Date: May 5, 2024, 5:21:58 PM
Date: Mar 7, 2021, 12:28:30 AM
Editor: Juan
Name:
Name: NIST Core
Description:
Description: The NIST Cybersecurity Framework is US Government guidance for private sector organizations that own, operate, or supply critical infrastructure. It provides a reasonable base level of cyber security. It establishes basic processes and essential controls for cybersecurity.
| t | 1 | {} | t | 1 | { |
| 2 | "authors": [ | ||||
| 3 | "The MONARC project" | ||||
| 4 | ], | ||||
| 5 | "label": "NIST Core", | ||||
| 6 | "language": "EN", | ||||
| 7 | "refs": [ | ||||
| 8 | "https://www.nist.gov/cyberframework/framework" | ||||
| 9 | ], | ||||
| 10 | "uuid": "fcf78560-3d12-42ba-8f4a-5761ca02ac94", | ||||
| 11 | "values": [ | ||||
| 12 | { | ||||
| 13 | "category": "Asset Management (ID.AM)", | ||||
| 14 | "code": "1_ID.AM-1", | ||||
| 15 | "label": "Physical devices and systems within the organization are inventoried", | ||||
| 16 | "uuid": "231fc2b1-80c2-450e-9d80-f804f5a8984c" | ||||
| 17 | }, | ||||
| 18 | { | ||||
| 19 | "category": "Asset Management (ID.AM)", | ||||
| 20 | "code": "1_ID.AM-2", | ||||
| 21 | "label": "Software platforms and applications within the organization are inventoried", | ||||
| 22 | "uuid": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329" | ||||
| 23 | }, | ||||
| 24 | { | ||||
| 25 | "category": "Asset Management (ID.AM)", | ||||
| 26 | "code": "1_ID.AM-3", | ||||
| 27 | "label": "Organizational communication and data flows are mapped", | ||||
| 28 | "uuid": "b0cebf68-a023-40af-ba24-e59bd4a45c90" | ||||
| 29 | }, | ||||
| 30 | { | ||||
| 31 | "category": "Asset Management (ID.AM)", | ||||
| 32 | "code": "1_ID.AM-4", | ||||
| 33 | "label": "External information systems are catalogued", | ||||
| 34 | "uuid": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c" | ||||
| 35 | }, | ||||
| 36 | { | ||||
| 37 | "category": "Asset Management (ID.AM)", | ||||
| 38 | "code": "1_ID.AM-5", | ||||
| 39 | "label": "Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value", | ||||
| 40 | "uuid": "50fc2488-b730-48ae-abf8-93e60f141404" | ||||
| 41 | }, | ||||
| 42 | { | ||||
| 43 | "category": "Asset Management (ID.AM)", | ||||
| 44 | "code": "1_ID.AM-6", | ||||
| 45 | "label": "Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established", | ||||
| 46 | "uuid": "766520fa-3439-4382-babc-eb7d9d6b1f52" | ||||
| 47 | }, | ||||
| 48 | { | ||||
| 49 | "category": "Business Environment (ID.BE)", | ||||
| 50 | "code": "1_ID.BE-1", | ||||
| 51 | "label": "The organization’s role in the supply chain is identified and communicated", | ||||
| 52 | "uuid": "46555297-7af1-4d59-ac07-6e627aef4dda" | ||||
| 53 | }, | ||||
| 54 | { | ||||
| 55 | "category": "Business Environment (ID.BE)", | ||||
| 56 | "code": "1_ID.BE-2", | ||||
| 57 | "label": "The organization’s place in critical infrastructure and its industry sector is identified and communicated", | ||||
| 58 | "uuid": "63f9f527-2c63-4fda-acda-7ebcf3025873" | ||||
| 59 | }, | ||||
| 60 | { | ||||
| 61 | "category": "Business Environment (ID.BE)", | ||||
| 62 | "code": "1_ID.BE-3", | ||||
| 63 | "label": "Priorities for organizational mission, objectives, and activities are established and communicated", | ||||
| 64 | "uuid": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3" | ||||
| 65 | }, | ||||
| 66 | { | ||||
| 67 | "category": "Business Environment (ID.BE)", | ||||
| 68 | "code": "1_ID.BE-4", | ||||
| 69 | "label": "Dependencies and critical functions for delivery of critical services are established", | ||||
| 70 | "uuid": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a" | ||||
| 71 | }, | ||||
| 72 | { | ||||
| 73 | "category": "Business Environment (ID.BE)", | ||||
| 74 | "code": "1_ID.BE-5", | ||||
| 75 | "label": "Resilience requirements to support delivery of critical services are established", | ||||
