CSF Identifiers: Difference between revisions

From CMMC Toolkit Wiki
Jump to navigation Jump to search
No edit summary
m (Wikiadmin moved page Function and Category Identifiers to CSF Identifiers without leaving a redirect)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''Source of Reference: official [https://www.nist.gov/cyberframework/online-learning/components-framework Cybersecurity Framework Components] from National Institute of Standards and Technology (NIST).'''
For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you.
{|class="wikitable" style="width: 85%;"
{|class="wikitable" style="width: 85%;"
! style="width: 15%"| Function Unique Identifier
! style="width: 15%"| Function Unique Identifier
Line 56: Line 60:
|Detection Process
|Detection Process
|-
|-
|'''Specialized Assets'''
|rowspan="5" style="text-align:center;"|'''RS'''
|
|rowspan="5" style="text-align:center;"|Respond
* Assets that may or may not process, store, or transmit CUI
|style="text-align:center;"|RS.RP
* Assets include: government property, Internet of Things (IoT) devices, Operational Technology (OT), Restricted Information Systems, and Test Equipment
|Response Planning
|
* Review the SSP in accordance with practice CA.L2-3.12.4
* Do not assess against other CMMC practices
|-
|-
|colspan="4"|Assets that are not in the CMMC Assessment Scope
|style="text-align:center;"|RS.CO
|Communications
|-
|-
|'''Out-of-Scope Assets'''
|style="text-align:center;"|RS.AN
|
|Analysis
* Assets that cannot process, store, or transmit CUI
|-
|
|style="text-align:center;"|RS.MI
* Assets are required to be physically or logically separated from CUI assets
|Mitigation
|
|-
* None
|style="text-align:center;"|RS.IM
|Improvements
|-
|rowspan="3" style="text-align:center;"|'''RC'''
|rowspan="3" style="text-align:center;"|Recovery
|style="text-align:center;"|RC.RP
|Recovery Planning
|-
|style="text-align:center;"|RC.IM
|Improvements
|-
|style="text-align:center;"|RC.CO
|Communications
|}
|}

Latest revision as of 21:08, 9 April 2023

Source of Reference: official Cybersecurity Framework Components from National Institute of Standards and Technology (NIST).

For inquiries and reporting errors on this wiki, please contact us. Thank you.

Function Unique Identifier Function Category Unique Identifier Category
ID Identify ID.AM Asset Management
ID.BE Business Environment
ID.GV Governance
ID.RA Risk Assessment
ID.RM Risk Management Strategy
ID.SC Business Environment
PR Protect PR.AC Identity Management and Access Control
PR.AT Awareness and Training
PR.DS Data Security
PR.IP Information Protection Processes and Procedures
PR.MA Maintenance
PR.PT Protective Technology
DE Detect DE.AE Anomalies and Events
DE.CM Security Continuous Monitoring
DE.DP Detection Process
RS Respond RS.RP Response Planning
RS.CO Communications
RS.AN Analysis
RS.MI Mitigation
RS.IM Improvements
RC Recovery RC.RP Recovery Planning
RC.IM Improvements
RC.CO Communications