SlideShare a Scribd company logo

NIST Cybersecurity Framework building a checklist.pdf

โ€ข
โ€ข
I
infosecTrain

Building a robust cybersecurity framework is critical for protecting your organization from cyber threats. Swipe this checklist based on the ๐๐ˆ๐’๐“ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐…๐ซ๐š๐ฆ๐ž๐ฐ๐จ๐ซ๐ค to help you enhance your cybersecurity posture. Regularly review and update your cybersecurity practices to stay resilient against evolving threats. More Information - https://www.infosectrain.com/blog/nist-cybersecurity-framework/

Education
1 of 8
Download to read offline
Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.AM: Asset Management ID.AM.1 The organization conducts an inventory of physical devices and systems. To reflect changes in the infrastructure, ensure that the organization establishes and consistently updates an inventory encompassing all physical devices and systems. Documentation detailing the inventory records of physical devices and systems, including the procedures for maintaining and updating this inventory, should be created. ID.AM.2 The organization maintains an inventory of software platforms and applications in use. Check if the organization established and upheld a record of all software platforms and applications. Ensure that the inventory is constantly refreshed to reflect alterations in software assets. Documents covering inventory records of software platforms and applications, along with protocols detailing the maintenance and updating procedures for the software inventory. ID.AM.3 Communication pathways and data flows within the organization are charted or mapped out. Confirm that the organization mapped its communication and data flows to comprehend information transmission and storage and regularly reviewed and updated these maps. Provide documentation illustrating communication and data flow diagrams accompanied by an outline of the mapping and updating process. ID.AM.4 External information systems are listed or inventoried. Check that the organization compiled all external information systems interacting with its network or data and consistently updated the catalog to reflect any changes in these external systems. Provide an inventory of external information systems along with documentation detailing the procedure for cataloging and updating these external systems. ID.AM.5 Assets such as hardware, devices, data, time, personnel, and software are ranked according to their classification, criticality, and business significance to determine their prioritization. Ensure that the organization categorizes its resources according to their classification, criticality, and business value and establishes criteria for prioritizing them. Document the resource categorization and prioritization, including documentation specifying the criteria employed for prioritization. ID.AM.6 Roles and responsibilities in cybersecurity are defined for the entire workforce and external stakeholders, including suppliers, customers, and partners. Ensure that cybersecurity roles and responsibilities have been outlined for all employees and third-party stakeholders and that they have been documented and communicated. Documentation outlining cybersecurity roles and responsibilities should be kept alongside communication records and training on these specific roles and responsibilities. www.infosectrain.com I sales@infosectrain.com
Funtions Functions Specified by NIST Implementation of Function Expected Results Identify ID.BE: Business Environment ID.BE.1 The organization recognized and conveyed its role within the supply chain. Verify that the organization has acknowledged its position within the supply chain and has successfully communicated these designated roles internally and to relevant stakeholders. Documentation delineating the organizationโ€™s position in the supply chain, along with records of communications related to these supply chain roles. ID.BE.2 The organization identified and communicated its position within critical infrastructure and industry sectors. Confirm that the organization identified its role in critical infrastructure and industry sectors and effectively communicated this information internally and to relevant parties. Provide documentation detailing the organizationโ€™s placement in critical infrastructure and industry sectors, alongside records of communications concerning this positioning within critical infrastructure and industry sectors. ID.BE.3 The organization has set and conveyed priorities for its mission, objectives, and activities. Confirm whether the organization has set, documented, and efficiently communicated its priorities for its mission, objectives, and activities to relevant personnel and stakeholders. Documentation outlining the priorities for the organizationโ€™s mission, objectives, and activities, along with records of communications about these priorities. ID.BE.4 Ensure that dependencies and essential functions necessary for providing critical services are identified and established. Ensure the organization has identified, documented, and regularly reviewed dependencies and essential functions for delivering critical services. Documentation listing dependencies, basic procedures, and records documenting regular reviews and updates should be maintained. ID.BE.5 Resilience must facilitate delivering critical services determined for all operational conditions (such as under stress or attack, during recovery, and normal operations). Ensure that resilience requirements for essential services across various operational states- such as during attack, recovery, and normal operations- have been established, documented, and integrated into the organizationโ€™s processes and procedures. Document resilience requirements for critical services in diverse operational states, integrated into relevant processes and procedures. www.infosectrain.com I sales@infosectrain.com
Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.GV: Governance ID.GV.1 A cybersecurity policy for the organization has been created and shared. Confirm the existence of a comprehensive cybersecurity policy document that covers roles, responsibilities, compliance, and cybersecurity measures, and ensure thereโ€™s a documented procedure for sharing it with all employees and relevant external parties. The cybersecurity policy document includes records indicating its distribution, employee acknowledgment receipts, briefing minutes, training materials, and attendance records demonstrating policy communication. ID.GV.2 Roles and responsibilities in cybersecurity are synchronized and matched with internal positions and external partners. Verify that cybersecurity roles and responsibilities within the organization are clearly defined, that there is documented coordination between internal and external roles, and that these roles and responsibilities are regularly reviewed and updated. Job descriptions detailing cybersecurity responsibilities, along with contracts or Service Level Agreements (SLAs) with third parties delineating cybersecurity roles, in addition to documented records of meetings or communications related to role coordination. ID.GV.3 The organization comprehends and effectively handles cybersecurity legal and regulatory obligations, encompassing responsibilities for privacy and civil liberties. Identify and ensure compliance with all pertinent legal and regulatory requirements. Implement policies and procedures to manage adherence while verifying consistent training and updates on changes within these laws and regulations. Consolidate compliance checklists or matrices outlining requirements, documented procedures and controls for compliance, and training logs and materials covering legal and regulatory requirements. ID.GV.4 Governance and risk management procedures effectively manage cybersecurity risks. Assess the alignment of risk management governance with cybersecurity risks, review procedures for identifying and mitigating cybersecurity risks, and confirm the integration of these risks into the organizationโ€™s overall risk management approach. Consolidate risk management policies and procedures, risk assessment reports, risk treatment plans, and meeting minutes or reports demonstrating the incorporation of cybersecurity risk into the enterprise risk management framework. www.infosectrain.com I sales@infosectrain.com
Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.RA: Risk Assessment ID.RA.1 Identify and document vulnerabilities related to assets. Verify the existence of an asset inventory,and ensure regular performance of vulnerability scans, and documentation and evaluation of identified vulnerabilities. Create a comprehensive asset inventory, vulnerability scan reports, and documented assessments of identified vulnerabilities. ID.RA.2 Information on cyber threats is acquired from forums and various sources for intelligence gathering. Evaluate the organizationโ€™s involvement in cyber threat intelligence-sharing platforms, examine the procedure for receiving and distributing threat intelligence, and assess how the acquired intelligence influences security practices. Evidence of membership in information-sharing forums, with records of received threat intelligence and documented utilization of intelligence within the organizationโ€™s cybersecurity strategy, should be present. ID.RA.3 Internal and external threats are recognized and recorded. Confirm the existence of a threat identification methodology, review documented records of identified threats, and ensure comprehensive consideration of internal and external threats. Consolidate threat assessment reports or logs, documentation detailing the threat identification process, and records of identified internal and external threats. ID.RA.4 Potential consequences for the business, and their probabilities are determined. Verify the presence of a procedure for assessing potential threat impacts, evaluate the probability of threat occurrence, and examine the integration of these assessments into the overarching risk management strategy. Consolidate business impact analysis reports, documentation of probability assessments, and risk analysis reports that combine impact and likelihood assessments. ID.RA.5 Risk is assessed by considering threats, vulnerabilities, probabilities, and impacts. Evaluate the incorporation of threat, vulnerability, impact, and likelihood data into the risk assessment procedure, ensure the completion of comprehensive risk assessments integrating these elements, and review the process of updating and reflecting this information in risk documentation. Merge comprehensive risk assessment reports with risk matrices or dashboards displaying the amalgamation of these elements alongside change logs or updates reflecting the evolution of risk assessments over time. ID.RA.6 Identify and rank risk responses based on priority. Confirm the presence of documented risk responses, examine the criteria used to prioritize these responses, and ensure the risk response process remains adaptable and responsive to shifts in the risk environment. Consolidate risk response plans or procedures, documentation outlining the prioritization of risk responses, and records demonstrating the implementation and modifications of risk responses. www.infosectrain.com I sales@infosectrain.com
Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.RM: Risk Management Strategy ID.RM.1 Organizational stakeholders establish, manage, and consent to the risk management processes in place. ๏‚ฉ Validate the presence of established formal procedures for managing risks within the organization. ๏‚ฉ Examine documentation to ensure a well-defined and widely communicated risk management process. ๏‚ฉ Verify stakeholder involvement in risk management through meeting records or documented decisions. ๏‚ฉ Confirm clear assignment and comprehension of roles and responsibilities related to risk management. ๏‚ฉ Evaluate the mechanisms used to monitor and review the ongoing management of the risk process. Consolidate risk management policy and procedure documents, meeting minutes reflecting stakeholder engagement, outlining roles and responsibilities for risk management, and records detailing periodic reviews and updates to the risk management process. ID.RM.2 The organization determines and explicitly communicates its risk tolerance. Examine if thereโ€™s a formal declaration or policy outlining the organizationโ€™s risk tolerance, ensuring clear communication and understanding of these levels among those engaged in risk-related decision-making, while reviewing records referencing risk tolerance in decision processes. Consolidate official documentation outlining the organizationโ€™s risk tolerance, supporting evidence of communicated risk tolerance (e.g., emails, training materials), and decision-making records demonstrating the integration of risk tolerance as a factor. www.infosectrain.com I sales@infosectrain.com
www.infosectrain.com I sales@infosectrain.com Functions Specified by NIST Implementation of Function Expected Results Identify ID.SC: Supply Chain Risk Management ID.SC.1 The organizationโ€™s stakeholders identify, establish, assess, manage, and mutually agree upon processes for managing cyber supply chain risks. Ensure documentation and implementation of cyber supply chain risk management (C-SCRM) processes, confirming stakeholder consensus and understanding, reviewing mechanisms for supply chain risk assessment and management while verifying stakeholder engagement in developing and maintaining C-SCRM processes. Consolidate C-SCRM policies and procedures, records demonstrating stakeholder agreement and involvement (e.g., meeting minutes or signed acknowledgments), and supply chain-related risk assessment documentation. ID.SC.2 The cyber supply chain risk assessment process identifies, prioritizes, and evaluates suppliers and third-party partners providing information systems, components, and services. Confirm the existence of a comprehensive list detailing all suppliers and third-party partners and their provided services or components, coupled with a documented risk assessment process for these entities; prioritize suppliers based on the criticality of their service or component to the organization. Combine the inventory of suppliers and third- party partners, cyber supply chain risk assessment reports, and documented evidence detailing the prioritization of suppliers according to assessed risks. ID.SC.3 Agreements with suppliers and third- party partners are employed to enact suitable measures to fulfill the goals of an organizationโ€™s cybersecurity program and Cyber Supply Chain Risk Management Plan. Examine contracts to verify the inclusion of cybersecurity requisites consistent with the organizationโ€™s cybersecurity program, ensure that clauses are present outlining Cyber Supply Chain Risk Management (C-SCRM) objectives, and confirm service level agreements (SLAs) that articulate cybersecurity expectations. Consolidate copies of contracts containing cybersecurity clauses, Service Level Agreements (SLAs) specifying cybersecurity requirements, and a Cyber Supply Chain Risk Management (C-SCRM) plan delineating the contractual measures to be implemented. ID.SC.4 Regular assessments, including audits, test outcomes, or alternative evaluations, are conducted on suppliers and third-party partners to verify their compliance with contractual obligations. Ensure regular assessments of suppliers and third-party partners align with contractual obligations, reviewing the methods and frequency of these evaluations and verifying the existence of established processes to address identified issues or gaps. Consolidate audit reports, test results, or evaluation documents related to suppliers and third-party partners alongside schedules and procedures for regular assessments while maintaining records of subsequent actions taken upon identification of issues. ID.SC.5 Response and recovery planning and testing are carried out in collaboration with suppliers and third-party providers. Evaluate the integration of suppliers and third-party providers within the organizationโ€™s incident response and recovery plans, reviewing test plans and records to confirm their inclusion, while assessing the response and recovery plansโ€™ effectiveness via testing documentation. Combine incident response and recovery plans outlining roles and responsibilities for suppliers and third parties, test plans and records involving these entities, and after-action reports or improvement plans resulting from joint response and recovery testing.
NIST Cybersecurity Framework building a checklist.pdf

