Sheet1

CSF v1.1 april 2018 – Cobit 5, ISO 27k1:2013, NIST SP 800 53 rev 4, CIS (center of Internet Security) CSC 2
NIST = national institute of standards an
C.S Life Cycle Sub Actitivties
Asset Management (ID.AM)
Business Environment (ID.BE)
Governance (ID.GV)
IDENTIFY (ID)
Risk Assessment (ID.RA)
Risk Management Strategy (ID.RM)
Supply Chain Risk Management (ID.SC)

Identity Mgt, Auth and Access Control (PR.AC)

Awareness & Training (PR.AT)
Data Security (PR.DS)
PROTECT (PR)
Info. Protec. Processes & Procedures (PR.IP)
Maintenance (PR.MA)
Protective Technology (PR.PT)

Anomalies & Events (DE.AE)

DETECT (DE) Security Cont. Monitoring (DE.CM)
Detection Processes (DE.DP)

Response Planning (RS.RP)

Communications (RS. CO)
RESPOND (RS) Analysis (RS. AN)
Mitigation (RS.MI)
Improvements (RS.IM)

Recovery Planning (RC.RP)

RECOVER (RC) Improvements (RC.IM)
Communication (RC.CO)

as part of nist do:

RMF
sim solution
tableu

Page 1
 Sheet1
NIST SP 800 53 rev 4, CIS (center of Internet Security) CSC 2, ISA 62443-3-2013/2009 (security of industrial automation and contro
NIST = national institute of standards and technology
Detail
Physical devices/systems, software, communication and data flows, external info systems, priority based on value/critic, roles
Org mission, objectives, stakeholders, business activities, supply chain, critical functions, priority is defined and communicate
CS policy estsablish/comm, roles/responsibilities aligned, legal/regulatory understood, include CS in governance and risk
asset volun., threat intelligence from forums/sources, document int/ext, bus. Impacts/likelihoods, risk response and priority of
RM est, managed, agree by stakers, determine risk tolerance for org, inform risk in critical infrastructure
critical by stakers, 3rd party, contracts, routinely assessed, regular testing

Issue/manage/revoke, physical, remote, least priv, network seg/sagregation, id logs, auth single/multi factor
users, privilage users, 3rd party understand their resp, sr executives understand resp, physical/CS understand resp
Data rest/transit, assets formally managed and removal, capacity, leaks, integrity checks, test env
basline configurations, SDLC for systems, change control, backups maintained/tested, regulations regarding operating met, d
process improve, tech effecitiveness is shared, response/recovery plan is tested, HR processes, volun. Mgt plan is implement
approved/logged, remote logged/approved and properly protected
audit logs/review,removable media restrict, least privil.,comm protected, failsafe/load balancing, clustering, hot swap

Baseline for network and user data flows, analyze events from multiple sources, determine impact and incident alerts
Monitor physical, network, personal activity, malicious code, un auth. Mobile code, 3 rd party activity, un auth activity, perform v
roles/resp, processes are tested, event detection info is communicated, processes are improved continously

process/procedure plan executed during and after an incident

roles and order of operations when needed, incident handling criteria, info sharing as per response plan with stake holders, 3
investigated, impact, forensics, categorize incidents, established processes to recieve, analyze and respond to volun.
incidents are contained, mitigated and new volun are mitigated or documented as acceptable risk
lessons learnt and strategy update

executed during or after incident

lessons learnt and strategy update
public relations, reputation repair, communicated to internal/external stakeholders, executives

Page 2