IT Security: GSA's latest product and service mapping against the NIST Cybersecurity Framework
NIST Cybersecurity Framework (CSF)
The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity [PDF - 834 KB] (known as the NIST Cybersecurity Framework) organizes basic cybersecurity activities at their highest level, known as Functions.
These Functions are: Identify, Protect, Detect, Respond, and Recover. They aid an organization in managing cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and learning from previous activities.
Categories are subdivisions of a Function. They group cybersecurity outcomes closely tied to programmatic needs and particular activities.
Cybersecurity Framework Functions
Identify - Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
Categories - Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy.
Protect - Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Categories - Access Control, Awareness & Training, Data Security, Info Protection & Procedures, Maintenance.
Detect - Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Categories - Anomalies & Events, Security Continuous Monitoring, Detection Process.
Respond - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Categories - Response Planning, Communications, Analysis, Mitigation, Improvements.
Recover - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Categories - Response Planning, Communications, Analysis, Mitigation, Improvements.
Cybersecurity Framework Product and Service Providers
GSA provides access to products and services related to these CSF Functions and Categories through the following IT Security Subcategory related SINs:
- Highly Adaptive Cybersecurity Services (HACS) SIN for IT Security Services.
- Continuous Diagnostics and Mitigation (CDM) Tools SIN for IT Security Products.
Groups audience:
Views: 1049
The purpose of this community is to provide a place where customers and industry partners can engage and discuss Cybersecurity related topics.... More
Download the Cybersecurity Terms & Definitions for Acquisition guide.
Visit the HACS SIN website to find high quality cybersecurity services to meet your needs:
- High Value Asset (HVA) Assessments
- Risk and Vulnerability Assessment (RVA)
- Cyber Hunt
- Incident Response
- Penetration Testing
-
dougdubois -
hdagnachew
-
MJamison