Recommended

Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
ย 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
ย 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
ย 
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdfMicrosoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdfVipulKumar221864
ย 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfElyes ELEBRI
ย 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
ย 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
ย 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1Royalzig Luxury Furniture
ย 

Recommended

Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
ย 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
ย 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
ย 
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdfMicrosoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdfVipulKumar221864
ย 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfElyes ELEBRI
ย 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
ย 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
ย 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1Royalzig Luxury Furniture
ย 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
ย 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policyphanleson
ย 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
ย 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxMuhammadAbdullah311866
ย 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017Josef Sulca Cueva
ย 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfpriyanshamadhwal2
ย 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
ย 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTebonyman0007
ย 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...SBWebinars
ย 
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptx
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptxARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptx
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptxFred Gordy
ย 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Under Controls
ย 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxKinetic Potential
ย 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
ย 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
ย 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?VISTA InfoSec
ย 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
ย 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
ย 
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...IJNSA Journal
ย 
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred ResumeJason Allred, MBA, CISA, CRISC, ITIL v3
ย 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
ย 
SOC Specialist Online Training Course.pdf
SOC Specialist Online Training Course.pdfSOC Specialist Online Training Course.pdf
SOC Specialist Online Training Course.pdfinfosecTrain
ย 
CISSP Domain 1 Security and Risk Management.pdf
CISSP Domain 1 Security and Risk Management.pdfCISSP Domain 1 Security and Risk Management.pdf
CISSP Domain 1 Security and Risk Management.pdfinfosecTrain
ย 

