NIST Cybersecurity Framework in MOSP

收藏待读

http://objects.monarc.lu/object/view/27

Name

NIST Core

Description

The NIST Cybersecurity Framework is US Government guidance for private sector organizations that own, operate, or supply critical infrastructure. It provides a reasonable base level of cyber security. It establishes basic processes and essential controls for cybersecurity.

Owning organization

MONARC

Validating JSON schema

Referentials (provided byMONARC)

Creator

Cedric

License

Creative Commons Zero v1.0 Universal

Download the object

{
    "authors": [
        "The MONARC project"
    ],
    "label": "NIST Core",
    "measures": [
        {
            "category": "Asset Management (ID.AM)",
            "code": "1_ID.AM-1",
            "label": "Physical devices and systems within the organization are inventoried",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac94"
        },
        {
            "category": "Asset Management (ID.AM)",
            "code": "1_ID.AM-2",
            "label": "Software platforms and applications within the organization are inventoried",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac95"
        },
        {
            "category": "Asset Management (ID.AM)",
            "code": "1_ID.AM-3",
            "label": "Organizational communication and data flows are mapped",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac94"
        },
        {
            "category": "Asset Management (ID.AM)",
            "code": "1_ID.AM-4",
            "label": "External information systems are catalogued",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac92"
        },
        {
            "category": "Asset Management (ID.AM)",
            "code": "1_ID.AM-5",
            "label": "Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac93"
        },
        {
            "category": "Asset Management (ID.AM)",
            "code": "1_ID.AM-6",
            "label": "Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac91"
        },
        {
            "category": "Business Environment (ID.BE)",
            "code": "1_ID.BE-1",
            "label": "The organizationu2019s role in the supply chain is identified and communicated",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac90"
        },
        {
            "category": "Business Environment (ID.BE)",
            "code": "1_ID.BE-2",
            "label": "The organizationu2019s place in critical infrastructure and its industry sector is identified and communicated",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac89"
        },
        {
            "category": "Business Environment (ID.BE)",
            "code": "1_ID.BE-3",
            "label": "Priorities for organizational mission, objectives, and activities are established and communicated",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac88"
        },
        {
            "category": "Business Environment (ID.BE)",
            "code": "1_ID.BE-4",
            "label": "Dependencies and critical functions for delivery of critical services are established",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac87"
        },
        {
            "category": "Business Environment (ID.BE)",
            "code": "1_ID.BE-5",
            "label": "Resilience requirements to support delivery of critical services are established",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac86"
        },
        {
            "category": "Governance (ID.GV)",
            "code": "1_ID.GV-1",
            "label": "Organizational information security policy is established",
            "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac87"
        }
    ],
    "uniqid": "fcf78560-3d12-42ba-8f4a-5761ca02ac94",
    "version": "1.0"
}

相關閱讀

免责声明:本文内容来源于Hacker News,已注明原文出处和链接,文章观点不代表立场,如若侵犯到您的权益,或涉不实谣言,敬请向我们提出检举。