| 76 | "uuid": "75942c69-3336-4e82-bf59-515aaa6e3513" | ||||
| 77 | }, | ||||
| 78 | { | ||||
| 79 | "category": "Governance (ID.GV)", | ||||
| 80 | "code": "1_ID.GV-1", | ||||
| 81 | "label": "Organizational information security policy is established", | ||||
| 82 | "uuid": "7a4074cc-5b40-486a-9a52-6b49be7f95e6" | ||||
| 83 | }, | ||||
| 84 | { | ||||
| 85 | "category": "Governance (ID.GV)", | ||||
| 86 | "code": "1_ID.GV-2", | ||||
| 87 | "label": "Information security roles & responsibilities are coordinated and aligned with internal roles and external partners", | ||||
| 88 | "uuid": "29613b2e-8def-417e-85fa-31aa5ef5de3b" | ||||
| 89 | }, | ||||
| 90 | { | ||||
| 91 | "category": "Governance (ID.GV)", | ||||
| 92 | "code": "1_ID.GV-3", | ||||
| 93 | "label": "Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed", | ||||
| 94 | "uuid": "4e2499c0-d23d-4977-9e9f-6323af31be24" | ||||
| 95 | }, | ||||
| 96 | { | ||||
| 97 | "category": "Governance (ID.GV)", | ||||
| 98 | "code": "1_ID.GV-4", | ||||
| 99 | "label": "Governance and risk management processes address cybersecurity risks", | ||||
| 100 | "uuid": "d2e86e2d-5bec-42a2-b642-69995b6abcf0" | ||||
| 101 | }, | ||||
| 102 | { | ||||
| 103 | "category": "Risk Assessment (ID.RA)", | ||||
| 104 | "code": "1_ID.RA-1", | ||||
| 105 | "label": "Asset vulnerabilities are identified and documented", | ||||
| 106 | "uuid": "cc6aad46-1887-4da6-93e3-c707be07b9f5" | ||||
| 107 | }, | ||||
| 108 | { | ||||
| 109 | "category": "Risk Assessment (ID.RA)", | ||||
| 110 | "code": "1_ID.RA-2", | ||||
| 111 | "label": "Threat and vulnerability information is received from information sharing forums and sources", | ||||
| 112 | "uuid": "0550c268-534a-4311-920d-84466e4865c4" | ||||
| 113 | }, | ||||
| 114 | { | ||||
| 115 | "category": "Risk Assessment (ID.RA)", | ||||
| 116 | "code": "1_ID.RA-3", | ||||
| 117 | "label": "Threats, both internal and external, are identified and documented", | ||||
| 118 | "uuid": "1bad7834-b740-48ff-8450-5792b55614db" | ||||
| 119 | }, | ||||
| 120 | { | ||||
| 121 | "category": "Risk Assessment (ID.RA)", | ||||
| 122 | "code": "1_ID.RA-4", | ||||
| 123 | "label": "Potential business impacts and likelihoods are identified", | ||||
| 124 | "uuid": "7c09a9bf-407c-4509-94c0-af8314fc3b86" | ||||
| 125 | }, | ||||
| 126 | { | ||||
| 127 | "category": "Risk Assessment (ID.RA)", | ||||
| 128 | "code": "1_ID.RA-5", | ||||
| 129 | "label": "Threats, vulnerabilities, likelihoods, and impacts are used to determine risk", | ||||
| 130 | "uuid": "6d0bfd47-88dc-484a-aed8-196eaa12c4db" | ||||
| 131 | }, | ||||
| 132 | { | ||||
| 133 | "category": "Risk Assessment (ID.RA)", | ||||
| 134 | "code": "1_ID.RA-6", | ||||
| 135 | "label": "Risk responses are identified and prioritized", | ||||
| 136 | "uuid": "98ce2a28-d424-4436-8c41-2ec0e8d563fa" | ||||
| 137 | }, | ||||
| 138 | { | ||||
| 139 | "category": "Risk Management Strategy (ID.RM)", | ||||
| 140 | "code": "1_ID.RM-1", | ||||
| 141 | "label": "Risk management processes are established, managed, and agreed to by organizational stakeholders", | ||||
| 142 | "uuid": "e384f897-1b70-49a5-8491-24c035e1451f" | ||||
| 143 | }, | ||||
| 144 | { | ||||
| 145 | "category": "Risk Management Strategy (ID.RM)", | ||||
| 146 | "code": "1_ID.RM-2", | ||||
| 147 | "label": "Organizational risk tolerance is determined and clearly expressed", | ||||
| 148 | "uuid": "7a9f7d35-6714-4182-ae88-d9ff575224a6" | ||||
| 149 | }, | ||||
| 150 | { | ||||
| 151 | "category": "Risk Management Strategy (ID.RM)", | ||||
| 152 | "code": "1_ID.RM-3", | ||||
| 153 | "label": "The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis", | ||||
| 154 | "uuid": "97331ab3-3365-4fb0-894c-578c460720fa" | ||||
| 155 | }, | ||||
| 156 | { | ||||
| 157 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
| 158 | "code": "1_ID.SC-1", | ||||
| 159 | "label": "Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders", | ||||