More Related Content

Similar to NIST Cybersecurity Framework building a checklist.pdf

ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
ย 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policyphanleson
ย 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
ย 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxMuhammadAbdullah311866
ย 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfpriyanshamadhwal2
ย 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
ย 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTebonyman0007
ย 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...SBWebinars
ย 
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptx
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptxARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptx
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptxFred Gordy
ย 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Under Controls
ย 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxKinetic Potential
ย 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
ย 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
ย 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?VISTA InfoSec
ย 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
ย 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
ย 
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...IJNSA Journal
ย 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
ย 

Similar to NIST Cybersecurity Framework building a checklist.pdf (20)

ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docx
ย 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
ย 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptx
ย 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptx
ย 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
ย 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
ย 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
ย 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NIST
ย 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
ย 
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptx
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptxARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptx
ARE YOU READY FOR A CYBER EVENT - ASK YOURSELF THESE QUESTIONS.pptx
ย 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
ย 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
ย 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
ย 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
ย 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
ย 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
ย 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
ย 
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
ย 
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred Resume
ย 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
ย 

More from infosecTrain

SOC Specialist Online Training Course.pdf
SOC Specialist Online Training Course.pdfSOC Specialist Online Training Course.pdf
SOC Specialist Online Training Course.pdfinfosecTrain
ย 
CISSP Domain 1 Security and Risk Management.pdf
CISSP Domain 1 Security and Risk Management.pdfCISSP Domain 1 Security and Risk Management.pdf
CISSP Domain 1 Security and Risk Management.pdfinfosecTrain
ย 
THE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdf
THE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdfTHE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdf
THE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdfinfosecTrain
ย 
Elevate your privacy knowledge with Cipt certification training.pdf
Elevate your privacy knowledge with Cipt certification training.pdfElevate your privacy knowledge with Cipt certification training.pdf
Elevate your privacy knowledge with Cipt certification training.pdfinfosecTrain
ย 
Audit Scenario Based Interview Questions.pdf
Audit Scenario Based Interview Questions.pdfAudit Scenario Based Interview Questions.pdf
Audit Scenario Based Interview Questions.pdfinfosecTrain
ย 
Understanding DNS Cache Poisoning: Threats and Countermeasures
Understanding DNS Cache Poisoning: Threats and CountermeasuresUnderstanding DNS Cache Poisoning: Threats and Countermeasures
Understanding DNS Cache Poisoning: Threats and CountermeasuresinfosecTrain
ย 
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...infosecTrain
ย 
An Introduction of CompTIA Security+ (SY0-701) Domain 1.pdf
An Introduction of CompTIA Security+ (SY0-701) Domain 1.pdfAn Introduction of CompTIA Security+ (SY0-701) Domain 1.pdf
An Introduction of CompTIA Security+ (SY0-701) Domain 1.pdfinfosecTrain
ย 
Top 10 Cyber Attacks of 2024: Trends, Impacts, and Responses
Top 10 Cyber Attacks of 2024: Trends, Impacts, and ResponsesTop 10 Cyber Attacks of 2024: Trends, Impacts, and Responses
Top 10 Cyber Attacks of 2024: Trends, Impacts, and ResponsesinfosecTrain
ย 
Stay ahead in 2024 with These Cybersecurity.pdf
Stay ahead in 2024 with These Cybersecurity.pdfStay ahead in 2024 with These Cybersecurity.pdf
Stay ahead in 2024 with These Cybersecurity.pdfinfosecTrain
ย 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfinfosecTrain
ย 
Cloud Vs. local Storage - Choose Your Data Destination.pdf
Cloud Vs. local Storage - Choose Your Data Destination.pdfCloud Vs. local Storage - Choose Your Data Destination.pdf
Cloud Vs. local Storage - Choose Your Data Destination.pdfinfosecTrain
ย 
Interpreting the Malicious Mind Motive Behind Cyberattacks.pdf
Interpreting the Malicious Mind Motive Behind Cyberattacks.pdfInterpreting the Malicious Mind Motive Behind Cyberattacks.pdf
Interpreting the Malicious Mind Motive Behind Cyberattacks.pdfinfosecTrain
ย 
Data Privacy Challenges & Solution -InfosecTrain
Data Privacy Challenges & Solution -InfosecTrainData Privacy Challenges & Solution -InfosecTrain
Data Privacy Challenges & Solution -InfosecTraininfosecTrain
ย 
Free Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfFree Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfinfosecTrain
ย 
GRC (Governance, Risk, and Compliance) Hands-On Online Training.pdf
GRC (Governance, Risk, and Compliance) Hands-On Online Training.pdfGRC (Governance, Risk, and Compliance) Hands-On Online Training.pdf
GRC (Governance, Risk, and Compliance) Hands-On Online Training.pdfinfosecTrain
ย 
Roadmap to Certified Ethical Hacker (v12) Certification Training..pdf
Roadmap to Certified Ethical Hacker (v12) Certification Training..pdfRoadmap to Certified Ethical Hacker (v12) Certification Training..pdf
Roadmap to Certified Ethical Hacker (v12) Certification Training..pdfinfosecTrain
ย 
PMPยฎ Certification Online training Course..pdf
PMPยฎ Certification Online training Course..pdfPMPยฎ Certification Online training Course..pdf
PMPยฎ Certification Online training Course..pdfinfosecTrain
ย 
Third-party information security assessment Check list.pdf
Third-party information security assessment Check list.pdfThird-party information security assessment Check list.pdf
Third-party information security assessment Check list.pdfinfosecTrain
ย 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...infosecTrain
ย 

