Implementing NIST 2.0 with SanerNow
Introduction
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0 is the latest version of a voluntary framework that provides organizations with guidelines and best practices for managing and reducing cybersecurity risks. Originally developed in response to Executive Order 13636 in 2013, the NIST CSG has evolved to address the ever-changing landscape of cyber threats and technologies. NIST CSF 2.0 aims to help organizations of all sizes and sectors better understand, manage, and mitigate cybersecurity risks through a flexible, cost-effective approach.
An Overview
NIST CSF 2.0 is structured around five core functions: Identify, Protect, Detect, Respond, and Recover. These functions are further divided into categories and subcategories that cover specific areas of cybersecurity. This framework also includes implementation tiers that help organizations assess their current cybersecurity posture and set goals for improvement.
Building on previous versions, CSF 2.0 contains new features that highlight the importance of governance and supply chains. Special attention is paid to the QSGs to ensure that the CSF is relevant and readily accessible by smaller organizations as well as their larger counterparts.
Key Differences Between NIST CSF 1.1 and NIST CSF 2.0
| Aspect | NIST CSF 1.1 | NIST CSF 2.0 |
|---|---|---|
| Scope and Integration | Focused primarily on risk management and cybersecurity | Expanded to emphasize the importance of cyber governance |
| Supply Chain Security | Basic inclusion of supply chain risk management | Greater emphasis on supply chain resilience and security |
| Implementation Examples | Limited guidance on how to achieve subcategories | Introduces an “Implementation Examples” category for practical guidance |
| Governance Function | No specific governance function: governance principles are dispersed | Introduces a new “GOVERN” function to highlight cybersecurity governance |
| References to Frameworks | Minimal references to other frameworks | Includes references to reputable frameworks, such as NIST Privacy Framework and NICE Workforce Framework |
| Continuous Improvement | General emphasis on improvement without a specific category | Adds an “improvement category” within the IDENTIFY function |
Challenges of Implementing NIST CSF
Complexity
The framework’s comprehensive nature is overwhelming, especially for organizations with limited cybersecurity expertise.
Resource Intensive
Implementing and maintaining the framework requires significant time, effort, and financial resources.
Resource Intensive
Integrating NIST CSF 2.0 with existing processes and technologies is difficult, particularly in organizations with outdated computer systems still in use.
Continuous Improvement
The dynamic nature of cybersecurity threats necessitates continuous monitoring, assessment, and improvement, which can be resource intensive.
Compliance and Documentation
Maintaining compliance with the framework involves extensive documentation and regular audits, adding to the administrative burden.
Key Changes in NIST CSF 2.0
Increased Scope
The first notable change in NIST CSF 2.0 is the removal of "critical infrastructure" from its name. Originally aimed at protecting critical infrastructure, the framework now targets all organizations, reflecting its widespread adoption. A SANS Institute survey highlights this, showing 74% of organizations using a security framework choose the CSF.
Govern Function
The new “govern” function in CSF 2.0 marks a strategic shift towards emphasizing governance in cybersecurity. It calls for cohesive strategies and policies that align with organizational goals. By consolidating existing categories and subcategories into this function, it encourages executive leadership to take an active role in cybersecurity.
Supply Chain Risk Management
CSF 2.0 gives more guidance on managing supply chain risks, highlighting the need to secure complex and interconnected supply chains. Organizations should examine their suppliers' cybersecurity practices and develop risk management strategies that go beyond their own operations. This holistic approach helps protect against the widespread effects of a breach anywhere in the supply chain.
Measuring Cybersecurity Outcomes
The updated CSF 2.0 focuses more on measuring cybersecurity results. It provides detailed advice on creating metrics and benchmarks to gauge the effectiveness of cybersecurity practices. These metrics help organizations make data-driven security decisions, guided by measurable achievements in defending against cyber threats.
Organizational Risk Management
CSF 2.0 emphasizes integrating cybersecurity risk management with overall organizational risk strategies. It encourages viewing cybersecurity as part of the broader risk landscape, influencing various business decisions and goals. This approach ensures cybersecurity risks are considered within the context of enterprise-wide risk management.
Profile Development Guidance
The updated framework provides more support for developing profiles, including new templates and examples. This helps organizations tailor the CSF to their specific needs, creating a customized plan for improving cybersecurity. This guidance is valuable for aligning security measures with unique risks.
