Mind Map Gallery NIST - National Institute of Standards and Technology

NIST - National Institute of Standards and Technology

The United States Department of Commerce's National Institute of Standards and Technology (NIST) is a physical sciences laboratory and non-regulatory agency. Its goal is to boost American innovation and competitiveness in the global marketplace. Nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement are among the laboratory programs of NIST. The National Bureau of Standards was the name of the agency from 1901 until 1988.

Edited at 2021-12-31 07:05:12

Shashi Bala

NIST - National Institute of Standards and Technology

Shashi Bala

Recommended to you
Outline

NIST 800-53

Identity

Supply Chain Risk Management (ID.SC):

ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by stake

ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized,using assessment

ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives cybsec

ID.SC-4: Suppliers and 3rd-party partners are routinely asses using audits, test reslt

ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers

Risk Assessment (ID.RA):

ID.RA-1: Asset vulnerabilities are identified and documented

ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources

ID.RA-3: Threats, both internal and external, are identified and documented

ID.RA-4: Potential business impacts and likelihoods are identified

ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk

ID.RA-6: Risk responses are identified and prioritized

Governance (ID.GV):

ID.GV-1: Organizational cybersecurity policy is established and communicated

ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners

ID.GV-3: Legal and regulatory req regarding cybersec, inc privacy and civil liberties obligations, are understood and managed

ID.GV-4: Governance and risk management processes address cybersecurity risks

Business Environment (ID.BE

ID.BE-1: The organization’s role in the supply chain is identified and communicated

ID.BE-2: The org’s place in critical infra & its industry sector is identified and communicated

ID.BE-3: Priorities for org mission, obj, & activities are estab and communicated

ID.BE-4: Dependencies and critical functions for delivery of critical services are established

ID.BE-5: Resilience reqs to support delivery of critical services are estab for all operating states

Asset Management (ID.AM):

ID.AM-1: Physical devices and systems within the organization are inventoried

ID.AM-2: Software platforms and applications within the organization are inventoried

ID.AM-3: Organizational communication and data flows are mapped

ID.AM-4: External information systems are catalogued

ID.AM-5: Resources are prioritized based on their classification, criticality, and business value

Recover

Recovery Planning (RC.RP):

Improvements (RC.IM):

Communications (RC.CO):

Respond

Communications /lesson learned

Response Planning / analysis/ Mitigation

Detect

Detection Processes (DE.DP)

Security Continuous Monitoring

Anomalies and Events (DE.AE):

Protective Technology (PR.PT):

Protect

Maintenance (PR.MA):

Info Protetn Procs and Proce

Data Security (PR.DS):

Awareness and Training (PR.AT):

Identity Mgmt, Authc and Accss Ctl