More from infosecTrain (20)

SOC Specialist Online Training Course.pdf
SOC Specialist Online Training Course.pdfSOC Specialist Online Training Course.pdf
SOC Specialist Online Training Course.pdf
ย 
CISSP Domain 1 Security and Risk Management.pdf
CISSP Domain 1 Security and Risk Management.pdfCISSP Domain 1 Security and Risk Management.pdf
CISSP Domain 1 Security and Risk Management.pdf
ย 
THE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdf
THE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdfTHE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdf
THE DATA DEFENSE SQUAD TOOLS FOR SECURITY.pdf
ย 
Elevate your privacy knowledge with Cipt certification training.pdf
Elevate your privacy knowledge with Cipt certification training.pdfElevate your privacy knowledge with Cipt certification training.pdf
Elevate your privacy knowledge with Cipt certification training.pdf
ย 
Audit Scenario Based Interview Questions.pdf
Audit Scenario Based Interview Questions.pdfAudit Scenario Based Interview Questions.pdf
Audit Scenario Based Interview Questions.pdf
ย 
Understanding DNS Cache Poisoning: Threats and Countermeasures
Understanding DNS Cache Poisoning: Threats and CountermeasuresUnderstanding DNS Cache Poisoning: Threats and Countermeasures
Understanding DNS Cache Poisoning: Threats and Countermeasures
ย 
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
ย 
An Introduction of CompTIA Security+ (SY0-701) Domain 1.pdf
An Introduction of CompTIA Security+ (SY0-701) Domain 1.pdfAn Introduction of CompTIA Security+ (SY0-701) Domain 1.pdf
An Introduction of CompTIA Security+ (SY0-701) Domain 1.pdf
ย 
Top 10 Cyber Attacks of 2024: Trends, Impacts, and Responses
Top 10 Cyber Attacks of 2024: Trends, Impacts, and ResponsesTop 10 Cyber Attacks of 2024: Trends, Impacts, and Responses
Top 10 Cyber Attacks of 2024: Trends, Impacts, and Responses
ย 
Stay ahead in 2024 with These Cybersecurity.pdf
Stay ahead in 2024 with These Cybersecurity.pdfStay ahead in 2024 with These Cybersecurity.pdf
Stay ahead in 2024 with These Cybersecurity.pdf
ย 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
ย 
Cloud Vs. local Storage - Choose Your Data Destination.pdf
Cloud Vs. local Storage - Choose Your Data Destination.pdfCloud Vs. local Storage - Choose Your Data Destination.pdf
Cloud Vs. local Storage - Choose Your Data Destination.pdf
ย 
Interpreting the Malicious Mind Motive Behind Cyberattacks.pdf
Interpreting the Malicious Mind Motive Behind Cyberattacks.pdfInterpreting the Malicious Mind Motive Behind Cyberattacks.pdf
Interpreting the Malicious Mind Motive Behind Cyberattacks.pdf
ย 
Data Privacy Challenges & Solution -InfosecTrain
Data Privacy Challenges & Solution -InfosecTrainData Privacy Challenges & Solution -InfosecTrain
Data Privacy Challenges & Solution -InfosecTrain
ย 
Free Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfFree Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdf
ย 
GRC (Governance, Risk, and Compliance) Hands-On Online Training.pdf
GRC (Governance, Risk, and Compliance) Hands-On Online Training.pdfGRC (Governance, Risk, and Compliance) Hands-On Online Training.pdf
GRC (Governance, Risk, and Compliance) Hands-On Online Training.pdf
ย 
Roadmap to Certified Ethical Hacker (v12) Certification Training..pdf
Roadmap to Certified Ethical Hacker (v12) Certification Training..pdfRoadmap to Certified Ethical Hacker (v12) Certification Training..pdf
Roadmap to Certified Ethical Hacker (v12) Certification Training..pdf
ย 
PMPยฎ Certification Online training Course..pdf
PMPยฎ Certification Online training Course..pdfPMPยฎ Certification Online training Course..pdf
PMPยฎ Certification Online training Course..pdf
ย 
Third-party information security assessment Check list.pdf
Third-party information security assessment Check list.pdfThird-party information security assessment Check list.pdf
Third-party information security assessment Check list.pdf
ย 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
ย 