Framework Tiers Classification
CSF 2.0 clearly defines the framework tires, or maturity levels, and their purposes, resolving previous ambiguities. These tiers help organizations understand and plan their cybersecurity strategy, aligning practices with risk management processes and business needs. Clear definitions ensure organizations can accurately assess their current capabilities and plan for improvement.
The SanerNow Approach to NIST CSF 2.0 Framework
SecPod SanerNow Continuous Vulnerability and Exposure Management solution is built to give complete visibility and control over your modern security landscape. SanerNow runs the fastest scans to discover IT assets, vulnerabilities, exposures, misconfigurations, and other security risks. With its integrated patch management, it provides the necessary remediation fixes to mitigate them, and automates tasks end-to-end to make it a simple and hassle-free daily routine.
SanerNow allows you to assess, validate, and communicate adherence to NIST 2 security control. SanerNow delivers broad, up-to-date, and continuous coverage to NIST 2 standards across your enterprise, including cloud and mobile environment. It automates the majority of NIST 2 controls, enabling you to efficiently put together the six functions of the framework: Govern, Identify, Protect, Detect, Respond, and Recover.
The CSF Core Functions
Govern
The Govern (GV) function involves setting, communicating, and monitoring an organization's cybersecurity risk management strategy and policies. It helps guide the organization in achieving its cybersecurity goals in line with its mission and stakeholder expectations. Govern ensures cybersecurity is part of the broader enterprise risk management (ERM) strategy, covering organizational context, strategy, supply chain risk management, roles, responsibilities, policies, and oversight of cybersecurity efforts.
Identify
The Identify (ID) function involves understanding the organization's current cybersecurity risks. This includes knowing the assets (like data, hardware, software, systems, facilities, services, and people) and suppliers, as well as the related cybersecurity risks. By doing this, the organization can prioritize its efforts according to its risk management strategy and mission needs set out in Govern. This function also involves finding ways to improve policies, plans, processes, procedures, and practices to better manage cybersecurity risks across all six functions.
Protect
The Protect (PR) function involves using safeguards to manage an organization's cybersecurity risks. After identifying and prioritizing assets and risks, Protect focuses on securing those assets to prevent or minimize the impact of adverse cybersecurity events and to capitalize on opportunities. This includes identity management, authentication, access control, awareness and training, data security, platform security (hardware, software, services), and the resilience of technology infrastructure.
Detect
The Detect (DE) function involves identifying and analyzing possible cybersecurity attacks and compromises. It aims to discover and analyze anomalies, indicators of compromise, and other events that suggest cybersecurity incidents. This function supports timely incident response and recovery.
Respond
The Respond (RS) function involves taking action when a cybersecurity incident is detected. It focuses on containing the incident's effects and includes incident management, analysis, mitigation, reporting, and communication.
Recover
The Recover (RC) function involves restoring assets and operations affected by a cybersecurity incident. It aims to quickly return to normal operations, reduce the incident's impact, and ensure effective communication during recovery efforts.
The Broad NIST CSF 2.0 Coverage
| SL.NO | NIST 2.0 Controls | Sub-category |
|---|---|---|
| GOVERN (GV) | The organization’s cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored | |
| Organizational Context (GV.OC) | The circumstances — mission, stakeholder expectations, dependencies, and legal, regulatory, and contractual requirements — surrounding the organization’s cybersecurity risk management decisions are understood | |
| 1 | GV.OC-01 | The organizational mission is understood and informs cybersecurity risk management |
| 2 | GV.OC-02 | Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered |
| 3 | GV.OC-03 | Legal, regulatory, and contractual requirements regarding cybersecurity — including privacy and civil liberties obligations — are understood and managed |
| 4 | GV.OC-04 | Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated |
| 5 | GV.OC-05 | Outcomes, capabilities, and services that the organization depends on are understood and communicated |
| Risk Management Strategy (GV.RM) | The organization’s priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions | |
| 6 | GV.RM-01 | Risk management objectives are established and agreed to by organizational stakeholders |
| 7 | GV.RM-02 | Risk appetite and risk tolerance statements are established, communicated, and maintained |
