NIST

Malicious code detection

DE.CM-5

NIST

Unauthorized mobile code detection

DE.CM-6

NIST

External service provider activity monitoring

DE.CM-7

NIST

Monitoring for unauthorized activity

DE.CM-8

NIST

Vulnerability scans

DE.DP

NIST

Detection Processes

DE.DP-1

NIST

Roles and responsibilities

DE.DP-2

NIST

Detection activities

DE.DP-3

NIST

Detection processes testing

DE.DP-4

NIST

Event detection

DE.DP-5

NIST

Detection processes improvment

ID

NIST

Identify

ID.AM

NIST

Vaatimuskehikkoon sisältyvät vaatimukset

DETECT

Anomalies and Events

Baseline of network operations

Analyze detected events

Event data

Impact of events

Incident alert thresholds

Security Continuous Monitoring

The network monitoring

The physical environment monitoring

Personnel activity

Malicious code detection

Unauthorized mobile code detection

External service provider activity monitoring

Monitoring for unauthorized activity

Vulnerability scans

Detection Processes

Roles and responsibilities

Detection activities

Detection processes testing

Event detection

Detection processes improvment

Identify

Asset Management