Recently uploaded

Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
ย 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
ย 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
ย 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
ย 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxAmita Gupta
ย 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
ย 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
ย 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
ย 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
ย 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
ย 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
ย 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxdhanalakshmis0310
ย 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxDavid Douglas School District
ย 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
ย 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
ย 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
ย 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
ย 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
ย 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
ย 

Recently uploaded (20)

Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
ย 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
ย 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
ย 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
ย 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
ย 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
ย 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
ย 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
ย 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
ย 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
ย 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
ย 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
ย 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
ย 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
ย 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
ย 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
ย 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
ย 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
ย 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
ย 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
ย 

NIST Cybersecurity Framework building a checklist.pdf

  • 1.
  • 2. Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.AM: Asset Management ID.AM.1 The organization conducts an inventory of physical devices and systems. To reflect changes in the infrastructure, ensure that the organization establishes and consistently updates an inventory encompassing all physical devices and systems. Documentation detailing the inventory records of physical devices and systems, including the procedures for maintaining and updating this inventory, should be created. ID.AM.2 The organization maintains an inventory of software platforms and applications in use. Check if the organization established and upheld a record of all software platforms and applications. Ensure that the inventory is constantly refreshed to reflect alterations in software assets. Documents covering inventory records of software platforms and applications, along with protocols detailing the maintenance and updating procedures for the software inventory. ID.AM.3 Communication pathways and data flows within the organization are charted or mapped out. Confirm that the organization mapped its communication and data flows to comprehend information transmission and storage and regularly reviewed and updated these maps. Provide documentation illustrating communication and data flow diagrams accompanied by an outline of the mapping and updating process. ID.AM.4 External information systems are listed or inventoried. Check that the organization compiled all external information systems interacting with its network or data and consistently updated the catalog to reflect any changes in these external systems. Provide an inventory of external information systems along with documentation detailing the procedure for cataloging and updating these external systems. ID.AM.5 Assets such as hardware, devices, data, time, personnel, and software are ranked according to their classification, criticality, and business significance to determine their prioritization. Ensure that the organization categorizes its resources according to their classification, criticality, and business value and establishes criteria for prioritizing them. Document the resource categorization and prioritization, including documentation specifying the criteria employed for prioritization. ID.AM.6 Roles and responsibilities in cybersecurity are defined for the entire workforce and external stakeholders, including suppliers, customers, and partners. Ensure that cybersecurity roles and responsibilities have been outlined for all employees and third-party stakeholders and that they have been documented and communicated. Documentation outlining cybersecurity roles and responsibilities should be kept alongside communication records and training on these specific roles and responsibilities. www.infosectrain.com I sales@infosectrain.com
  • 3. Funtions Functions Specified by NIST Implementation of Function Expected Results Identify ID.BE: Business Environment ID.BE.1 The organization recognized and conveyed its role within the supply chain. Verify that the organization has acknowledged its position within the supply chain and has successfully communicated these designated roles internally and to relevant stakeholders. Documentation delineating the organizationโ€™s position in the supply chain, along with records of communications related to these supply chain roles. ID.BE.2 The organization identified and communicated its position within critical infrastructure and industry sectors. Confirm that the organization identified its role in critical infrastructure and industry sectors and effectively communicated this information internally and to relevant parties. Provide documentation detailing the organizationโ€™s placement in critical infrastructure and industry sectors, alongside records of communications concerning