Date: May 5, 2024, 5:21:58 PM
Date: Mar 7, 2021, 12:28:30 AM
Editor: Juan
Name:
Name: NIST Core
Description:
Description: The NIST Cybersecurity Framework is US Government guidance for private sector organizations that own, operate, or supply critical infrastructure. It provides a reasonable base level of cyber security. It establishes basic processes and essential controls for cybersecurity.
t | 1 | {} | t | 1 | { |
2 | "authors": [ | ||||
3 | "The MONARC project" | ||||
4 | ], | ||||
5 | "label": "NIST Core", | ||||
6 | "language": "EN", | ||||
7 | "refs": [ | ||||
8 | "https://www.nist.gov/cyberframework/framework" | ||||
9 | ], | ||||
10 | "uuid": "fcf78560-3d12-42ba-8f4a-5761ca02ac94", | ||||
11 | "values": [ | ||||
12 | { | ||||
13 | "category": "Asset Management (ID.AM)", | ||||
14 | "code": "1_ID.AM-1", | ||||
15 | "label": "Physical devices and systems within the organization are inventoried", | ||||
16 | "uuid": "231fc2b1-80c2-450e-9d80-f804f5a8984c" | ||||
17 | }, | ||||
18 | { | ||||
19 | "category": "Asset Management (ID.AM)", | ||||
20 | "code": "1_ID.AM-2", | ||||
21 | "label": "Software platforms and applications within the organization are inventoried", | ||||
22 | "uuid": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329" | ||||
23 | }, | ||||
24 | { | ||||
25 | "category": "Asset Management (ID.AM)", | ||||
26 | "code": "1_ID.AM-3", | ||||
27 | "label": "Organizational communication and data flows are mapped", | ||||
28 | "uuid": "b0cebf68-a023-40af-ba24-e59bd4a45c90" | ||||
29 | }, | ||||
30 | { | ||||
31 | "category": "Asset Management (ID.AM)", | ||||
32 | "code": "1_ID.AM-4", | ||||
33 | "label": "External information systems are catalogued", | ||||
34 | "uuid": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c" | ||||
35 | }, | ||||
36 | { | ||||
37 | "category": "Asset Management (ID.AM)", | ||||
38 | "code": "1_ID.AM-5", | ||||
39 | "label": "Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value", | ||||
40 | "uuid": "50fc2488-b730-48ae-abf8-93e60f141404" | ||||
41 | }, | ||||
42 | { | ||||
43 | "category": "Asset Management (ID.AM)", | ||||
44 | "code": "1_ID.AM-6", | ||||
45 | "label": "Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established", | ||||
46 | "uuid": "766520fa-3439-4382-babc-eb7d9d6b1f52" | ||||
47 | }, | ||||
48 | { | ||||
49 | "category": "Business Environment (ID.BE)", | ||||
50 | "code": "1_ID.BE-1", | ||||
51 | "label": "The organization’s role in the supply chain is identified and communicated", | ||||
52 | "uuid": "46555297-7af1-4d59-ac07-6e627aef4dda" | ||||
53 | }, | ||||
54 | { | ||||
55 | "category": "Business Environment (ID.BE)", | ||||
56 | "code": "1_ID.BE-2", | ||||
57 | "label": "The organization’s place in critical infrastructure and its industry sector is identified and communicated", | ||||
58 | "uuid": "63f9f527-2c63-4fda-acda-7ebcf3025873" | ||||
59 | }, | ||||
60 | { | ||||
61 | "category": "Business Environment (ID.BE)", | ||||
62 | "code": "1_ID.BE-3", | ||||
63 | "label": "Priorities for organizational mission, objectives, and activities are established and communicated", | ||||
64 | "uuid": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3" | ||||
65 | }, | ||||
66 | { | ||||
67 | "category": "Business Environment (ID.BE)", | ||||
68 | "code": "1_ID.BE-4", | ||||
69 | "label": "Dependencies and critical functions for delivery of critical services are established", | ||||
70 | "uuid": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a" | ||||
71 | }, | ||||
72 | { | ||||
73 | "category": "Business Environment (ID.BE)", | ||||
74 | "code": "1_ID.BE-5", | ||||
75 | "label": "Resilience requirements to support delivery of critical services are established", | ||||
