Welcome Login

You are here

IT Security: GSA's latest product and service mapping against the NIST Cybersecurity Framework

NIST Cybersecurity Framework (CSF)

The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity [PDF - 834 KB] (known as the NIST Cybersecurity Framework) organizes basic cybersecurity activities at their highest level, known as Functions.

These Functions are: Identify, Protect, Detect, Respond, and Recover. They aid an organization in managing cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and learning from previous activities.

Categories are subdivisions of a Function. They group cybersecurity outcomes closely tied to programmatic needs and particular activities.

Cybersecurity Framework Functions

Identify - Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

Categories - Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy.

Protect - Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

Categories - Access Control, Awareness & Training, Data Security, Info Protection & Procedures, Maintenance.

Detect - Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

Categories - Anomalies & Events, Security Continuous Monitoring, Detection Process.

Respond - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

Categories - Response Planning, Communications, Analysis, Mitigation, Improvements.

Recover - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

Categories - Response Planning, Communications, Analysis, Mitigation, Improvements.

Cybersecurity Framework Product and Service Providers

GSA provides access to products and services related to these CSF Functions and Categories through the following IT Security Subcategory related SINs:

Share

Views: 1714

The purpose of this community is to provide a place where customers and industry partners can engage and discuss Cybersecurity related topics.... More

Visit the HACS SIN website to find high quality cybersecurity services to meet your needs:

  1. High Value Asset (HVA) Assessments
  2. Risk and Vulnerability Assessment (RVA)
  3. Cyber Hunt
  4. Incident Response
  5. Penetration Testing
  • laurenleulu's picture
    laurenleulu
  • brucetucker's picture
    brucetucker
  • Khale's picture
    Khale