Creating the NIST CSF Full Assessment
1. From the bottom left aggregate menu, select the up chevron (1) and create a new CSF Full Assessment (2).
Select the CSF Full Assessment
Once the new assessment has been created the details need to be entered. The first question in the NIST CSF Full assessment is in the IDENTIFY (ID) section, and the category ID.AM – Asset Management.
The NIST CSF Assessment has five main functions (1) provided as tabs along the top of the assessment page. Those 5 functions are navigational also via the left-hand assessment menu, which provides entry point to the assessment categories (2) under each function.
Select the CSF Full Assessment
Select the CSF Full Assessment
Function Category Examples of Outcomes
Identify
|
|
The Identify Function assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.
|
|
Asset Management
|
Identifying physical and software assets within the organization to establish the basis of an Asset Management program.
|
|
Business Environment
|
Identifying the Business Environment the organization supports including the organization's role in the supply chain, and the organizations place in the critical infrastructure sector.
|
|
Governance
|
Identifying cybersecurity policies established within the organization to define the Governance program as well as identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization.
|
|
Risk Assessment
|
Identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities as a basis for the organizations Risk Assessment.
|
|
Risk Management Strategy
|
Identifying a Risk Management Strategy for the organization including establishing risk tolerances.
|
|
Supply Chain Risk Management
|
Identifying a Supply Chain Risk Management strategy including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks.
|
Protect
|
|
The Protect Function outlines appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.
|
|
Identity Management, Auth and Access Control
|
Protections for Identity Management and Access Control within the organization including physical and remote access.
|
|
Awareness and Training
|
Empowering staff within the organization through Awareness and Training including role based and privileged user training.
|
|
Data Security
|
Establishing Data Security protection consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information.
|
|
Info Protection Processes and Procedures
|
Implementing Information Protection Processes and Procedures to maintain and manage the protections of information systems and assets.
|
|
Maintenance
|
Protecting organizational resources through Maintenance, including remote maintenance, activities.
|
|
Protective Technologies
|
Managing Protective Technology to ensure the security and resilience of systems and assists are consistent with organizational policies, procedures, and agreements.
|
Detect
|
|
The Detect Function defines the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events.
|
|
Anomalies and Events
|
Ensuring Anomalies and Events are detected, and their potential impact is understood.
|
|
Security Continuous Monitoring
|
Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities.
|
|
Detection Processes
|
Maintaining Detection Processes to provide awareness of anomalous events.
|
Respond
|
|
The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.
|
|
Response Planning
|
Ensuring Response Planning process are executed during and after an incident.
|
|
Communications
|
Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate.
|
|
Analysis
|
Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents.
|
|
Mitigation
|
Mitigation activities are performed to prevent expansion of an event and to resolve the incident.
|
|
Improvements
|
The organization implements Improvements by incorporating lessons learned from current and previous detection/response activities.
|
Recover
|
|
The Recover Function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.
|
|
Recovery Planning
|
Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents.
|
|
Improvements
|
Implementing Improvements based on lessons learned and reviews of existing strategies.
|
|
Communications
|
Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident.
|
Response Options
The response options are the buttons on the main assessment page that depending on assessment are labeled as Incomplete, Initial, Managed, Defined, Quantitatively Managed, Optimizing, Not Implemented, Partially Implemented, Largely Implemented, Fully Implemented, etc.
To respond with either of those options, select the button based on the correct state for your response.
Hover Options
Hovering over the responses displays a explanation of the different response levels available.
Hover options
To the right side of an assessment information is provided in 4 tabbed categories, Activity, Evidence, Help, and Advice.
Activity
Provides information about latest edits/updates to the assessment section. It lists action items and contains potential notes.
Under Action items, add any action items relevant to the control or subcategory, such as “Ensure Asset Management Inventory is up to date and add regular cadence to review”. You can assign the Action Item to any user who has access to the assessment and set a date for when the action item should be completed.
For example for notes, you can type any notes which may be relevant to the response such as “ACME company has an Asset Management program in place, however it is not regularly reviewed for accuracy and completeness.” To save any notes, click Save prior navigating to another response.
Note: : Axio360 can be integrated with ticketing systems, such as ServiceNow’s Service Manager. Configuration Manager including Microsoft’s Configuration Manager, formerly known as Systems Center, Microsoft Intune, Microsoft Desktop Analytics, Microsoft Autopilot, and several other features and it will be referred to in several locations in this assessment.
Evidence
On this tab any supporting evidence can be linked and uploaded to the assessment. Add any evidence related to the response. Under Links to Supporting Evidence, you can add the name of your document and link location. Click Save prior navigating to another response.
Note: Axio does not store any evidence documents within the Axio360 platform. But external links are supported with various file management platforms including Microsoft SharePoint, Box.com and Dropbox.
Help
On the Help tab supporting references are provided. Those are links and references to regulations pertaining to the assessment type. The help is in context to the specific control selected.
Help tab
Advice
On the Advise tab users can ask an Axio Expert a question. The Axio Expert will be notified and respond as soon as possible. The question and answer will be available to the entire Axio community.
Advice tab
Applying Target Profiles
- Next to your user avatar find Profile, switch from Current to Target.This sets our next actions as the targets we are trying to achieve over time. Setting questions as targets can also be done by toggling via "click+shift" when selecting a question.
- Once you are toggled to the Target, select the level for which you want to set your Target Profile. Axio recommends setting a target to a level that is attainable within the next year.You can also set target dates for when the target should be achieved.
- Change the Profile back to Current to see targets plus the dates that have been modified for each of the questions.
Current profile with target dates specified
Generating a Report
After an assessment is complete you may create a report.
- On the bottom left, click Full Report.
- At the prompt, either select Display notes inline or in an appendix at the end.
- Click on Generate Report. Depending on the amount of data already entered, generating a report might take a moment.
- When the report is ready, generate a PDF version of the NIST CSF, Axio generated report. You receive a screen notification that the Report generation is complete.
- Select View to view the report.
Comments
0 comments
Please sign in to leave a comment.