| 160 | "uuid": "03dee2e6-285f-44e4-acc5-2388f62584a5" | ||||
| 161 | }, | ||||
| 162 | { | ||||
| 163 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
| 164 | "code": "1_ID.SC-2", | ||||
| 165 | "label": "Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process", | ||||
| 166 | "uuid": "b9d19a14-74ab-46ae-8456-189d1a180dbf" | ||||
| 167 | }, | ||||
| 168 | { | ||||
| 169 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
| 170 | "code": "1_ID.SC-3", | ||||
| 171 | "label": "Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.", | ||||
| 172 | "uuid": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea" | ||||
| 173 | }, | ||||
| 174 | { | ||||
| 175 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
| 176 | "code": "1_ID.SC-4", | ||||
| 177 | "label": "Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.", | ||||
| 178 | "uuid": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939" | ||||
| 179 | }, | ||||
| 180 | { | ||||
| 181 | "category": "Supply Chain Risk Management (ID.SC)", | ||||
| 182 | "code": "1_ID.SC-5", | ||||
| 183 | "label": "Response and recovery planning and testing are conducted with suppliers and third-party providers", | ||||
| 184 | "uuid": "aa988775-7261-412e-bbee-bfd90db78a59" | ||||
| 185 | }, | ||||
| 186 | { | ||||
| 187 | "category": "Access Control (PR.AC)", | ||||
| 188 | "code": "2_PR.AC-1", | ||||
| 189 | "label": "Identities and credentials are managed for authorized devices and users", | ||||
| 190 | "uuid": "a6b301ed-e0c1-467d-8e42-e2796c64b785" | ||||
| 191 | }, | ||||
| 192 | { | ||||
| 193 | "category": "Access Control (PR.AC)", | ||||
| 194 | "code": "2_PR.AC-2", | ||||
| 195 | "label": "Physical access to assets is managed and protected", | ||||
| 196 | "uuid": "382fe4f1-9f05-4169-a343-2c961a8cf359" | ||||
| 197 | }, | ||||
| 198 | { | ||||
| 199 | "category": "Access Control (PR.AC)", | ||||
| 200 | "code": "2_PR.AC-3", | ||||
| 201 | "label": "Remote access is managed", | ||||
| 202 | "uuid": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b" | ||||
| 203 | }, | ||||
| 204 | { | ||||
| 205 | "category": "Access Control (PR.AC)", | ||||
| 206 | "code": "2_PR.AC-4", | ||||
| 207 | "label": "Access permissions are managed, incorporating the principles of least privilege and separation of duties", | ||||
| 208 | "uuid": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb" | ||||
| 209 | }, | ||||
| 210 | { | ||||
| 211 | "category": "Access Control (PR.AC)", | ||||
| 212 | "code": "2_PR.AC-5", | ||||
| 213 | "label": "Network integrity is protected, incorporating network segregation where appropriate", | ||||
| 214 | "uuid": "800fc6f9-e574-4152-89e6-30bae7da4adc" | ||||
| 215 | }, | ||||
| 216 | { | ||||
| 217 | "category": "Access Control (PR.AC)", | ||||
| 218 | "code": "2_PR.AC-6", | ||||
| 219 | "label": "Identities are proofed and bound to credentials and asserted in interactions", | ||||
| 220 | "uuid": "d44d0823-1523-457a-b028-6ea0da3adb34" | ||||
| 221 | }, | ||||
| 222 | { | ||||
| 223 | "category": "Access Control (PR.AC)", | ||||
| 224 | "code": "2_PR.AC-7", | ||||
| 225 | "label": "Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)", | ||||
| 226 | "uuid": "14aab29b-4760-4f32-ad21-06367a8ea05e" | ||||
| 227 | }, | ||||
| 228 | { | ||||
| 229 | "category": "Awareness and Training (PR.AT)", | ||||
| 230 | "code": "2_PR.AT-1", | ||||
| 231 | "label": "All users are informed and trained", | ||||
| 232 | "uuid": "01d259f0-ece0-4f7c-91bf-d09844c576cc" | ||||
| 233 | }, | ||||
| 234 | { | ||||
| 235 | "category": "Awareness and Training (PR.AT)", | ||||
| 236 | "code": "2_PR.AT-2", | ||||
| 237 | "label": "Privileged users understand roles & responsibilities", | ||||
| 238 | "uuid": "6386d5df-56f8-46ad-b181-e870491004a5" | ||||
| 239 | }, | ||||
| 240 | { | ||||
| 241 | "category": "Awareness and Training (PR.AT)", | ||||