this positioning within critical infrastructure and industry sectors. ID.BE.3 The organization has set and conveyed priorities for its mission, objectives, and activities. Confirm whether the organization has set, documented, and efficiently communicated its priorities for its mission, objectives, and activities to relevant personnel and stakeholders. Documentation outlining the priorities for the organizationโ€™s mission, objectives, and activities, along with records of communications about these priorities. ID.BE.4 Ensure that dependencies and essential functions necessary for providing critical services are identified and established. Ensure the organization has identified, documented, and regularly reviewed dependencies and essential functions for delivering critical services. Documentation listing dependencies, basic procedures, and records documenting regular reviews and updates should be maintained. ID.BE.5 Resilience must facilitate delivering critical services determined for all operational conditions (such as under stress or attack, during recovery, and normal operations). Ensure that resilience requirements for essential services across various operational states- such as during attack, recovery, and normal operations- have been established, documented, and integrated into the organizationโ€™s processes and procedures. Document resilience requirements for critical services in diverse operational states, integrated into relevant processes and procedures. www.infosectrain.com I sales@infosectrain.com
  • 4. Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.GV: Governance ID.GV.1 A cybersecurity policy for the organization has been created and shared. Confirm the existence of a comprehensive cybersecurity policy document that covers roles, responsibilities, compliance, and cybersecurity measures, and ensure thereโ€™s a documented procedure for sharing it with all employees and relevant external parties. The cybersecurity policy document includes records indicating its distribution, employee acknowledgment receipts, briefing minutes, training materials, and attendance records demonstrating policy communication. ID.GV.2 Roles and responsibilities in cybersecurity are synchronized and matched with internal positions and external partners. Verify that cybersecurity roles and responsibilities within the organization are clearly defined, that there is documented coordination between internal and external roles, and that these roles and responsibilities are regularly reviewed and updated. Job descriptions detailing cybersecurity responsibilities, along with contracts or Service Level Agreements (SLAs) with third parties delineating cybersecurity roles, in addition to documented records of meetings or communications related to role coordination. ID.GV.3 The organization comprehends and effectively handles cybersecurity legal and regulatory obligations, encompassing responsibilities for privacy and civil liberties. Identify and ensure compliance with all pertinent legal and regulatory requirements. Implement policies and procedures to manage adherence while verifying consistent training and updates on changes within these laws and regulations. Consolidate compliance checklists or matrices outlining requirements, documented procedures and controls for compliance, and training logs and materials covering legal and regulatory requirements. ID.GV.4 Governance and risk management procedures effectively manage cybersecurity risks. Assess the alignment of risk management governance with cybersecurity risks, review procedures for identifying and mitigating cybersecurity risks, and confirm the integration of these risks into the organizationโ€™s overall risk management approach. Consolidate risk management policies and procedures, risk assessment reports, risk treatment plans, and meeting minutes or reports demonstrating the incorporation of cybersecurity risk into the enterprise risk management framework. www.infosectrain.com I sales@infosectrain.com
  • 5. Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.RA: Risk Assessment ID.RA.1 Identify and document vulnerabilities related to assets. Verify the existence of an asset inventory,and ensure regular performance of vulnerability scans, and documentation and evaluation of identified vulnerabilities. Create a comprehensive asset inventory, vulnerability scan reports, and documented assessments of identified vulnerabilities. ID.RA.2 Information on cyber threats is acquired from forums and various sources for intelligence gathering. Evaluate the organizationโ€™s involvement in cyber threat intelligence-sharing platforms, examine the procedure for receiving and distributing threat intelligence, and assess how the acquired intelligence influences security practices. Evidence of membership in information-sharing forums, with records of received threat intelligence and documented utilization of intelligence within the organizationโ€™s cybersecurity strategy, should be present. ID.RA.3 Internal and external threats are recognized and recorded. Confirm the existence of a threat identification methodology, review documented records of identified threats, and ensure comprehensive consideration of internal and external threats. Consolidate threat assessment reports or logs, documentation detailing the threat identification process, and records of identified internal and external threats. ID.RA.4 Potential consequences for the business, and their probabilities are determined. Verify the presence of a procedure for assessing potential threat impacts, evaluate the probability of threat occurrence, and examine the integration of these assessments into the overarching risk management strategy. Consolidate business impact analysis reports, documentation of probability assessments, and risk analysis reports that combine impact and likelihood assessments. ID.RA.5 Risk is assessed by considering threats, vulnerabilities, probabilities, and impacts. Evaluate the incorporation of threat, vulnerability, impact, and likelihood data into the risk assessment procedure, ensure the completion of comprehensive risk assessments integrating these elements, and review the process of updating and reflecting this information in risk documentation. Merge comprehensive risk assessment reports with risk matrices or dashboards displaying the amalgamation of these elements alongside change logs or updates reflecting the evolution of risk assessments over time. ID.RA.6 Identify and rank risk responses based on priority. Confirm the presence of documented risk responses, examine the criteria used to prioritize these responses, and ensure the risk response process remains adaptable and responsive to shifts in the risk environment. Consolidate risk response plans or procedures, documentation outlining the prioritization of risk responses, and records demonstrating the implementation and modifications of risk responses. www.infosectrain.com I sales@infosectrain.com
