Table Mapping NIST to Essential Cybersecurity Controls

NIST CSF CategoryNIST CSF SubcategoryEssential Cybersecurity Control
IdentifyAsset ManagementInventory and Control of Hardware Assets
IdentifyAsset ManagementInventory and Control of Software Assets
IdentifyAsset ManagementData Inventory and Classification
IdentifyRisk AssessmentRisk Assessment
IdentifyRisk AssessmentVulnerability Management
ProtectAccess ControlAccount Management
ProtectAccess ControlLeast Privilege
ProtectAwareness TrainingSecurity Awareness and Training Programs
ProtectData SecurityData Encryption
ProtectData SecurityData Loss Prevention
DetectAnomalies and EventsIntrusion Detection Systems
DetectAnomalies and EventsSecurity Information and Event Management (SIEM)
DetectSecurity Continuous MonitoringContinuous Monitoring
RespondIncident ResponseIncident Response Plan
RespondIncident ResponseIncident Response Team
RespondCommunicationsCommunication Plan
RespondRecovery PlanningDisaster Recovery Plan
RecoverRecovery PlanningBackup and Recovery
RecoverRecovery PlanningBusiness Continuity Plan
Note: This table provides a basic mapping between NIST CSF categories and some essential cybersecurity controls. Depending on your specific requirements, industry, and regulatory environment, you may need to consult additional NIST publications and frameworks, such as NIST SP 800-53, to develop a more comprehensive mapping. Additionally, organizations often customize controls based on their unique risk profile and operational needs.

Leave a comment