The United States Department of Commerce's National Institute of Standards and Technology (NIST) is a physical sciences laboratory and non-regulatory agency. Its goal is to boost American innovation and competitiveness in the global marketplace. Nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement are among the laboratory programs of NIST. The National Bureau of Standards was the name of the agency from 1901 until 1988.
Tags:
Similar Mind Maps
Outline
NIST 800-53
Identity
Supply Chain Risk Management (ID.SC):
ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by stake
ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized,using assessment
ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives cybsec
ID.SC-4: Suppliers and 3rd-party partners are routinely asses using audits, test reslt
ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers
Risk Assessment (ID.RA):
ID.RA-1: Asset vulnerabilities are identified and documented
ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources
ID.RA-3: Threats, both internal and external, are identified and documented
ID.RA-4: Potential business impacts and likelihoods are identified
ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
ID.RA-6: Risk responses are identified and prioritized
Governance (ID.GV):
ID.GV-1: Organizational cybersecurity policy is established and communicated
ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
ID.GV-3: Legal and regulatory req regarding cybersec, inc privacy and civil liberties obligations, are understood and managed
ID.GV-4: Governance and risk management processes address cybersecurity risks
Business Environment (ID.BE
ID.BE-1: The organization’s role in the supply chain is identified and communicated
ID.BE-2: The org’s place in critical infra & its industry sector is identified and communicated
ID.BE-3: Priorities for org mission, obj, & activities are estab and communicated
ID.BE-4: Dependencies and critical functions for delivery of critical services are established
ID.BE-5: Resilience reqs to support delivery of critical services are estab for all operating states
Asset Management (ID.AM):
ID.AM-1: Physical devices and systems within the organization are inventoried
ID.AM-2: Software platforms and applications within the organization are inventoried
ID.AM-3: Organizational communication and data flows are mapped
ID.AM-4: External information systems are catalogued
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value
Recover
Recovery Planning (RC.RP):
Improvements (RC.IM):
Communications (RC.CO):
Respond
Communications /lesson learned
Response Planning / analysis/ Mitigation
Detect
Detection Processes (DE.DP)
Security Continuous Monitoring
Anomalies and Events (DE.AE):
Protective Technology (PR.PT):
Protect
Maintenance (PR.MA):
Info Protetn Procs and Proce
Data Security (PR.DS):
Awareness and Training (PR.AT):
Identity Mgmt, Authc and Accss Ctl
NIST - National Institute of Standards and Technology
3
3
2
144
NIST 800-53
Identity
Supply Chain Risk Management (ID.SC):
ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by stake
ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized,using assessment
ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives cybsec
ID.SC-4: Suppliers and 3rd-party partners are routinely asses using audits, test reslt
ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers
Risk Assessment (ID.RA):
ID.RA-1: Asset vulnerabilities are identified and documented
ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources
ID.RA-3: Threats, both internal and external, are identified and documented
ID.RA-4: Potential business impacts and likelihoods are identified
ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
ID.RA-6: Risk responses are identified and prioritized
Governance (ID.GV):
ID.GV-1: Organizational cybersecurity policy is established and communicated
ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
ID.GV-3: Legal and regulatory req regarding cybersec, inc privacy and civil liberties obligations, are understood and managed
ID.GV-4: Governance and risk management processes address cybersecurity risks
Business Environment (ID.BE
ID.BE-1: The organization’s role in the supply chain is identified and communicated
ID.BE-2: The org’s place in critical infra & its industry sector is identified and communicated
ID.BE-3: Priorities for org mission, obj, & activities are estab and communicated
ID.BE-4: Dependencies and critical functions for delivery of critical services are established
ID.BE-5: Resilience reqs to support delivery of critical services are estab for all operating states
Asset Management (ID.AM):
ID.AM-1: Physical devices and systems within the organization are inventoried
ID.AM-2: Software platforms and applications within the organization are inventoried
ID.AM-3: Organizational communication and data flows are mapped
ID.AM-4: External information systems are catalogued
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value
Recover
Recovery Planning (RC.RP):
Improvements (RC.IM):
Communications (RC.CO):
Respond
Communications /lesson learned
Response Planning / analysis/ Mitigation
Detect
Detection Processes (DE.DP)
Security Continuous Monitoring
Anomalies and Events (DE.AE):
Protective Technology (PR.PT):
Protect
Maintenance (PR.MA):
Info Protetn Procs and Proce
Data Security (PR.DS):
Awareness and Training (PR.AT):
Identity Mgmt, Authc and Accss Ctl
Mind Map
Outline
1
Page-1
1
Page-1
This work was published by EdrawMind user Shashi Bala and does not
represent the position of Edraw Software.