| 242 | "code": "2_PR.AT-3", | ||||
| 243 | "label": "Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities", | ||||
| 244 | "uuid": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc" | ||||
| 245 | }, | ||||
| 246 | { | ||||
| 247 | "category": "Awareness and Training (PR.AT)", | ||||
| 248 | "code": "2_PR.AT-4", | ||||
| 249 | "label": "Senior executives understand roles & responsibilities", | ||||
| 250 | "uuid": "987e9304-80fd-4470-b8b4-213f41a0a957" | ||||
| 251 | }, | ||||
| 252 | { | ||||
| 253 | "category": "Awareness and Training (PR.AT)", | ||||
| 254 | "code": "2_PR.AT-5", | ||||
| 255 | "label": "Physical and information security personnel understand roles & responsibilities", | ||||
| 256 | "uuid": "92a81683-1877-48d3-9d5a-c7c0ddd9852b" | ||||
| 257 | }, | ||||
| 258 | { | ||||
| 259 | "category": "Data Security (PR.DS)", | ||||
| 260 | "code": "2_PR.DS-1", | ||||
| 261 | "label": "Data-at-rest is protected", | ||||
| 262 | "uuid": "d798a390-f23a-4bbc-abe5-588ab58811c6" | ||||
| 263 | }, | ||||
| 264 | { | ||||
| 265 | "category": "Data Security (PR.DS)", | ||||
| 266 | "code": "2_PR.DS-2", | ||||
| 267 | "label": "Data-in-transit is protected", | ||||
| 268 | "uuid": "38022045-6812-4623-8409-7a9d6b3f7ce8" | ||||
| 269 | }, | ||||
| 270 | { | ||||
| 271 | "category": "Data Security (PR.DS)", | ||||
| 272 | "code": "2_PR.DS-3", | ||||
| 273 | "label": "Assets are formally managed throughout removal, transfers, and disposition", | ||||
| 274 | "uuid": "acfea27c-c6d5-421a-9ae4-2db82610cc41" | ||||
| 275 | }, | ||||
| 276 | { | ||||
| 277 | "category": "Data Security (PR.DS)", | ||||
| 278 | "code": "2_PR.DS-4", | ||||
| 279 | "label": "Adequate capacity to ensure availability is maintained", | ||||
| 280 | "uuid": "e4380999-3c82-4b85-86cd-86f1f37f97ab" | ||||
| 281 | }, | ||||
| 282 | { | ||||
| 283 | "category": "Data Security (PR.DS)", | ||||
| 284 | "code": "2_PR.DS-5", | ||||
| 285 | "label": "Protections against data leaks are implemented", | ||||
| 286 | "uuid": "e760c443-e572-43cb-bf5b-8aeb3b42ef65" | ||||
| 287 | }, | ||||
| 288 | { | ||||
| 289 | "category": "Data Security (PR.DS)", | ||||
| 290 | "code": "2_PR.DS-6", | ||||
| 291 | "label": "Integrity checking mechanisms are used to verify software, firmware, and information integrity", | ||||
| 292 | "uuid": "e5b116b5-b806-4863-92ba-d8c2f477813b" | ||||
| 293 | }, | ||||
| 294 | { | ||||
| 295 | "category": "Data Security (PR.DS)", | ||||
| 296 | "code": "2_PR.DS-7", | ||||
| 297 | "label": "The development and testing environment(s) are separate from the production environment", | ||||
| 298 | "uuid": "6604ef4c-a1d7-43d2-90e4-d2b8d97d880f" | ||||
| 299 | }, | ||||
| 300 | { | ||||
| 301 | "category": "Data Security (PR.DS)", | ||||
| 302 | "code": "2_PR.DS-8", | ||||
| 303 | "label": "Integrity checking mechanisms are used to verify hardware integrity", | ||||
| 304 | "uuid": "892d5462-ee77-4379-ab88-a78f3eff45c1" | ||||
| 305 | }, | ||||
| 306 | { | ||||
| 307 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 308 | "code": "2_PR.IP-1", | ||||
| 309 | "label": "A baseline configuration of information technology/industrial control systems is created and maintained", | ||||
| 310 | "uuid": "30a7a092-3e00-4d33-aec2-66d019c2ff03" | ||||
| 311 | }, | ||||
| 312 | { | ||||
| 313 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 314 | "code": "2_PR.IP-2", | ||||
| 315 | "label": "A System Development Life Cycle to manage systems is implemented", | ||||
| 316 | "uuid": "7cd438b8-038b-4f1f-a431-a1a1a83e009c" | ||||
| 317 | }, | ||||
| 318 | { | ||||
| 319 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 320 | "code": "2_PR.IP-3", | ||||
| 321 | "label": "Configuration change control processes are in place", | ||||
| 322 | "uuid": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c" | ||||
| 323 | }, | ||||
| 324 | { | ||||
