NIST Risk Management Framework – SP 800-18

Categorize Select Implement Assess Authorize Monitor

System Controls Controls Controls System Controls Cybersecurity Architecture Security Controls vs NIST
Identify
Information Security Office MSSPs Roadmap Cybersecurity Framework
Governance
Version 2.1 – April 2019 © Adrian Grigorof
Incident Response and Recovery Configuration Management Managed NAC Risk Assessments
Asset Management Patch Management Managed SIEM Currently implemented
Compliance
Vulnerability Management Security Governance Managed Firewalls/IDS/IPS/Web Filtering 2019 implementation
Configuration Management
SIEM & Analytics Awareness and Training Managed IPS/IDS 2020 implementation
Vulnerability Scanning
Not on the roadmap

NIST SP 800-53 - Security and Privacy Controls for. Federal Information Systems and Organizations
Penetration Testing / Red Teaming Security Architecture eDiscovery / Forensics Retainer
Penetration Testing
eDiscovery / Forensics Risk Assessments / Compliance Threat Hunting Detect
Asset Management
Threat Hunting Supply Chain Risk Management Managed Detection and Response
SIEM & Analytics

Intrusion Detection (IDS/IPS)

Protect
Clients Hybrid Infrastructure Vulnerability Scanning
Firewalls / ACLs
Wireless IDS
IoT 3rd Party Hosting Public Cloud Software as a Service Remote Access (VPN)
On-premises & Mobile On-premises Private Cloud Endpoint EDR / HIDS
Operational Technologies (SaaS)
Endpoint Protection (EP)
Endpoint DLP
Firewall Firewall Firewall Firewall Email
Managed Clients Antimalware
Email Antimalware
Edge DLP
IPS IPS EP IPS Intrusion Prevention (IPS)
SSO Edge Antimalware
Web Filtering WAF WAF Cloud DLP
MFA Web Filtering
Edge DLP DLP WAF SSL Decryption
CASB Identity and Access
Extranet / DMZ

Endpoint Protection (EP) Antimalware FIM Management (IDAM) NMS

Endpoint Encryption (EE) SSL Decryption Single Sign-On (SSO) File Integrity Monitoring
(FIM)
Endpoint DLP WAF Multi-Factor
Authentication (MFA) Baselining
FIM
Endpoint DR
Privileged Access Threat Hunting
EDR
Device Authentication Management (PAM)
Threat Intelligence Feeds
VPN Client IDAM Governance
Deception / Honeypots
Firewall Firewall Firewall EP Network Access Control
Code Analysis
(NAC)
EP EP EP EDR
Endpoints

CASB Mobile Device Management

DLP FIM EDR FIM (MDM)
MDM
EDR FIM DB Encryption Endpoint Encryption (EE) Respond
NAC
FIM DB Encryption Application Database Audit Monitoring
MFA Incident Response and
Segmentation
DB Encryption Recovery
Device Authentication
Endpoint Detection and
Web Application Firewall Response
(WAF)
LAN / WLAN

NAC NAC ACLs

eDiscovery / Forensics
ACLs ACLs Database Encryption

Wireless IDS Wireless IDS Cloud Access Security Broker

(CASB)
NMS NMS Recover
Application Segmentation

Public Key Disaster Recovery Planning

Infrastructure ( PKI)
Privileged Access Management (PAM)
Key Management Incident Response and
Identity and Access Management (IDAM) / IDAM Governance Recovery
DDoS Protection
Log Collection / Monitoring / Baselining
Application Whitelisting
Vulnerability / Patch Management / Backup and Disaster Recovery / PKI / Key Management

Asset Management