Sisältökirjasto

NIST

NIST Cybersecurity Framework

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

Vaatimuskehikon kuvaus

NIST Cybersecurity Framework is a collaborative effort coordinated by The National Institute of Standards and Technology (NIST, part of the U.S. Department of Commerce) and involving industry, academia, and government.

Framework is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

Advanced tasks e.g. about risk management and incident detection, response and recovery
Advanced documentation e.g. on information security risks
Generic cyber security guidelines for empoyees, priviliged users, senior management and other stakeholders

‍

Liittyvät digiturvateemat

Tietosuoja

Tietoturva

Julkinen sektori

Sisältyvät vaatimukset:

108

Vaatimuskehikkoon sisältyvät vaatimukset

ID.AM-1

NIST

Physical device inventory

ID.AM-2

NIST

Software and app inventory

ID.AM-3

NIST

Communication and data flows

ID.AM-4

NIST

External information systems

ID.AM-5

NIST

Resource prioritization

ID.AM-6

NIST

Cybersecurity roles and responsibilities

ID.BE

NIST

Business Environment

ID.BE-1

NIST

Role in supply chain

ID.BE-2

NIST

Place in critical infrastructure

ID.BE-3

NIST

Organizational mission

ID.BE-4

NIST

Dependencies and critical functions

ID.BE-5

NIST

Resilience requirements

ID.GV

NIST

Governance

ID.GV-1

NIST

Cybersecurity policy

ID.GV-2

NIST

Cybersecurity role coordination

ID.GV-3

NIST

Legal and regulatory requirements

ID.GV-4

NIST

Processes

ID.RA

NIST

Risk Assessment

ID.RA-1

NIST

Asset vulnerabilities

ID.RA-2

NIST

Cyber threat intelligence

ID.RA-3

NIST

Threat identification

ID.RA-4

NIST

Impacts on business

ID.RA-5

NIST

Risk evaluation

ID.RA-6

NIST

Vaatimuskehikkoon sisältyvät vaatimukset

Physical device inventory

Software and app inventory

Communication and data flows

External information systems

Resource prioritization

Cybersecurity roles and responsibilities

Business Environment

Role in supply chain

Place in critical infrastructure

Organizational mission

Dependencies and critical functions

Resilience requirements

Governance

Cybersecurity policy

Cybersecurity role coordination

Legal and regulatory requirements

Processes

Risk Assessment

Asset vulnerabilities

Cyber threat intelligence

Threat identification

Impacts on business

Risk evaluation

Risk responses