| 325 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 326 | "code": "2_PR.IP-4", | ||||
| 327 | "label": "Backups of information are conducted, maintained, and tested periodically", | ||||
| 328 | "uuid": "2e411d93-1836-4dbc-baf1-a747d2a9915a" | ||||
| 329 | }, | ||||
| 330 | { | ||||
| 331 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 332 | "code": "2_PR.IP-5", | ||||
| 333 | "label": "Policy and regulations regarding the physical operating environment for organizational assets are met", | ||||
| 334 | "uuid": "f01b50b8-0e54-4f8f-afee-0ec56f788a42" | ||||
| 335 | }, | ||||
| 336 | { | ||||
| 337 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 338 | "code": "2_PR.IP-6", | ||||
| 339 | "label": "Data is destroyed according to policy", | ||||
| 340 | "uuid": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86" | ||||
| 341 | }, | ||||
| 342 | { | ||||
| 343 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 344 | "code": "2_PR.IP-7", | ||||
| 345 | "label": "Protection processes are continuously improved", | ||||
| 346 | "uuid": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa" | ||||
| 347 | }, | ||||
| 348 | { | ||||
| 349 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 350 | "code": "2_PR.IP-8", | ||||
| 351 | "label": "Effectiveness of protection technologies is shared with appropriate parties", | ||||
| 352 | "uuid": "ac4be007-d8cb-4da5-9a84-118c2841a6f5" | ||||
| 353 | }, | ||||
| 354 | { | ||||
| 355 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 356 | "code": "2_PR.IP-9", | ||||
| 357 | "label": "Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed", | ||||
| 358 | "uuid": "4fe097cd-e0c0-4698-a209-43ffb553a279" | ||||
| 359 | }, | ||||
| 360 | { | ||||
| 361 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 362 | "code": "2_PR.IP-10", | ||||
| 363 | "label": "Response and recovery plans are tested", | ||||
| 364 | "uuid": "e4f85702-5874-4361-beec-45d00b379c5b" | ||||
| 365 | }, | ||||
| 366 | { | ||||
| 367 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 368 | "code": "2_PR.IP-11", | ||||
| 369 | "label": "Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)", | ||||
| 370 | "uuid": "4279b240-b560-4632-a557-9af1322930fd" | ||||
| 371 | }, | ||||
| 372 | { | ||||
| 373 | "category": "Information Protection Processes and Procedures (PR.IP)", | ||||
| 374 | "code": "2_PR.IP-12", | ||||
| 375 | "label": "A vulnerability management plan is developed and implemented", | ||||
| 376 | "uuid": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c" | ||||
| 377 | }, | ||||
| 378 | { | ||||
| 379 | "category": "Maintenance (PR.MA)", | ||||
| 380 | "code": "2_PR.MA-1", | ||||
| 381 | "label": "Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools", | ||||
| 382 | "uuid": "6da92eea-2f74-458f-a643-361df7ea9f2f" | ||||
| 383 | }, | ||||
| 384 | { | ||||
| 385 | "category": "Maintenance (PR.MA)", | ||||
| 386 | "code": "2_PR.MA-2", | ||||
| 387 | "label": "Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access", | ||||
| 388 | "uuid": "831f20de-eadb-44a7-82f3-fcb116d8cb69" | ||||
| 389 | }, | ||||
| 390 | { | ||||
| 391 | "category": "Protective Technology (PR.PT)", | ||||
| 392 | "code": "2_PR.PT-1", | ||||
| 393 | "label": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy", | ||||
| 394 | "uuid": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a" | ||||
| 395 | }, | ||||
| 396 | { | ||||
| 397 | "category": "Protective Technology (PR.PT)", | ||||
| 398 | "code": "2_PR.PT-2", | ||||
| 399 | "label": "Removable media is protected and its use restricted according to policy", | ||||
| 400 | "uuid": "0f278ef8-3a97-4e0e-bc30-66d530bdea47" | ||||
| 401 | }, | ||||
| 402 | { | ||||
| 403 | "category": "Protective Technology (PR.PT)", | ||||
| 404 | "code": "2_PR.PT-3", | ||||
| 405 | "label": "Access to systems and assets is controlled, incorporating the principle of least functionality", | ||||