76 | "uuid": "75942c69-3336-4e82-bf59-515aaa6e3513" | ||||
77 | }, | ||||
78 | { | ||||
79 | "category": "Governance (ID.GV)", | ||||
80 | "code": "1_ID.GV-1", | ||||
81 | "label": "Organizational information security policy is established", | ||||
82 | "uuid": "7a4074cc-5b40-486a-9a52-6b49be7f95e6" | ||||
83 | }, | ||||
84 | { | ||||
85 | "category": "Governance (ID.GV)", | ||||
86 | "code": "1_ID.GV-2", | ||||
87 | "label": "Information security roles & responsibilities are coordinated and aligned with internal roles and external partners", | ||||
88 | "uuid": "29613b2e-8def-417e-85fa-31aa5ef5de3b" | ||||
89 | }, | ||||
90 | { | ||||
91 | "category": "Governance (ID.GV)", | ||||
92 | "code": "1_ID.GV-3", | ||||
93 | "label": "Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed", | ||||
94 | "uuid": "4e2499c0-d23d-4977-9e9f-6323af31be24" | ||||
95 | }, | ||||
96 | { | ||||
97 | "category": "Governance (ID.GV)", | ||||
98 | "code": "1_ID.GV-4", | ||||
99 | "label": "Governance and risk management processes address cybersecurity risks", | ||||
100 | "uuid": "d2e86e2d-5bec-42a2-b642-69995b6abcf0" | ||||
101 | }, | ||||
102 | { | ||||
103 | "category": "Risk Assessment (ID.RA)", | ||||
104 | "code": "1_ID.RA-1", | ||||
105 | "label": "Asset vulnerabilities are identified and documented", | ||||
106 | "uuid": "cc6aad46-1887-4da6-93e3-c707be07b9f5" | ||||
107 | }, | ||||
108 | { | ||||
109 | "category": "Risk Assessment (ID.RA)", | ||||
110 | "code": "1_ID.RA-2", | ||||
111 | "label": "Threat and vulnerability information is received from information sharing forums and sources", | ||||
112 | "uuid": "0550c268-534a-4311-920d-84466e4865c4" | ||||
113 | }, | ||||
114 | { | ||||
115 | "category": "Risk Assessment (ID.RA)", | ||||
116 | "code": "1_ID.RA-3", | ||||
117 | "label": "Threats, both internal and external, are identified and documented", | ||||
118 | "uuid": "1bad7834-b740-48ff-8450-5792b55614db" | ||||
119 | }, | ||||
120 | { | ||||
121 | "category": "Risk Assessment (ID.RA)", | ||||
122 | "code": "1_ID.RA-4", | ||||
123 | "label": "Potential business impacts and likelihoods are identified", | ||||
124 | "uuid": "7c09a9bf-407c-4509-94c0-af8314fc3b86" | ||||
125 | }, | ||||
126 | { | ||||
127 | "category": "Risk Assessment (ID.RA)", | ||||
128 | "code": "1_ID.RA-5", | ||||
129 | "label": "Threats, vulnerabilities, likelihoods, and impacts are used to determine risk", | ||||
130 | "uuid": "6d0bfd47-88dc-484a-aed8-196eaa12c4db" | ||||
131 | }, | ||||
132 | { | ||||
133 | "category": "Risk Assessment (ID.RA)", | ||||
134 | "code": "1_ID.RA-6", | ||||
135 | "label": "Risk responses are identified and prioritized", | ||||
136 | "uuid": "98ce2a28-d424-4436-8c41-2ec0e8d563fa" | ||||
137 | }, | ||||
138 | { | ||||
139 | "category": "Risk Management Strategy (ID.RM)", | ||||
140 | "code": "1_ID.RM-1", | ||||
141 | "label": "Risk management processes are established, managed, and agreed to by organizational stakeholders", | ||||
142 | "uuid": "e384f897-1b70-49a5-8491-24c035e1451f" | ||||
143 | }, | ||||
144 | { | ||||
145 | "category": "Risk Management Strategy (ID.RM)", | ||||
146 | "code": "1_ID.RM-2", | ||||
147 | "label": "Organizational risk tolerance is determined and clearly expressed", | ||||
148 | "uuid": "7a9f7d35-6714-4182-ae88-d9ff575224a6" | ||||
149 | }, | ||||
150 | { | ||||
151 | "category": "Risk Management Strategy (ID.RM)", | ||||
152 | "code": "1_ID.RM-3", | ||||
153 | "label": "The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis", | ||||
154 | "uuid": "97331ab3-3365-4fb0-894c-578c460720fa" | ||||
155 | }, | ||||
156 | { | ||||
157 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
158 | "code": "1_ID.SC-1", | ||||
