Learn

NIST Cybersecurity Framework

Browse 108 published controls in this framework.

Control IDTitle
DE.AE-1DE.AE-1: Network Operations Baseline | NIST CSF
DE.AE-2DE.AE-2 Event Analysis | NIST CSF Control Guide
DE.AE-3DE.AE-3: Event Data Correlation | NIST CSF
DE.AE-4NIST DE.AE-4: Event Impact Determination | GRCWatch
DE.AE-5NIST DE.AE-5: Alert Threshold Management Control
DE.CM-1NIST DE.CM-1: Network Monitoring for Cybersecurity Events
DE.CM-2DE.CM-2: Physical Environment Monitoring | NIST CSF
DE.CM-3DE.CM-3 Personnel Activity Monitoring | NIST CSF
DE.CM-4DE.CM-4 Malicious Code Detection | NIST CSF
DE.CM-5DE.CM-5: Unauthorized Mobile Code Detection | NIST CSF
DE.CM-6NIST DE.CM-6: Service Provider Activity Monitoring
DE.CM-7DE.CM-7: Unauthorized Asset Monitoring | NIST CSF
DE.CM-8NIST DE.CM-8 Vulnerability Scanning | GRCWatch
DE.DP-1DE.DP-1: Detection Roles & Responsibilities | NIST CSF
DE.DP-2DE.DP-2 Detection Compliance | NIST CSF Guide
DE.DP-3NIST DE.DP-3: Detection Process Testing | GRCWatch
DE.DP-4DE.DP-4 Detection Communication | NIST CSF Control
DE.DP-5DE.DP-5: Detection Process Improvement | NIST CSF
ID.AM-1NIST ID.AM-1: Physical Device Inventory Control
ID.AM-2NIST ID.AM-2: Software Asset Inventory Control
ID.AM-3NIST ID.AM-3: Data Flow Mapping Control Guide
ID.AM-4NIST ID.AM-4: External Systems Catalog | GRCWatch
ID.AM-5NIST ID.AM-5: Resource Prioritization Control
ID.AM-6NIST ID.AM-6: Cybersecurity Roles & Responsibilities
ID.BE-1ID.BE-1: Supply Chain Role Identification | NIST CSF
ID.BE-2NIST ID.BE-2: Critical Infrastructure Identification
ID.BE-3ID.BE-3: Mission & Objectives Prioritization | NIST CSF
ID.BE-4NIST ID.BE-4: Critical Function Dependencies | GRCWatch
ID.BE-5ID.BE-5: Service Resilience Requirements | NIST CSF
ID.GV-1ID.GV-1: Establish Cybersecurity Policy | NIST Framework
ID.GV-2ID.GV-2: Cybersecurity Roles Coordination | NIST CSF
ID.GV-3ID.GV-3: Legal & Regulatory Compliance | NIST CSF
ID.GV-4ID.GV-4: Cybersecurity Risk Governance | NIST CSF
ID.RA-1NIST ID.RA-1: Asset Vulnerability Identification
ID.RA-2ID.RA-2 Threat Intelligence Sharing | NIST CSF
ID.RA-3NIST ID.RA-3: Threat Identification & Documentation
ID.RA-4ID.RA-4: Business Impact Analysis | NIST CSF
ID.RA-5ID.RA-5 Risk Determination | NIST CSF Control
ID.RA-6NIST ID.RA-6: Risk Response Prioritization Framework
ID.RM-1ID.RM-1: Risk Management Processes | NIST CSF
ID.RM-2ID.RM-2: Risk Tolerance Definition | NIST CSF
ID.RM-3ID.RM-3: Risk Tolerance & Critical Infrastructure | NIST CSF
ID.SC-1ID.SC-1: Supply Chain Risk Management | NIST CSF
ID.SC-2ID.SC-2: Supplier Risk Assessment | NIST CSF
ID.SC-3ID.SC-3: Supplier Contractual Security Requirements | NIST CSF
ID.SC-4ID.SC-4: Supplier Compliance Assessment | NIST CSF
ID.SC-5ID.SC-5: Supply Chain Response & Recovery Testing | NIST CSF
PR.AC-1PR.AC-1: Identity & Credential Management | NIST CSF
PR.AC-2PR.AC-2: Physical Access Management | NIST CSF
PR.AC-3PR.AC-3 Remote Access Management | NIST CSF
PR.AC-4PR.AC-4: Access Permission Management | NIST CSF
PR.AC-5NIST PR.AC-5: Network Integrity Protection Guide
PR.AC-6NIST CSF PR.AC-6: Identity Proofing & Binding