| 406 | "uuid": "02cc6244-c9d8-4db1-aeb3-a05933207c9d" | ||||
| 407 | }, | ||||
| 408 | { | ||||
| 409 | "category": "Protective Technology (PR.PT)", | ||||
| 410 | "code": "2_PR.PT-4", | ||||
| 411 | "label": "Communications and control networks are protected", | ||||
| 412 | "uuid": "6b2a7cc7-c35a-4020-92d8-5935e1229676" | ||||
| 413 | }, | ||||
| 414 | { | ||||
| 415 | "category": "Protective Technology (PR.PT)", | ||||
| 416 | "code": "2_PR.PT-5", | ||||
| 417 | "label": "Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations", | ||||
| 418 | "uuid": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e" | ||||
| 419 | }, | ||||
| 420 | { | ||||
| 421 | "category": "Anomalies and Events (DE.AE)", | ||||
| 422 | "code": "3_DE.AE-1", | ||||
| 423 | "label": "A baseline of network operations and expected data flows for users and systems is established and managed", | ||||
| 424 | "uuid": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f" | ||||
| 425 | }, | ||||
| 426 | { | ||||
| 427 | "category": "Anomalies and Events (DE.AE)", | ||||
| 428 | "code": "3_DE.AE-2", | ||||
| 429 | "label": "Detected events are analyzed to understand attack targets and methods", | ||||
| 430 | "uuid": "69f50c12-9eab-4305-be4f-97a2002ccc0c" | ||||
| 431 | }, | ||||
| 432 | { | ||||
| 433 | "category": "Anomalies and Events (DE.AE)", | ||||
| 434 | "code": "3_DE.AE-3", | ||||
| 435 | "label": "Event data are aggregated and correlated from multiple sources and sensors", | ||||
| 436 | "uuid": "31dc508e-664e-4173-8757-00ec985115c8" | ||||
| 437 | }, | ||||
| 438 | { | ||||
| 439 | "category": "Anomalies and Events (DE.AE)", | ||||
| 440 | "code": "3_DE.AE-4", | ||||
| 441 | "label": "Impact of events is determined", | ||||
| 442 | "uuid": "3f6e72ed-2984-452d-badd-5563acbf0450" | ||||
| 443 | }, | ||||
| 444 | { | ||||
| 445 | "category": "Anomalies and Events (DE.AE)", | ||||
| 446 | "code": "3_DE.AE-5", | ||||
| 447 | "label": "Incident alert thresholds are established", | ||||
| 448 | "uuid": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6" | ||||
| 449 | }, | ||||
| 450 | { | ||||
| 451 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 452 | "code": "3_DE.CM-1", | ||||
| 453 | "label": "The network is monitored to detect potential cybersecurity events", | ||||
| 454 | "uuid": "9b355a55-73ce-4d55-8016-d93e3c555a55" | ||||
| 455 | }, | ||||
| 456 | { | ||||
| 457 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 458 | "code": "3_DE.CM-2", | ||||
| 459 | "label": "The physical environment is monitored to detect potential cybersecurity events", | ||||
| 460 | "uuid": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35" | ||||
| 461 | }, | ||||
| 462 | { | ||||
| 463 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 464 | "code": "3_DE.CM-3", | ||||
| 465 | "label": "Personnel activity is monitored to detect potential cybersecurity events", | ||||
| 466 | "uuid": "a8f83595-0327-4e24-9557-0e8d9b82856f" | ||||
| 467 | }, | ||||
| 468 | { | ||||
| 469 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 470 | "code": "3_DE.CM-4", | ||||
| 471 | "label": "Malicious code is detected", | ||||
| 472 | "uuid": "70e202bf-2270-4daf-8fb5-4f6fb10de979" | ||||
| 473 | }, | ||||
| 474 | { | ||||
| 475 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 476 | "code": "3_DE.CM-5", | ||||
| 477 | "label": "Unauthorized mobile code is detected", | ||||
| 478 | "uuid": "54eeaae4-2b82-43ce-9a61-40d453116d8d" | ||||
| 479 | }, | ||||
| 480 | { | ||||
| 481 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 482 | "code": "3_DE.CM-6", | ||||
| 483 | "label": "External service provider activity is monitored to detect potential cybersecurity events", | ||||
| 484 | "uuid": "bbb99e89-ee33-46fc-bc03-1582631210c4" | ||||
| 485 | }, | ||||
| 486 | { | ||||
| 487 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 488 | "code": "3_DE.CM-7", | ||||