159 | "label": "Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders", | ||||
160 | "uuid": "03dee2e6-285f-44e4-acc5-2388f62584a5" | ||||
161 | }, | ||||
162 | { | ||||
163 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
164 | "code": "1_ID.SC-2", | ||||
165 | "label": "Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process", | ||||
166 | "uuid": "b9d19a14-74ab-46ae-8456-189d1a180dbf" | ||||
167 | }, | ||||
168 | { | ||||
169 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
170 | "code": "1_ID.SC-3", | ||||
171 | "label": "Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.", | ||||
172 | "uuid": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea" | ||||
173 | }, | ||||
174 | { | ||||
175 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
176 | "code": "1_ID.SC-4", | ||||
177 | "label": "Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.", | ||||
178 | "uuid": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939" | ||||
179 | }, | ||||
180 | { | ||||
181 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
182 | "code": "1_ID.SC-5", | ||||
183 | "label": "Response and recovery planning and testing are conducted with suppliers and third-party providers", | ||||
184 | "uuid": "aa988775-7261-412e-bbee-bfd90db78a59" | ||||
185 | }, | ||||
186 | { | ||||
187 | "category": "Access Control (PR.AC)", | ||||
188 | "code": "2_PR.AC-1", | ||||
189 | "label": "Identities and credentials are managed for authorized devices and users", | ||||
190 | "uuid": "a6b301ed-e0c1-467d-8e42-e2796c64b785" | ||||
191 | }, | ||||
192 | { | ||||
193 | "category": "Access Control (PR.AC)", | ||||
194 | "code": "2_PR.AC-2", | ||||
195 | "label": "Physical access to assets is managed and protected", | ||||
196 | "uuid": "382fe4f1-9f05-4169-a343-2c961a8cf359" | ||||
197 | }, | ||||
198 | { | ||||
199 | "category": "Access Control (PR.AC)", | ||||
200 | "code": "2_PR.AC-3", | ||||
201 | "label": "Remote access is managed", | ||||
202 | "uuid": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b" | ||||
203 | }, | ||||
204 | { | ||||
205 | "category": "Access Control (PR.AC)", | ||||
206 | "code": "2_PR.AC-4", | ||||
207 | "label": "Access permissions are managed, incorporating the principles of least privilege and separation of duties", | ||||
208 | "uuid": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb" | ||||
209 | }, | ||||
210 | { | ||||
211 | "category": "Access Control (PR.AC)", | ||||
212 | "code": "2_PR.AC-5", | ||||
213 | "label": "Network integrity is protected, incorporating network segregation where appropriate", | ||||
214 | "uuid": "800fc6f9-e574-4152-89e6-30bae7da4adc" | ||||
215 | }, | ||||
216 | { | ||||
217 | "category": "Access Control (PR.AC)", | ||||
218 | "code": "2_PR.AC-6", | ||||
219 | "label": "Identities are proofed and bound to credentials and asserted in interactions", | ||||
220 | "uuid": "d44d0823-1523-457a-b028-6ea0da3adb34" | ||||
221 | }, | ||||
222 | { | ||||
223 | "category": "Access Control (PR.AC)", | ||||
224 | "code": "2_PR.AC-7", | ||||
225 | "label": "Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)", | ||||
226 | "uuid": "14aab29b-4760-4f32-ad21-06367a8ea05e" | ||||
227 | }, | ||||
228 | { | ||||
229 | "category": "Awareness and Training (PR.AT)", | ||||
230 | "code": "2_PR.AT-1", | ||||
231 | "label": "All users are informed and trained", | ||||
232 | "uuid": "01d259f0-ece0-4f7c-91bf-d09844c576cc" | ||||
233 | }, | ||||
234 | { | ||||
235 | "category": "Awareness and Training (PR.AT)", | ||||
236 | "code": "2_PR.AT-2", | ||||
237 | "label": "Privileged users understand roles & responsibilities", | ||||
238 | "uuid": "6386d5df-56f8-46ad-b181-e870491004a5" | ||||
239 | }, | ||||
240 | { | ||||
241 | "category": "Awareness and Training (PR.AT)", | ||||