  • 6. Functions Functions Specified by NIST Implementation of Function Expected Results Identify ID.RM: Risk Management Strategy ID.RM.1 Organizational stakeholders establish, manage, and consent to the risk management processes in place. ๏‚ฉ Validate the presence of established formal procedures for managing risks within the organization. ๏‚ฉ Examine documentation to ensure a well-defined and widely communicated risk management process. ๏‚ฉ Verify stakeholder involvement in risk management through meeting records or documented decisions. ๏‚ฉ Confirm clear assignment and comprehension of roles and responsibilities related to risk management. ๏‚ฉ Evaluate the mechanisms used to monitor and review the ongoing management of the risk process. Consolidate risk management policy and procedure documents, meeting minutes reflecting stakeholder engagement, outlining roles and responsibilities for risk management, and records detailing periodic reviews and updates to the risk management process. ID.RM.2 The organization determines and explicitly communicates its risk tolerance. Examine if thereโ€™s a formal declaration or policy outlining the organizationโ€™s risk tolerance, ensuring clear communication and understanding of these levels among those engaged in risk-related decision-making, while reviewing records referencing risk tolerance in decision processes. Consolidate official documentation outlining the organizationโ€™s risk tolerance, supporting evidence of communicated risk tolerance (e.g., emails, training materials), and decision-making records demonstrating the integration of risk tolerance as a factor. www.infosectrain.com I sales@infosectrain.com
  • 7. www.infosectrain.com I sales@infosectrain.com Functions Specified by NIST Implementation of Function Expected Results Identify ID.SC: Supply Chain Risk Management ID.SC.1 The organizationโ€™s stakeholders identify, establish, assess, manage, and mutually agree upon processes for managing cyber supply chain risks. Ensure documentation and implementation of cyber supply chain risk management (C-SCRM) processes, confirming stakeholder consensus and understanding, reviewing mechanisms for supply chain risk assessment and management while verifying stakeholder engagement in developing and maintaining C-SCRM processes. Consolidate C-SCRM policies and procedures, records demonstrating stakeholder agreement and involvement (e.g., meeting minutes or signed acknowledgments), and supply chain-related risk assessment documentation. ID.SC.2 The cyber supply chain risk assessment process identifies, prioritizes, and evaluates suppliers and third-party partners providing information systems, components, and services. Confirm the existence of a comprehensive list detailing all suppliers and third-party partners and their provided services or components, coupled with a documented risk assessment process for these entities; prioritize suppliers based on the criticality of their service or component to the organization. Combine the inventory of suppliers and third- party partners, cyber supply chain risk assessment reports, and documented evidence detailing the prioritization of suppliers according to assessed risks. ID.SC.3 Agreements with suppliers and third- party partners are employed to enact suitable measures to fulfill the goals of an organizationโ€™s cybersecurity program and Cyber Supply Chain Risk Management Plan. Examine contracts to verify the inclusion of cybersecurity requisites consistent with the organizationโ€™s cybersecurity program, ensure that clauses are present outlining Cyber Supply Chain Risk Management (C-SCRM) objectives, and confirm service level agreements (SLAs) that articulate cybersecurity expectations. Consolidate copies of contracts containing cybersecurity clauses, Service Level Agreements (SLAs) specifying cybersecurity requirements, and a Cyber Supply Chain Risk Management (C-SCRM) plan delineating the contractual measures to be implemented. ID.SC.4 Regular assessments, including audits, test outcomes, or alternative evaluations, are conducted on suppliers and third-party partners to verify their compliance with contractual obligations. Ensure regular assessments of suppliers and third-party partners align with contractual obligations, reviewing the methods and frequency of these evaluations and verifying the existence of established processes to address identified issues or gaps. Consolidate audit reports, test results, or evaluation documents related to suppliers and third-party partners alongside schedules and procedures for regular assessments while maintaining records of subsequent actions taken upon identification of issues. ID.SC.5 Response and recovery planning and testing are carried out in collaboration with suppliers and third-party providers. Evaluate the integration of suppliers and third-party providers within the organizationโ€™s incident response and recovery plans, reviewing test plans and records to confirm their inclusion, while assessing the response and recovery plansโ€™ effectiveness via testing documentation. Combine incident response and recovery plans outlining roles and responsibilities for suppliers and third parties, test plans and records involving these entities, and after-action reports or improvement plans resulting from joint response and recovery testing.