| 8 | GV.RM-03 | Cybersecurity risk management activities and outcomes are included in enterprise risk management processes |
| 9 | GV.RM-04 | Strategic direction that describes appropriate risk response options is established and communicated |
| 10 | GV.RM-05 | Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties |
| 11 | GV.RM-06 | A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated |
| 12 | GV.RM-07 | Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions |
| Roles, Responsibilities, and Authorities (GV.RR) | Cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated | |
| 13 | GV.RR-01 | Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving |
| 14 | GV.RR-02 | Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced |
| 15 | GV.RR-03 | Adequate resources are allocated commensurate with the cybersecurity risk strategy, roles, responsibilities, and policies |
| 16 | GV.RR-04 | Cybersecurity is included in human resources practices |
| Policy (GV.PO) | Organizational cybersecurity policy is established, communicated, and enforced | |
| 17 | GV.PO-01 | Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced |
| 18 | GV.PO-02 | Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission |
| Oversight (GV.OV) | Results of organization-wide cybersecurity risk management activities and performance are used to inform, improve, and adjust the risk management strategy | |
| 19 | GV.OV-01 | Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction |
| 20 | GV.OV-02 | The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks |
| 21 | GV.OV-03 | Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed |
| Cybersecurity Supply Chain Risk Management (GV.SC) | Cyber supply chain risk management processes are identified, established, managed, monitored, and improved by organizational stakeholders | |
| 22 | GV.SC-01 | A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders |
| 23 | GV.SC-02 | Cybersecurity roles and responsibilities for suppliers, customers, and partners are established, communicated, and coordinated internally and externally |
| 24 | GV.SC-03 | Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes |
| 25 | GV.SC-04 | Suppliers are known and prioritized by criticality |
| 26 | GV.SC-05 | Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties |
| 27 | GV.SC-06 | Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships |
| 28 | GV.SC-07 | The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship |
| 29 | GV.SC-08 | Relevant suppliers and other third parties are included in incident planning, response, and recovery activities |
| 30 | GV.SC-09 | Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle |
| 31 | GV.SC-10 | Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement |
| IDENTIFY (ID) | The organization’s current cybersecurity risks are understood | |
| Asset Management (ID.AM) | Assets (e.g., data, hardware, software, systems, facilities, services, people) that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy | |
| 32 | ID.AM-01 | Inventories of hardware managed by the organization are maintained |
| 33 | ID.AM-02 | Inventories of software, services, and systems managed by the organization are maintained |
| 34 | ID.AM-03 | Representations of the organization’s authorized network communication and internal and external network data flows are maintained |
| 35 | ID.AM-04 | Inventories of services provided by suppliers are maintained |
| 36 | ID.AM-05 | Assets are prioritized based on classification, criticality, resources, and impact on the mission |
| 37 | ID.AM-06 | Inventories of data and corresponding metadata for designated data types are maintained |
| 38 | ID.AM-07 | Systems, hardware, software, services, and data are managed throughout their life cycles |
| Risk Assessment (ID.RA) | The cybersecurity risk to the organization, assets, and individuals is understood by the organization | |
| 39 | ID.RA-01 | Vulnerabilities in assets are identified, validated, and recorded |
| 40 | ID.RA-02 | Inventories of software, services, and systems managed by the organization are maintained |
| 41 | ID.RA-03 | Internal and external threats to the organization are identified and recorded |
| 42 | ID.RA-04 | Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded |
| 43 | ID.RA-05 | Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization |
| 44 | ID.RA-06 | Risk responses are chosen, prioritized, planned, tracked, and communicated |
| 45 | ID.RA-07 | Changes and exceptions are managed, assessed for risk impact, recorded, and tracked |
| 46 | ID.AM-08 | Processes for receiving, analyzing, and responding to vulnerability disclosures are established |
| 47 | ID.RA-09 | The authenticity and integrity of hardware and software are assessed prior to acquisition and use |
| 48 | ID.RA-10 | Critical suppliers are assessed prior to acquisition |
| Improvement (ID.IM) | Improvements to organizational cybersecurity risk management processes, procedures and activities are identified across all CSF Functions | |
| 49 | ID.IM-01 | Improvements are identified from evaluations |
| 50 | ID.IM-02 | Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties |
| 51 | ID.IM-03 | Improvements are identified from execution of operational processes, procedures, and activities |
| 52 | ID.IM-04 | Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved |
| PROTECT (PR) | Safeguards to manage the organization’s cybersecurity risks are used | |
| Identity Management, Authentication, and Access Control (PR.AA) | Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access | |
| 53 | PR.AA-01 | Identities and credentials for authorized users, services, and hardware are managed by the organization |
| 54 | PR.AA-02 | Identities are proofed and bound to credentials based on the context of interactions |
| 55 | PR.AA-03 | Users, services, and hardware are authenticated |
| 56 | PR.AA-04 | Identity assertions are protected, conveyed, and verified |
| 57 | PR.AA-05 | Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties |
| 58 | PR.AA-06 | Physical access to assets is managed, monitored, and enforced commensurate with risk |
| Awareness and Training (PR.AT) | The organization’s personnel are provided with cybersecurity awareness and training so that they can perform their cybersecurity-related tasks | |
| 59 | PR.AT-01 | Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind |
| 60 | PR.AA-02 | Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind |
| Data Security (PR.DS) | Data are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information | |
| 61 | PR.DS-01 | Identity assertions are protected, conveyed, and verified |
| 62 | PR.DS-02 | The confidentiality, integrity, and availability of data-in-transit are protected |
| 63 | PR.DS-10 | The confidentiality, integrity, and availability of data-in-use are protected |
| 64 | PR.DS-11 | Backups of data are created, protected, maintained, and tested |
| Platform Security (PR.PS) | The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization’s risk strategy to protect their confidentiality, integrity, and availability | |
| 65 | PR.PS-01 | Configuration management practices are established and applied |
| 66 | PR.PS-02 | Software is maintained, replaced, and removed commensurate with risk |
| 67 | PR.PS-03 | Hardware is maintained, replaced, and removed commensurate with risk |
| 68 | PR.PS-04 | Log records are generated and made available for continuous monitoring |
| 69 | PR.PS-05 | Installation and execution of unauthorized software are prevented |
| 70 | PR.PS-06 | Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle |
| Technology Infrastructure Resilience (PR.IR) | Security architectures are managed with the organization’s risk strategy to protect asset confidentiality, integrity, and availability, and organizational resilience | |
| 71 | PR.IR-01 | Networks and environments are protected from unauthorized logical access and usage |
| 72 | PR.IR-01 | Networks and environments are protected from unauthorized logical access and usage |
| 73 | PR.IR-02 | The organization’s technology assets are protected from environmental threats |
| 74 | PR.IR-03 | Mechanisms are implemented to achieve resilience requirements in normal and adverse situations |
| 75 | PR.IR-04 | Adequate resource capacity to ensure availability is maintained |
| DETECT (DE) | Possible cybersecurity attacks and compromises are found and analyzed | |
| Continuous Monitoring (DE.CM) | Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events | |
| 76 | DE.CM-01 | Networks and network services are monitored to find potentially adverse events |
| 77 | DE.CM-02 | The physical environment is monitored to find potentially adverse events |
| 78 | DE.CM-03 | Personnel activity and technology usage are monitored to find potentially adverse events |
| 79 | DE.CM-06 | External service provider activities and services are monitored to find potentially adverse events |
| 80 | DE.CM-09 | Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events |
| Adverse Event Analysis (DE.AE) | Anomalies, indicators of compromise, and other potentially adverse events are analyzed to characterize the events and detect cybersecurity incidents | |
| 81 | DE.AE-02 | Potentially adverse events are analyzed to better understand associated activities |
| 82 | DE.AE-03 | Information is correlated from multiple sources |
| 83 | DE.AE-04 | The estimated impact and scope of adverse events are understood |
| 84 | DE.AE-06 | Information on adverse events is provided to authorized staff and tools |
| 85 | DE.CM-03 | Cyber threat intelligence and other contextual information are integrated into the analysis |
| 86 | DE.AE-08 | Incidents are declared when adverse events meet the defined incident criteria |
| RESPOND (RS) | Actions regarding a detected cybersecurity incident are taken | |
| Incident Management (RS.MA) | Responses to detected cybersecurity incidents are managed | |
| 87 | RS.MA-01 | The incident response plan is executed in coordination with relevant third parties once an incident is declared |
| 88 | RS.MA-02 | Incident reports are triaged and validated |
| 89 | RS.MA-03 | Incidents are categorized and prioritized |
| 90 | RS.MA-04 | Incidents are escalated or elevated as needed |
| 91 | RS.MA-05 | The criteria for initiating incident recovery are applied |