242 | "code": "2_PR.AT-3", | ||||
243 | "label": "Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities", | ||||
244 | "uuid": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc" | ||||
245 | }, | ||||
246 | { | ||||
247 | "category": "Awareness and Training (PR.AT)", | ||||
248 | "code": "2_PR.AT-4", | ||||
249 | "label": "Senior executives understand roles & responsibilities", | ||||
250 | "uuid": "987e9304-80fd-4470-b8b4-213f41a0a957" | ||||
251 | }, | ||||
252 | { | ||||
253 | "category": "Awareness and Training (PR.AT)", | ||||
254 | "code": "2_PR.AT-5", | ||||
255 | "label": "Physical and information security personnel understand roles & responsibilities", | ||||
256 | "uuid": "92a81683-1877-48d3-9d5a-c7c0ddd9852b" | ||||
257 | }, | ||||
258 | { | ||||
259 | "category": "Data Security (PR.DS)", | ||||
260 | "code": "2_PR.DS-1", | ||||
261 | "label": "Data-at-rest is protected", | ||||
262 | "uuid": "d798a390-f23a-4bbc-abe5-588ab58811c6" | ||||
263 | }, | ||||
264 | { | ||||
265 | "category": "Data Security (PR.DS)", | ||||
266 | "code": "2_PR.DS-2", | ||||
267 | "label": "Data-in-transit is protected", | ||||
268 | "uuid": "38022045-6812-4623-8409-7a9d6b3f7ce8" | ||||
269 | }, | ||||
270 | { | ||||
271 | "category": "Data Security (PR.DS)", | ||||
272 | "code": "2_PR.DS-3", | ||||
273 | "label": "Assets are formally managed throughout removal, transfers, and disposition", | ||||
274 | "uuid": "acfea27c-c6d5-421a-9ae4-2db82610cc41" | ||||
275 | }, | ||||
276 | { | ||||
277 | "category": "Data Security (PR.DS)", | ||||
278 | "code": "2_PR.DS-4", | ||||
279 | "label": "Adequate capacity to ensure availability is maintained", | ||||
280 | "uuid": "e4380999-3c82-4b85-86cd-86f1f37f97ab" | ||||
281 | }, | ||||
282 | { | ||||
283 | "category": "Data Security (PR.DS)", | ||||
284 | "code": "2_PR.DS-5", | ||||
285 | "label": "Protections against data leaks are implemented", | ||||
286 | "uuid": "e760c443-e572-43cb-bf5b-8aeb3b42ef65" | ||||
287 | }, | ||||
288 | { | ||||
289 | "category": "Data Security (PR.DS)", | ||||
290 | "code": "2_PR.DS-6", | ||||
291 | "label": "Integrity checking mechanisms are used to verify software, firmware, and information integrity", | ||||
292 | "uuid": "e5b116b5-b806-4863-92ba-d8c2f477813b" | ||||
293 | }, | ||||
294 | { | ||||
295 | "category": "Data Security (PR.DS)", | ||||
296 | "code": "2_PR.DS-7", | ||||
297 | "label": "The development and testing environment(s) are separate from the production environment", | ||||
298 | "uuid": "6604ef4c-a1d7-43d2-90e4-d2b8d97d880f" | ||||
299 | }, | ||||
300 | { | ||||
301 | "category": "Data Security (PR.DS)", | ||||
302 | "code": "2_PR.DS-8", | ||||
303 | "label": "Integrity checking mechanisms are used to verify hardware integrity", | ||||
304 | "uuid": "892d5462-ee77-4379-ab88-a78f3eff45c1" | ||||
305 | }, | ||||
306 | { | ||||
307 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
308 | "code": "2_PR.IP-1", | ||||
309 | "label": "A baseline configuration of information technology/industrial control systems is created and maintained", | ||||
310 | "uuid": "30a7a092-3e00-4d33-aec2-66d019c2ff03" | ||||
311 | }, | ||||
312 | { | ||||
313 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
314 | "code": "2_PR.IP-2", | ||||
315 | "label": "A System Development Life Cycle to manage systems is implemented", | ||||
316 | "uuid": "7cd438b8-038b-4f1f-a431-a1a1a83e009c" | ||||
317 | }, | ||||
318 | { | ||||
319 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
320 | "code": "2_PR.IP-3", | ||||
321 | "label": "Configuration change control processes are in place", | ||||
322 | "uuid": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c" | ||||
323 | }, | ||||
324 | { | ||||
