implementing the nist cybersecurity framework (csf)rs.rp response planning rs.co communications...
TRANSCRIPT
Tier 1:Partial
Tier 2:Risk Informed
Tier 3:Repeatable
Tier 4:Adaptive
Implementing the NIST Cybersecurity Framework (CSF)
Continuous Security Assessment and Remediation for the Hybrid Cloud
Develop the organizational understanding to manage security risk to systems,
assets, data, and capabilities.
ID.AM Asset ManagementID.BE Business EnvironmentID.GV GovernanceID.RA Risk AssessmentID.RM Risk ManagementID.SC Supply Chain Risk Management
ID.RA Risk AssessmentThe organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
ID.RA-1 Asset vulnerabilities are identified and documented• CCS CSC4• COBIT 5• ISA 62443-2-1:2009• ISO/IEC 27001:2013• NIST SP 800-53 Rev. 4
• ID.RA-1 Asset vulnerabilities are identified and documented
• ID.RA-2 Cyber threat intelligence and vulnerability information is received from information sharing forums and sources
• ID.RA-3 Threats, both internal and external, are identified and documented
• ID.RA-4 Potential business impacts and likelihoods are identified
• ID.RA-5 Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
NIST SP 800-53 Rev. 4• CA-2 CA-7 CA-8• RA-3 RA-5• SA-5 SA-11• SI-2 SI-4 SI-5
Red Hat Enterprise Linux 7CA-2: Ensure separate partition exists for /tmpCA-2: Ensure nodev option set on /tmp partitionCA-2: Ensure nosuid option set of /tmp partitionCA-2: Disable Automounting
Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Protect (PR)
Respond (RS)
Recover (RC)
PR.AC Access ControlPR.AT Awareness and TrainingPR.DS Data SecurityPR.IP Information Protection Processes and ProceduresPR.MA MaintenancePR.PT Protective Technology
DE.AE Anomalies and EventsDE.CM Security Continuous MonitoringDE.DP Detection Processes
RS.RP Response Planning RS.CO CommunicationsRS.AN AnalysisRS.MI MitigationRS.IM Improvements
RC.RP Recovery PlanningRC.IM ImprovementsRC.CO Communications
Step 1: Prioritize and Scope
Step 2: Orient
Step 3: Create a Current Profile
Step 4: Conduct a Risk
Assessment
Step 5: Create a Target Profile
Step 6: Determine, Analyze, and
Prioritize Gaps
Step 7: Implement Action Plan
Identify (ID)Function
Detect (DE)
Category
Sub-categories
InformativeReferences
and Controls
1
4
Individual controls mapped to specific tests against the Target of
Evaluation – RHEL 7
Ensure separate partition exists for /tmpBenchmark: NIST RedHat Linux 7 Benchmark SCAPReferenceID: xccdf_org.cisecurity.benchmarks_rule_1.1.2_Ensure_separate_partition_exists_for_tmp
SpecificPolicy
CSF Goals
Cavirin curated policy packs do the heavy lifting in mapping the framework to actionable recommendations
3Desired Tier impacts Target Profile
Defined by:• Risk Management Process• Integrated Risk Management Program• External Participation• Cyber Supply Chain Risk Management
5 Cavirin Implementation
Implement Action Plan
Create Current Profile
Assess and Prioritize Gaps
Conduct Risk Assessment
OrientPrioritize and Scope
2Cavirin automates the suggested NIST process
References:https://www.nist.gov/cyberframeworkhttps://http://static.cavirin.com/hubfs/whitepapers/Cavirin%20CSF%20WP.pdfhttps://www.cavirin.com/solutions/nist-support.html
• Describe current and target state• Identify and prioritize opportunities for improvement• Assess progress and communicate across organization• Complement existing processes and programs