| 489 | "label": "Monitoring for unauthorized personnel, connections, devices, and software is performed", | ||||
| 490 | "uuid": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" | ||||
| 491 | }, | ||||
| 492 | { | ||||
| 493 | "category": "Security Continuous Monitoring (DE.CM)", | ||||
| 494 | "code": "3_DE.CM-8", | ||||
| 495 | "label": "Vulnerability scans are performed", | ||||
| 496 | "uuid": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be" | ||||
| 497 | }, | ||||
| 498 | { | ||||
| 499 | "category": "Detection Processes (DE.DP)", | ||||
| 500 | "code": "3_DE.DP-1", | ||||
| 501 | "label": "Roles and responsibilities for detection are well defined to ensure accountability", | ||||
| 502 | "uuid": "48a13f85-a811-43fa-a0e8-89f67fb2743f" | ||||
| 503 | }, | ||||
| 504 | { | ||||
| 505 | "category": "Detection Processes (DE.DP)", | ||||
| 506 | "code": "3_DE.DP-2", | ||||
| 507 | "label": "Detection activities comply with all applicable requirements", | ||||
| 508 | "uuid": "f9d1a926-5d39-4123-8b83-a94c21ff18e5" | ||||
| 509 | }, | ||||
| 510 | { | ||||
| 511 | "category": "Detection Processes (DE.DP)", | ||||
| 512 | "code": "3_DE.DP-3", | ||||
| 513 | "label": "Detection processes are tested", | ||||
| 514 | "uuid": "23e4c883-c358-4b64-8d7e-249c67b7f1f2" | ||||
| 515 | }, | ||||
| 516 | { | ||||
| 517 | "category": "Detection Processes (DE.DP)", | ||||
| 518 | "code": "3_DE.DP-4", | ||||
| 519 | "label": "Event detection information is communicated to appropriate parties", | ||||
| 520 | "uuid": "025611cb-8431-4a9c-a88c-039141472418" | ||||
| 521 | }, | ||||
| 522 | { | ||||
| 523 | "category": "Detection Processes (DE.DP)", | ||||
| 524 | "code": "3_DE.DP-5", | ||||
| 525 | "label": "Detection processes are continuously improved", | ||||
| 526 | "uuid": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9" | ||||
| 527 | }, | ||||
| 528 | { | ||||
| 529 | "category": "Response Planning (RS.RP)", | ||||
| 530 | "code": "4_RS.RP-1", | ||||
| 531 | "label": "Response plan is executed during or after an event", | ||||
| 532 | "uuid": "b237b4b1-a21a-4122-b4c8-e068ad58ef21" | ||||
| 533 | }, | ||||
| 534 | { | ||||
| 535 | "category": "Communications (RS.CO)", | ||||
| 536 | "code": "4_RS.CO-1", | ||||
| 537 | "label": "Personnel know their roles and order of operations when a response is needed", | ||||
| 538 | "uuid": "cce52cf2-aa85-4f33-8cb8-b0508f452c25" | ||||
| 539 | }, | ||||
| 540 | { | ||||
| 541 | "category": "Communications (RS.CO)", | ||||
| 542 | "code": "4_RS.CO-2", | ||||
| 543 | "label": "Events are reported consistent with established criteria", | ||||
| 544 | "uuid": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a" | ||||
| 545 | }, | ||||
| 546 | { | ||||
| 547 | "category": "Communications (RS.CO)", | ||||
| 548 | "code": "4_RS.CO-3", | ||||
| 549 | "label": "Information is shared consistent with response plans", | ||||
| 550 | "uuid": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68" | ||||
| 551 | }, | ||||
| 552 | { | ||||
| 553 | "category": "Communications (RS.CO)", | ||||
| 554 | "code": "4_RS.CO-4", | ||||
| 555 | "label": "Coordination with stakeholders occurs consistent with response plans", | ||||
| 556 | "uuid": "34a2e449-b69d-4f75-a548-8c5faee598b5" | ||||
| 557 | }, | ||||
| 558 | { | ||||
| 559 | "category": "Communications (RS.CO)", | ||||
| 560 | "code": "4_RS.CO-5", | ||||
| 561 | "label": "Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness", | ||||
| 562 | "uuid": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf" | ||||
| 563 | }, | ||||
| 564 | { | ||||
| 565 | "category": "Analysis (RS.AN)", | ||||
| 566 | "code": "4_RS.AN-1", | ||||
| 567 | "label": "Notifications from detection systems are investigated", | ||||
| 568 | "uuid": "e6ab0d96-2ced-445d-a19f-97710b2cc346" | ||||
| 569 | }, | ||||
| 570 | { | ||||
| 571 | "category": "Analysis (RS.AN)", | ||||