325 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
326 | "code": "2_PR.IP-4", | ||||
327 | "label": "Backups of information are conducted, maintained, and tested periodically", | ||||
328 | "uuid": "2e411d93-1836-4dbc-baf1-a747d2a9915a" | ||||
329 | }, | ||||
330 | { | ||||
331 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
332 | "code": "2_PR.IP-5", | ||||
333 | "label": "Policy and regulations regarding the physical operating environment for organizational assets are met", | ||||
334 | "uuid": "f01b50b8-0e54-4f8f-afee-0ec56f788a42" | ||||
335 | }, | ||||
336 | { | ||||
337 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
338 | "code": "2_PR.IP-6", | ||||
339 | "label": "Data is destroyed according to policy", | ||||
340 | "uuid": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86" | ||||
341 | }, | ||||
342 | { | ||||
343 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
344 | "code": "2_PR.IP-7", | ||||
345 | "label": "Protection processes are continuously improved", | ||||
346 | "uuid": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa" | ||||
347 | }, | ||||
348 | { | ||||
349 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
350 | "code": "2_PR.IP-8", | ||||
351 | "label": "Effectiveness of protection technologies is shared with appropriate parties", | ||||
352 | "uuid": "ac4be007-d8cb-4da5-9a84-118c2841a6f5" | ||||
353 | }, | ||||
354 | { | ||||
355 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
356 | "code": "2_PR.IP-9", | ||||
357 | "label": "Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed", | ||||
358 | "uuid": "4fe097cd-e0c0-4698-a209-43ffb553a279" | ||||
359 | }, | ||||
360 | { | ||||
361 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
362 | "code": "2_PR.IP-10", | ||||
363 | "label": "Response and recovery plans are tested", | ||||
364 | "uuid": "e4f85702-5874-4361-beec-45d00b379c5b" | ||||
365 | }, | ||||
366 | { | ||||
367 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
368 | "code": "2_PR.IP-11", | ||||
369 | "label": "Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)", | ||||
370 | "uuid": "4279b240-b560-4632-a557-9af1322930fd" | ||||
371 | }, | ||||
372 | { | ||||
373 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
374 | "code": "2_PR.IP-12", | ||||
375 | "label": "A vulnerability management plan is developed and implemented", | ||||
376 | "uuid": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c" | ||||
377 | }, | ||||
378 | { | ||||
379 | "category": "Maintenance (PR.MA)", | ||||
380 | "code": "2_PR.MA-1", | ||||
381 | "label": "Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools", | ||||
382 | "uuid": "6da92eea-2f74-458f-a643-361df7ea9f2f" | ||||
383 | }, | ||||
384 | { | ||||
385 | "category": "Maintenance (PR.MA)", | ||||
386 | "code": "2_PR.MA-2", | ||||
387 | "label": "Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access", | ||||
388 | "uuid": "831f20de-eadb-44a7-82f3-fcb116d8cb69" | ||||
389 | }, | ||||
390 | { | ||||
391 | "category": "Protective Technology (PR.PT)", | ||||
392 | "code": "2_PR.PT-1", | ||||
393 | "label": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy", | ||||
394 | "uuid": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a" | ||||
395 | }, | ||||
396 | { | ||||
397 | "category": "Protective Technology (PR.PT)", | ||||
398 | "code": "2_PR.PT-2", | ||||
399 | "label": "Removable media is protected and its use restricted according to policy", | ||||
400 | "uuid": "0f278ef8-3a97-4e0e-bc30-66d530bdea47" | ||||
401 | }, | ||||
402 | { | ||||
403 | "category": "Protective Technology (PR.PT)", | ||||
404 | "code": "2_PR.PT-3", | ||||
405 | "label": "Access to systems and assets is controlled, incorporating the principle of least functionality", | ||||