| Incident Analysis (RS.AN) | Investigations are conducted to ensure effective response and support forensics and recovery activities | |
| 92 | RS.AN-03 | Analysis is performed to establish what has taken place during an incident and the root cause of the incident |
| 93 | RS.AN-06 | Actions performed during an investigation are recorded, and the records’ integrity and provenance are preserved |
| 94 | RS.AN-07 | Incident data and metadata are collected, and their integrity and provenance are preserved |
| 95 | RS.AN-08 | An incident’s magnitude is estimated and validated |
| Incident Response Reporting and Communication (RS.CO) | Response activities are coordinated with internal and external stakeholders as required by laws, regulations, or policies | |
| 96 | RS.CO-02 | Internal and external stakeholders are notified of incidents |
| 97 | RS.CO-03 | Information is shared with designated internal and external stakeholders |
| Incident Mitigation (RS.MI) | Activities are performed to prevent expansion of an event and mitigate its effects | |
| 98 | RS.MI-01 | Incidents are contained |
| 99 | RS.MI-02 | Incidents are eradicated |
| RECOVER (RC) | Assets and operations affected by a cybersecurity incident are restored | |
| Incident Recovery Plan Execution (RC.RP) | Restoration activities are performed to ensure operational availability of systems and services affected by cybersecurity incidents | |
| 100 | RC.RP-01 | The recovery portion of the incident response plan is executed once initiated from the incident response process |
| 101 | RC.RP-02 | Recovery actions are selected, scoped, prioritized, and performed |
| 102 | RC.RP-03 | The integrity of backups and other restoration assets is verified before using them for restoration |
| 103 | RC.RP-04 | Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms |
| 104 | RC.RP-05 | The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed |
| 105 | RC.RP-06 | The end of incident recovery is declared based on criteria, and incident-related documentation is completed |
| Incident Recovery Communication (RC.CO) | Restoration activities are coordinated with internal and external parties | |
| 106 | RC.CO-03 | Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders |
| 107 | RC.RP-02 | Public updates on incident recovery are shared using approved methods and messaging |
The NIST CSF 2.0 Coverage Automated by SanerNow
| SL.NO | NIST 2.0 Controls | Sub-category |
|---|---|---|
| GOVERN (GV) | The organization’s cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored | |
| Asset Management (ID.AM) | Assets (e.g., data, hardware, software, systems, facilities, services, people) that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy | |
| 1 | ID.AM-01 | Inventories of hardware managed by the organization are maintained |
| 2 | ID.AM-02 | Inventories of software, services, and systems managed by the organization are maintained |
| 3 | ID.AM-05 | Assets are prioritized based on classification, criticality, resources, and impact on the mission |
| 4 | ID.AM-08 | Systems, hardware, software, services, and data are managed throughout their life cycles |
| Risk Assessment (ID.RA) | The cybersecurity risk to the organization, assets, and individuals is understood by the organization | |
| 5 | ID.RA-01 | Vulnerabilities in assets are identified, validated, and recorded |
| 6 | ID.RA-02 | Cyber threat intelligence is received from information sharing forums and sources |
| 7 | ID.RA-03 | Internal and external threats to the organization are identified and recorded |
| 8 | ID.RA-04 | Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded |
| 9 | ID.RA-05 | Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization |
| 10 | ID.RA-06 | Risk responses are chosen, prioritized, planned, tracked, and communicated |
| 11 | ID.RA-07 | Changes and exceptions are managed, assessed for risk impact, recorded, and tracked |
| 12 | ID.RA-08 | Processes for receiving, analyzing, and responding to vulnerability disclosures are established |
| 13 | ID.RA-02 | Cyber threat intelligence is received from information sharing forums and sources |
| PROTECT (PR) | Safeguards to manage the organization’s cybersecurity risks are used | |
| Platform Security (PR.PS) | The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization’s risk strategy to protect their confidentiality, integrity, and availability | |
| 14 | PR.PS-01 | Configuration management practices are established and applied |
| 15 | PR.PS-02 | Software is maintained, replaced, and removed commensurate with risk |
| 16 | PR.PS-03 | Hardware is maintained, replaced, and removed commensurate with risk |
| 17 | PR.PS-04 | Log records are generated and made available for continuous monitoring |
| 18 | PR.PS-05 | Installation and execution of unauthorized software are prevented |
| DETECT (DE) | Possible cybersecurity attacks and compromises are found and analyzed | |
| RESPOND (RS) | Actions regarding a detected cybersecurity incident are taken | |
| RECOVER (RC) | Assets and operations affected by a cybersecurity incident are restored |