Contact Us
Cavirin Systems, Inc. Cavirin Systems, Inc.
 
  • Product
  • Environments
    • AWS
    • Azure
    • Google Cloud
    • Docker/Kubernetes
  • Solutions
    • Secure Cloud
    • Secure Compute
    • Cloud Compliance
  • Customers
  • Resources
  • Blog
  • Support
  • Search Icon
  • Home
  • Login

Mapping the NIST Cybersecurity Framework (CSF) to the Target of Evaluation

Mapping the NIST Cybersecurity Framework (CSF) to the Target of Evaluation

There is a great deal of interest in the NIST CSF and how to apply it within an organization.  Cavirin recently hosted a webinar detailing the rationale behind the framework, the suggested implementation process, and most importantly, the actual mapping to specific policies and controls.  Here, we detail this third point.

The CSF outlines five major functions – Identify, Protect, Detect, Respond, and Recover.  Using Identify as an example, the workflow is as follows:

So, mapping of the CSF to an organization’s environment is first accomplished by selecting the proper reference and control, and then selecting the Target of Evaluation, aka the operating system to which the control applies.  In the example above, ‘Ensuring separate partition exists for /tmp’ is one of literally dozens of controls that apply to RHEL7 and within ID-RA-1.  The audit and remediation for this is detailed within the CIS Red Hat Enterprise Linux 7 Benchmark, and specifically section 1.1.2.

We detail how this workflow matches the Cavirin Platform implementation, in our new infographic, as well as in a whitepaper available via NIST.   Visit https://www.cavirin.com/solutions/continuous-compliance/nist-cybersecurity.html to learn more!     

 

Details
Written by David Ginsburg
Category: Security Compliance Platform
  • Compliance
  • Remediation
  • NIST
  • CSF
  • Prev
  • Next

Subscribe

Tag Cloud

  • security platform
  • Remediation
  • NIST
  • Hybrid-Infrastructure
  • hybrid cloud
  • hipaa
  • Devops
  • Data Security
  • Cybersecurity
  • CyberPosture
  • Containers
  • Compliance
  • Cloud Security
  • CIS Benchmarks
  • AWS

Categories

  • Continuous Security Assessment & Remediation (18)

  • Amazon Web Services (AWS) (4)

  • Cloud Migration (6)

  • CyberPosture (8)

  • DevOps (11)

  • Docker Container Security (8)

  • Google Cloud Platform (GCP) (2)

  • Regulatory Compliance (9)

  • Risk Management & Analytics (3)

  • Security Compliance Platform (10)

  • Security Programs and ISMS (4)

  • Trending in Security (29)

About Cavirin

Cavirin is the only organization that delivers cyberposture intelligence for the hybrid cloud by providing real-time risk & cybersecurity posture management, continuous compliance, further integrating security into DevOps.

Company

  • About Us
  • Leadership
  • Advisory Board
  • Careers
  • News & Events
  • Contact
  • End User License Agreement

Cavirin Partners

  • Partners
  • Partner with Cavirin
  • Global Channel Partners
  • Technology Alliances
  • Partner Program

Contact Us

Phone: 408-200-3544
Email: info@cavirin.com

5201 Great America Pkwy.
Suite 419,
Santa Clara,
CA 95054

© 2019 Cavirin Systems, Inc. All rights reserved.

  • Login
  • Support Desk
  • Privacy Policy
  • Sitemap
  •   
  •   
  •   
How can we help you
X