406 | "uuid": "02cc6244-c9d8-4db1-aeb3-a05933207c9d" | ||||
407 | }, | ||||
408 | { | ||||
409 | "category": "Protective Technology (PR.PT)", | ||||
410 | "code": "2_PR.PT-4", | ||||
411 | "label": "Communications and control networks are protected", | ||||
412 | "uuid": "6b2a7cc7-c35a-4020-92d8-5935e1229676" | ||||
413 | }, | ||||
414 | { | ||||
415 | "category": "Protective Technology (PR.PT)", | ||||
416 | "code": "2_PR.PT-5", | ||||
417 | "label": "Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations", | ||||
418 | "uuid": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e" | ||||
419 | }, | ||||
420 | { | ||||
421 | "category": "Anomalies and Events (DE.AE)", | ||||
422 | "code": "3_DE.AE-1", | ||||
423 | "label": "A baseline of network operations and expected data flows for users and systems is established and managed", | ||||
424 | "uuid": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f" | ||||
425 | }, | ||||
426 | { | ||||
427 | "category": "Anomalies and Events (DE.AE)", | ||||
428 | "code": "3_DE.AE-2", | ||||
429 | "label": "Detected events are analyzed to understand attack targets and methods", | ||||
430 | "uuid": "69f50c12-9eab-4305-be4f-97a2002ccc0c" | ||||
431 | }, | ||||
432 | { | ||||
433 | "category": "Anomalies and Events (DE.AE)", | ||||
434 | "code": "3_DE.AE-3", | ||||
435 | "label": "Event data are aggregated and correlated from multiple sources and sensors", | ||||
436 | "uuid": "31dc508e-664e-4173-8757-00ec985115c8" | ||||
437 | }, | ||||
438 | { | ||||
439 | "category": "Anomalies and Events (DE.AE)", | ||||
440 | "code": "3_DE.AE-4", | ||||
441 | "label": "Impact of events is determined", | ||||
442 | "uuid": "3f6e72ed-2984-452d-badd-5563acbf0450" | ||||
443 | }, | ||||
444 | { | ||||
445 | "category": "Anomalies and Events (DE.AE)", | ||||
446 | "code": "3_DE.AE-5", | ||||
447 | "label": "Incident alert thresholds are established", | ||||
448 | "uuid": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6" | ||||
449 | }, | ||||
450 | { | ||||
451 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
452 | "code": "3_DE.CM-1", | ||||
453 | "label": "The network is monitored to detect potential cybersecurity events", | ||||
454 | "uuid": "9b355a55-73ce-4d55-8016-d93e3c555a55" | ||||
455 | }, | ||||
456 | { | ||||
457 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
458 | "code": "3_DE.CM-2", | ||||
459 | "label": "The physical environment is monitored to detect potential cybersecurity events", | ||||
460 | "uuid": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35" | ||||
461 | }, | ||||
462 | { | ||||
463 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
464 | "code": "3_DE.CM-3", | ||||
465 | "label": "Personnel activity is monitored to detect potential cybersecurity events", | ||||
466 | "uuid": "a8f83595-0327-4e24-9557-0e8d9b82856f" | ||||
467 | }, | ||||
468 | { | ||||
469 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
470 | "code": "3_DE.CM-4", | ||||
471 | "label": "Malicious code is detected", | ||||
472 | "uuid": "70e202bf-2270-4daf-8fb5-4f6fb10de979" | ||||
473 | }, | ||||
474 | { | ||||
475 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
476 | "code": "3_DE.CM-5", | ||||
477 | "label": "Unauthorized mobile code is detected", | ||||
478 | "uuid": "54eeaae4-2b82-43ce-9a61-40d453116d8d" | ||||
479 | }, | ||||
480 | { | ||||
481 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
482 | "code": "3_DE.CM-6", | ||||
483 | "label": "External service provider activity is monitored to detect potential cybersecurity events", | ||||
484 | "uuid": "bbb99e89-ee33-46fc-bc03-1582631210c4" | ||||
485 | }, | ||||
486 | { | ||||
487 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
