DE.AE-1 | DE.AE-1: Network Operations Baseline | NIST CSF |
DE.AE-2 | DE.AE-2 Event Analysis | NIST CSF Control Guide |
DE.AE-3 | DE.AE-3: Event Data Correlation | NIST CSF |
DE.AE-4 | NIST DE.AE-4: Event Impact Determination | GRCWatch |
DE.AE-5 | NIST DE.AE-5: Alert Threshold Management Control |
DE.CM-1 | NIST DE.CM-1: Network Monitoring for Cybersecurity Events |
DE.CM-2 | DE.CM-2: Physical Environment Monitoring | NIST CSF |
DE.CM-3 | DE.CM-3 Personnel Activity Monitoring | NIST CSF |
DE.CM-4 | DE.CM-4 Malicious Code Detection | NIST CSF |
DE.CM-5 | DE.CM-5: Unauthorized Mobile Code Detection | NIST CSF |
DE.CM-6 | NIST DE.CM-6: Service Provider Activity Monitoring |
DE.CM-7 | DE.CM-7: Unauthorized Asset Monitoring | NIST CSF |
DE.CM-8 | NIST DE.CM-8 Vulnerability Scanning | GRCWatch |
DE.DP-1 | DE.DP-1: Detection Roles & Responsibilities | NIST CSF |
DE.DP-2 | DE.DP-2 Detection Compliance | NIST CSF Guide |
DE.DP-3 | NIST DE.DP-3: Detection Process Testing | GRCWatch |
DE.DP-4 | DE.DP-4 Detection Communication | NIST CSF Control |
DE.DP-5 | DE.DP-5: Detection Process Improvement | NIST CSF |
ID.AM-1 | NIST ID.AM-1: Physical Device Inventory Control |
ID.AM-2 | NIST ID.AM-2: Software Asset Inventory Control |
ID.AM-3 | NIST ID.AM-3: Data Flow Mapping Control Guide |
ID.AM-4 | NIST ID.AM-4: External Systems Catalog | GRCWatch |
ID.AM-5 | NIST ID.AM-5: Resource Prioritization Control |
ID.AM-6 | NIST ID.AM-6: Cybersecurity Roles & Responsibilities |
ID.BE-1 | ID.BE-1: Supply Chain Role Identification | NIST CSF |
ID.BE-2 | NIST ID.BE-2: Critical Infrastructure Identification |
ID.BE-3 | ID.BE-3: Mission & Objectives Prioritization | NIST CSF |
ID.BE-4 | NIST ID.BE-4: Critical Function Dependencies | GRCWatch |
ID.BE-5 | ID.BE-5: Service Resilience Requirements | NIST CSF |
ID.GV-1 | ID.GV-1: Establish Cybersecurity Policy | NIST Framework |
ID.GV-2 | ID.GV-2: Cybersecurity Roles Coordination | NIST CSF |
ID.GV-3 | ID.GV-3: Legal & Regulatory Compliance | NIST CSF |
ID.GV-4 | ID.GV-4: Cybersecurity Risk Governance | NIST CSF |
ID.RA-1 | NIST ID.RA-1: Asset Vulnerability Identification |
ID.RA-2 | ID.RA-2 Threat Intelligence Sharing | NIST CSF |
ID.RA-3 | NIST ID.RA-3: Threat Identification & Documentation |
ID.RA-4 | ID.RA-4: Business Impact Analysis | NIST CSF |
ID.RA-5 | ID.RA-5 Risk Determination | NIST CSF Control |
ID.RA-6 | NIST ID.RA-6: Risk Response Prioritization Framework |
ID.RM-1 | ID.RM-1: Risk Management Processes | NIST CSF |
ID.RM-2 | ID.RM-2: Risk Tolerance Definition | NIST CSF |
ID.RM-3 | ID.RM-3: Risk Tolerance & Critical Infrastructure | NIST CSF |
ID.SC-1 | ID.SC-1: Supply Chain Risk Management | NIST CSF |
ID.SC-2 | ID.SC-2: Supplier Risk Assessment | NIST CSF |
ID.SC-3 | ID.SC-3: Supplier Contractual Security Requirements | NIST CSF |
ID.SC-4 | ID.SC-4: Supplier Compliance Assessment | NIST CSF |
ID.SC-5 | ID.SC-5: Supply Chain Response & Recovery Testing | NIST CSF |
PR.AC-1 | PR.AC-1: Identity & Credential Management | NIST CSF |
PR.AC-2 | PR.AC-2: Physical Access Management | NIST CSF |
PR.AC-3 | PR.AC-3 Remote Access Management | NIST CSF |
PR.AC-4 | PR.AC-4: Access Permission Management | NIST CSF |
PR.AC-5 | NIST PR.AC-5: Network Integrity Protection Guide |
PR.AC-6 | NIST CSF PR.AC-6: Identity Proofing & Binding |
PR.AC-7 | PR.AC-7 Risk-Based Authentication | NIST CSF |