PR.AC-7PR.AC-7 Risk-Based Authentication | NIST CSF
PR.AT-1PR.AT-1: Security Awareness Training | NIST CSF
PR.AT-2NIST PR.AT-2: Privileged User Training & Compliance
PR.AT-3PR.AT-3: Third-Party Security Training | NIST CSF
PR.AT-4PR.AT-4: Executive Security Training | NIST CSF
PR.AT-5PR.AT-5: Security Personnel Training | NIST CSF
PR.DS-1PR.DS-1: Data at Rest Protection | NIST CSF
PR.DS-2PR.DS-2: Data in Transit Protection | NIST CSF
PR.DS-3PR.DS-3: Asset Lifecycle Management | NIST CSF
PR.DS-4PR.DS-4 Capacity Management | NIST CSF Guide
PR.DS-5PR.DS-5: Data Leak Prevention | NIST CSF Control
PR.DS-6PR.DS-6: Integrity Verification | NIST CSF Control
PR.DS-7PR.DS-7 Environment Separation | NIST CSF Control
PR.DS-8PR.DS-8: Hardware Integrity Verification | NIST CSF
PR.IP-1PR.IP-1: Baseline Configuration Management | NIST CSF
PR.IP-10PR.IP-10: Response and Recovery Plan Testing | NIST CSF
PR.IP-11PR.IP-11: Cybersecurity in Human Resources | NIST CSF
PR.IP-12PR.IP-12 Vulnerability Management Plan | NIST CSF
PR.IP-2NIST PR.IP-2: System Development Life Cycle Control
PR.IP-3PR.IP-3 Configuration Change Control | NIST CSF
PR.IP-4PR.IP-4: Information Backup and Testing | NIST CSF
PR.IP-5NIST PR.IP-5: Physical Operating Environment Compliance
PR.IP-6NIST PR.IP-6: Data Destruction Policy Control
PR.IP-7NIST CSF PR.IP-7: Protection Process Improvement
PR.IP-8PR.IP-8: Protection Technology Effectiveness Sharing | NIST CSF
PR.IP-9PR.IP-9: Response & Recovery Planning | NIST CSF
PR.MA-1PR.MA-1: Asset Maintenance Logging | NIST CSF
PR.MA-2NIST PR.MA-2: Secure Remote Maintenance Control
PR.PT-1NIST PR.PT-1: Audit Log Management Control
PR.PT-2NIST PR.PT-2: Removable Media Controls & Policy
PR.PT-3PR.PT-3: Least Functionality Configuration | NIST CSF
PR.PT-4NIST CSF PR.PT-4: Network Protection Controls
PR.PT-5PR.PT-5: Resilience Mechanisms | NIST CSF Control
RC.CO-1RC.CO-1: Recovery Public Relations Management | NIST CSF
RC.CO-2NIST RC.CO-2: Incident Reputation Repair | GRCWatch
RC.CO-3RC.CO-3 Recovery Communication | NIST CSF Control
RC.IM-1RC.IM-1: Recovery Plan Lessons Learned | NIST CSF
RC.IM-2RC.IM-2: Recovery Strategy Updates | NIST CSF
RC.RP-1RC.RP-1 Recovery Plan Execution | NIST CSF
RS.AN-1RS.AN-1: Detection Notification Investigation | NIST CSF
RS.AN-2RS.AN-2 Incident Impact Analysis | NIST CSF Control
RS.AN-3RS.AN-3: Incident Forensics | NIST CSF Control
RS.AN-4RS.AN-4 Incident Categorization | NIST CSF Control
RS.AN-5NIST RS.AN-5: Vulnerability Disclosure Response
RS.CO-1RS.CO-1: Define Response Roles & Operations Order | NIST CSF
RS.CO-2RS.CO-2 Incident Reporting | NIST CSF Control
RS.CO-3RS.CO-3: Response Information Sharing | NIST CSF
RS.CO-4RS.CO-4: Stakeholder Response Coordination | NIST CSF
RS.CO-5RS.CO-5: External Cybersecurity Information Sharing | NIST CSF
RS.IM-1RS.IM-1: Response Plan Lessons Learned | NIST CSF
RS.IM-2RS.IM-2: Response Strategy Updates | NIST CSF
RS.MI-1RS.MI-1 Incident Containment | NIST CSF Control
RS.MI-2RS.MI-2 Incident Mitigation | NIST CSF Control
RS.MI-3NIST CSF RS.MI-3: New Vulnerability Mitigation Control
RS.RP-1RS.RP-1: Incident Response Plan Execution | NIST CSF