488 | "code": "3_DE.CM-7", | ||||
489 | "label": "Monitoring for unauthorized personnel, connections, devices, and software is performed", | ||||
490 | "uuid": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" | ||||
491 | }, | ||||
492 | { | ||||
493 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
494 | "code": "3_DE.CM-8", | ||||
495 | "label": "Vulnerability scans are performed", | ||||
496 | "uuid": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be" | ||||
497 | }, | ||||
498 | { | ||||
499 | "category": "Detection Processes (DE.DP)", | ||||
500 | "code": "3_DE.DP-1", | ||||
501 | "label": "Roles and responsibilities for detection are well defined to ensure accountability", | ||||
502 | "uuid": "48a13f85-a811-43fa-a0e8-89f67fb2743f" | ||||
503 | }, | ||||
504 | { | ||||
505 | "category": "Detection Processes (DE.DP)", | ||||
506 | "code": "3_DE.DP-2", | ||||
507 | "label": "Detection activities comply with all applicable requirements", | ||||
508 | "uuid": "f9d1a926-5d39-4123-8b83-a94c21ff18e5" | ||||
509 | }, | ||||
510 | { | ||||
511 | "category": "Detection Processes (DE.DP)", | ||||
512 | "code": "3_DE.DP-3", | ||||
513 | "label": "Detection processes are tested", | ||||
514 | "uuid": "23e4c883-c358-4b64-8d7e-249c67b7f1f2" | ||||
515 | }, | ||||
516 | { | ||||
517 | "category": "Detection Processes (DE.DP)", | ||||
518 | "code": "3_DE.DP-4", | ||||
519 | "label": "Event detection information is communicated to appropriate parties", | ||||
520 | "uuid": "025611cb-8431-4a9c-a88c-039141472418" | ||||
521 | }, | ||||
522 | { | ||||
523 | "category": "Detection Processes (DE.DP)", | ||||
524 | "code": "3_DE.DP-5", | ||||
525 | "label": "Detection processes are continuously improved", | ||||
526 | "uuid": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9" | ||||
527 | }, | ||||
528 | { | ||||
529 | "category": "Response Planning (RS.RP)", | ||||
530 | "code": "4_RS.RP-1", | ||||
531 | "label": "Response plan is executed during or after an event", | ||||
532 | "uuid": "b237b4b1-a21a-4122-b4c8-e068ad58ef21" | ||||
533 | }, | ||||
534 | { | ||||
535 | "category": "Communications (RS.CO)", | ||||
536 | "code": "4_RS.CO-1", | ||||
537 | "label": "Personnel know their roles and order of operations when a response is needed", | ||||
538 | "uuid": "cce52cf2-aa85-4f33-8cb8-b0508f452c25" | ||||
539 | }, | ||||
540 | { | ||||
541 | "category": "Communications (RS.CO)", | ||||
542 | "code": "4_RS.CO-2", | ||||
543 | "label": "Events are reported consistent with established criteria", | ||||
544 | "uuid": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a" | ||||
545 | }, | ||||
546 | { | ||||
547 | "category": "Communications (RS.CO)", | ||||
548 | "code": "4_RS.CO-3", | ||||
549 | "label": "Information is shared consistent with response plans", | ||||
550 | "uuid": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68" | ||||
551 | }, | ||||
552 | { | ||||
553 | "category": "Communications (RS.CO)", | ||||
554 | "code": "4_RS.CO-4", | ||||
555 | "label": "Coordination with stakeholders occurs consistent with response plans", | ||||
556 | "uuid": "34a2e449-b69d-4f75-a548-8c5faee598b5" | ||||
557 | }, | ||||
558 | { | ||||
559 | "category": "Communications (RS.CO)", | ||||
560 | "code": "4_RS.CO-5", | ||||
561 | "label": "Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness", | ||||
562 | "uuid": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf" | ||||
563 | }, | ||||
564 | { | ||||
565 | "category": "Analysis (RS.AN)", | ||||
566 | "code": "4_RS.AN-1", | ||||
567 | "label": "Notifications from detection systems are investigated", | ||||
568 | "uuid": "e6ab0d96-2ced-445d-a19f-97710b2cc346" | ||||
569 | }, | ||||
570 | { | ||||