| 572 | "code": "4_RS.AN-2", | ||||
| 573 | "label": "The impact of the incident is understood", | ||||
| 574 | "uuid": "0c7c3558-9c78-4bcc-816b-9123c899b653" | ||||
| 575 | }, | ||||
| 576 | { | ||||
| 577 | "category": "Analysis (RS.AN)", | ||||
| 578 | "code": "4_RS.AN-3", | ||||
| 579 | "label": "Forensics are performed", | ||||
| 580 | "uuid": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a" | ||||
| 581 | }, | ||||
| 582 | { | ||||
| 583 | "category": "Analysis (RS.AN)", | ||||
| 584 | "code": "4_RS.AN-4", | ||||
| 585 | "label": "Incidents are categorized consistent with response plans", | ||||
| 586 | "uuid": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94" | ||||
| 587 | }, | ||||
| 588 | { | ||||
| 589 | "category": "Analysis (RS.AN)", | ||||
| 590 | "code": "4_RS.AN-5", | ||||
| 591 | "label": "Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)", | ||||
| 592 | "uuid": "83c3ab70-566c-4bbe-a3b8-940d9fbb5ad7" | ||||
| 593 | }, | ||||
| 594 | { | ||||
| 595 | "category": "Mitigation (RS.MI)", | ||||
| 596 | "code": "4_RS.MI-1", | ||||
| 597 | "label": "Incidents are contained", | ||||
| 598 | "uuid": "2736e702-38ef-439d-9e8b-989ef56f8735" | ||||
| 599 | }, | ||||
| 600 | { | ||||
| 601 | "category": "Mitigation (RS.MI)", | ||||
| 602 | "code": "4_RS.MI-2", | ||||
| 603 | "label": "Incidents are mitigated", | ||||
| 604 | "uuid": "e94941eb-31da-40e0-b944-07c43233e7c0" | ||||
| 605 | }, | ||||
| 606 | { | ||||
| 607 | "category": "Mitigation (RS.MI)", | ||||
| 608 | "code": "4_RS.MI-3", | ||||
| 609 | "label": "Newly identified vulnerabilities are mitigated or documented as accepted risks", | ||||
| 610 | "uuid": "0de24c0a-53cb-4481-9b8d-fccc252e4f03" | ||||
| 611 | }, | ||||
| 612 | { | ||||
| 613 | "category": "Improvements (RS.IM)", | ||||
| 614 | "code": "4_RS.IM-1", | ||||
| 615 | "label": "Response plans incorporate lessons learned", | ||||
| 616 | "uuid": "01314572-becc-4780-945f-9ed3a40af900" | ||||
| 617 | }, | ||||
| 618 | { | ||||
| 619 | "category": "Improvements (RS.IM)", | ||||
| 620 | "code": "4_RS.IM-2", | ||||
| 621 | "label": "Response strategies are updated", | ||||
| 622 | "uuid": "f0753789-bcc3-4f66-9bb5-b6179bb367de" | ||||
| 623 | }, | ||||
| 624 | { | ||||
| 625 | "category": "Recovery Planning (RC.RP)", | ||||
| 626 | "code": "5_RC.RP-1", | ||||
| 627 | "label": "Recovery plan is executed during or after an event", | ||||
| 628 | "uuid": "0d124100-372e-429b-9e2f-d12211f005e1" | ||||
| 629 | }, | ||||
| 630 | { | ||||
| 631 | "category": "Improvements (RC.IM)", | ||||
| 632 | "code": "5_RC.IM-1", | ||||
| 633 | "label": "Recovery plans incorporate lessons learned", | ||||
| 634 | "uuid": "52ab8937-c260-4cf3-a807-ce1381afa4c9" | ||||
| 635 | }, | ||||
| 636 | { | ||||
| 637 | "category": "Improvements (RC.IM)", | ||||
| 638 | "code": "5_RC.IM-2", | ||||
| 639 | "label": "Recovery strategies are updated", | ||||
| 640 | "uuid": "421b5608-0f1d-4de5-b646-ff9538f8493f" | ||||
| 641 | }, | ||||
| 642 | { | ||||
| 643 | "category": "Communications (RC.CO)", | ||||
| 644 | "code": "5_RC.CO-1", | ||||
| 645 | "label": "Public relations are managed", | ||||
| 646 | "uuid": "771e3059-9eb4-4313-94b4-f0e8fa102498" | ||||
| 647 | }, | ||||
| 648 | { | ||||
| 649 | "category": "Communications (RC.CO)", | ||||
| 650 | "code": "5_RC.CO-2", | ||||
| 651 | "label": "Reputation after an event is repaired", | ||||
| 652 | "uuid": "ecde2384-2cdb-46cc-9a15-37ea9ee175ee" | ||||
| 653 | }, | ||||
| 654 | { | ||||
| 655 | "category": "Communications (RC.CO)", | ||||
| 656 | "code": "5_RC.CO-3", | ||||
| 657 | "label": "Recovery activities are communicated to internal stakeholders and executive and management teams", | ||||
| 658 | "uuid": "c8de5e1f-7893-42b3-852d-fa4f79bc68fa" | ||||
| 659 | } | ||||
| 660 | ], | ||||
| 661 | "version": 1, | ||||
| 662 | "version_ext": "1.1" | ||||
| 663 | } |