PR.AT-1 | PR.AT-1: Security Awareness Training | NIST CSF |
PR.AT-2 | NIST PR.AT-2: Privileged User Training & Compliance |
PR.AT-3 | PR.AT-3: Third-Party Security Training | NIST CSF |
PR.AT-4 | PR.AT-4: Executive Security Training | NIST CSF |
PR.AT-5 | PR.AT-5: Security Personnel Training | NIST CSF |
PR.DS-1 | PR.DS-1: Data at Rest Protection | NIST CSF |
PR.DS-2 | PR.DS-2: Data in Transit Protection | NIST CSF |
PR.DS-3 | PR.DS-3: Asset Lifecycle Management | NIST CSF |
PR.DS-4 | PR.DS-4 Capacity Management | NIST CSF Guide |
PR.DS-5 | PR.DS-5: Data Leak Prevention | NIST CSF Control |
PR.DS-6 | PR.DS-6: Integrity Verification | NIST CSF Control |
PR.DS-7 | PR.DS-7 Environment Separation | NIST CSF Control |
PR.DS-8 | PR.DS-8: Hardware Integrity Verification | NIST CSF |
PR.IP-1 | PR.IP-1: Baseline Configuration Management | NIST CSF |
PR.IP-10 | PR.IP-10: Response and Recovery Plan Testing | NIST CSF |
PR.IP-11 | PR.IP-11: Cybersecurity in Human Resources | NIST CSF |
PR.IP-12 | PR.IP-12 Vulnerability Management Plan | NIST CSF |
PR.IP-2 | NIST PR.IP-2: System Development Life Cycle Control |
PR.IP-3 | PR.IP-3 Configuration Change Control | NIST CSF |
PR.IP-4 | PR.IP-4: Information Backup and Testing | NIST CSF |
PR.IP-5 | NIST PR.IP-5: Physical Operating Environment Compliance |
PR.IP-6 | NIST PR.IP-6: Data Destruction Policy Control |
PR.IP-7 | NIST CSF PR.IP-7: Protection Process Improvement |
PR.IP-8 | PR.IP-8: Protection Technology Effectiveness Sharing | NIST CSF |
PR.IP-9 | PR.IP-9: Response & Recovery Planning | NIST CSF |
PR.MA-1 | PR.MA-1: Asset Maintenance Logging | NIST CSF |
PR.MA-2 | NIST PR.MA-2: Secure Remote Maintenance Control |
PR.PT-1 | NIST PR.PT-1: Audit Log Management Control |
PR.PT-2 | NIST PR.PT-2: Removable Media Controls & Policy |
PR.PT-3 | PR.PT-3: Least Functionality Configuration | NIST CSF |
PR.PT-4 | NIST CSF PR.PT-4: Network Protection Controls |
PR.PT-5 | PR.PT-5: Resilience Mechanisms | NIST CSF Control |
RC.CO-1 | RC.CO-1: Recovery Public Relations Management | NIST CSF |
RC.CO-2 | NIST RC.CO-2: Incident Reputation Repair | GRCWatch |
RC.CO-3 | RC.CO-3 Recovery Communication | NIST CSF Control |
RC.IM-1 | RC.IM-1: Recovery Plan Lessons Learned | NIST CSF |
RC.IM-2 | RC.IM-2: Recovery Strategy Updates | NIST CSF |
RC.RP-1 | RC.RP-1 Recovery Plan Execution | NIST CSF |
RS.AN-1 | RS.AN-1: Detection Notification Investigation | NIST CSF |
RS.AN-2 | RS.AN-2 Incident Impact Analysis | NIST CSF Control |
RS.AN-3 | RS.AN-3: Incident Forensics | NIST CSF Control |
RS.AN-4 | RS.AN-4 Incident Categorization | NIST CSF Control |
RS.AN-5 | NIST RS.AN-5: Vulnerability Disclosure Response |
RS.CO-1 | RS.CO-1: Define Response Roles & Operations Order | NIST CSF |
RS.CO-2 | RS.CO-2 Incident Reporting | NIST CSF Control |
RS.CO-3 | RS.CO-3: Response Information Sharing | NIST CSF |
RS.CO-4 | RS.CO-4: Stakeholder Response Coordination | NIST CSF |
RS.CO-5 | RS.CO-5: External Cybersecurity Information Sharing | NIST CSF |
RS.IM-1 | RS.IM-1: Response Plan Lessons Learned | NIST CSF |
RS.IM-2 | RS.IM-2: Response Strategy Updates | NIST CSF |
RS.MI-1 | RS.MI-1 Incident Containment | NIST CSF Control |
RS.MI-2 | RS.MI-2 Incident Mitigation | NIST CSF Control |
RS.MI-3 | NIST CSF RS.MI-3: New Vulnerability Mitigation Control |
RS.RP-1 | RS.RP-1: Incident Response Plan Execution | NIST CSF |