571 | "category": "Analysis (RS.AN)", | ||||
572 | "code": "4_RS.AN-2", | ||||
573 | "label": "The impact of the incident is understood", | ||||
574 | "uuid": "0c7c3558-9c78-4bcc-816b-9123c899b653" | ||||
575 | }, | ||||
576 | { | ||||
577 | "category": "Analysis (RS.AN)", | ||||
578 | "code": "4_RS.AN-3", | ||||
579 | "label": "Forensics are performed", | ||||
580 | "uuid": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a" | ||||
581 | }, | ||||
582 | { | ||||
583 | "category": "Analysis (RS.AN)", | ||||
584 | "code": "4_RS.AN-4", | ||||
585 | "label": "Incidents are categorized consistent with response plans", | ||||
586 | "uuid": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94" | ||||
587 | }, | ||||
588 | { | ||||
589 | "category": "Analysis (RS.AN)", | ||||
590 | "code": "4_RS.AN-5", | ||||
591 | "label": "Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)", | ||||
592 | "uuid": "83c3ab70-566c-4bbe-a3b8-940d9fbb5ad7" | ||||
593 | }, | ||||
594 | { | ||||
595 | "category": "Mitigation (RS.MI)", | ||||
596 | "code": "4_RS.MI-1", | ||||
597 | "label": "Incidents are contained", | ||||
598 | "uuid": "2736e702-38ef-439d-9e8b-989ef56f8735" | ||||
599 | }, | ||||
600 | { | ||||
601 | "category": "Mitigation (RS.MI)", | ||||
602 | "code": "4_RS.MI-2", | ||||
603 | "label": "Incidents are mitigated", | ||||
604 | "uuid": "e94941eb-31da-40e0-b944-07c43233e7c0" | ||||
605 | }, | ||||
606 | { | ||||
607 | "category": "Mitigation (RS.MI)", | ||||
608 | "code": "4_RS.MI-3", | ||||
609 | "label": "Newly identified vulnerabilities are mitigated or documented as accepted risks", | ||||
610 | "uuid": "0de24c0a-53cb-4481-9b8d-fccc252e4f03" | ||||
611 | }, | ||||
612 | { | ||||
613 | "category": "Improvements (RS.IM)", | ||||
614 | "code": "4_RS.IM-1", | ||||
615 | "label": "Response plans incorporate lessons learned", | ||||
616 | "uuid": "01314572-becc-4780-945f-9ed3a40af900" | ||||
617 | }, | ||||
618 | { | ||||
619 | "category": "Improvements (RS.IM)", | ||||
620 | "code": "4_RS.IM-2", | ||||
621 | "label": "Response strategies are updated", | ||||
622 | "uuid": "f0753789-bcc3-4f66-9bb5-b6179bb367de" | ||||
623 | }, | ||||
624 | { | ||||
625 | "category": "Recovery Planning (RC.RP)", | ||||
626 | "code": "5_RC.RP-1", | ||||
627 | "label": "Recovery plan is executed during or after an event", | ||||
628 | "uuid": "0d124100-372e-429b-9e2f-d12211f005e1" | ||||
629 | }, | ||||
630 | { | ||||
631 | "category": "Improvements (RC.IM)", | ||||
632 | "code": "5_RC.IM-1", | ||||
633 | "label": "Recovery plans incorporate lessons learned", | ||||
634 | "uuid": "52ab8937-c260-4cf3-a807-ce1381afa4c9" | ||||
635 | }, | ||||
636 | { | ||||
637 | "category": "Improvements (RC.IM)", | ||||
638 | "code": "5_RC.IM-2", | ||||
639 | "label": "Recovery strategies are updated", | ||||
640 | "uuid": "421b5608-0f1d-4de5-b646-ff9538f8493f" | ||||
641 | }, | ||||
642 | { | ||||
643 | "category": "Communications (RC.CO)", | ||||
644 | "code": "5_RC.CO-1", | ||||
645 | "label": "Public relations are managed", | ||||
646 | "uuid": "771e3059-9eb4-4313-94b4-f0e8fa102498" | ||||
647 | }, | ||||
648 | { | ||||
649 | "category": "Communications (RC.CO)", | ||||
650 | "code": "5_RC.CO-2", | ||||
651 | "label": "Reputation after an event is repaired", | ||||
652 | "uuid": "ecde2384-2cdb-46cc-9a15-37ea9ee175ee" | ||||
653 | }, | ||||
654 | { | ||||
655 | "category": "Communications (RC.CO)", | ||||
656 | "code": "5_RC.CO-3", | ||||
657 | "label": "Recovery activities are communicated to internal stakeholders and executive and management teams", | ||||
658 | "uuid": "c8de5e1f-7893-42b3-852d-fa4f79bc68fa" | ||||
659 | } | ||||
660 | ], | ||||
661 | "version": 1, | ||||
662 | "version_ext": "1.1" | ||||
663 | } |