Axon NIST CSF Compliance Bundle
National Institute of Standards & Technology (NIST) Cybersecurity Framework (CSF)
Disclaimer: Organizations are not required as a matter of law to comply with this document, unless legislation, or a direction given under legislation or by some other lawful authority, compels them to comply. This document does not override any obligations imposed by legislation or law. Furthermore, if this document conflicts with legislation or law, the latter takes precedence.
NIST Cybersecurity Framework (CSF) provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes.
The structure of the CSF framework is a taxonomy of high-level cybersecurity outcomes that can help any organization manage its cybersecurity risks. The CSF Core components are a hierarchy of Functions, Categories, and Subcategories that detail each outcome.
NIST CSF Core | ||
|---|---|---|
Function | Category | Category Identifier |
Govern (GV) | Organizational Context | GV.OC |
Risk Management Strategy | GV.RM | |
Roles, Responsibilities, and Authorities | GV.RR | |
Policy | GV.PO | |
Oversight | GV.OV | |
Cybersecurity Supply Chain Risk Management | GV.SC | |
Identify (ID) | Asset Management | ID.AM |
Risk Assessment | ID.RA | |
Improvement | ID.IM | |
Protect (PR) | Identity Management, Authentication, and Access Control | PR.AA |
Awareness and Training | PR.AT | |
Data Security | PR.DS | |
Platform Security | PR.PS | |
Technology Infrastructure Resilience | PR.IR | |
Detect (DE) | Continuous Monitoring | DE.CM |
Adverse Event Analysis | DE.AE | |
Respond (RS) | Incident Management | RS.MA |
Incident Analysis | RS.AN | |
Incident Response Reporting and Communication | RS.CO | |
Incident Mitigation | RS.MI | |
Recover (RC) | Incident Recovery Plan Execution | RC.RP |
Incident Recovery Communication | RC.CO | |
LogRhythm’s NIST CSF content provides augmented support for CSF objectives through a collection of pre-bundled searches, lists, dashboards, and reports. All Dashboards are supplied with data from the underlying searches. You can then schedule reports from the searches for periodic generation and delivery, or generate them on demand. To identify areas of non-compliance in real-time, you can leverage the dashboard for immediate analysis of activities that impact your organization's in-scope systems.
The CSF is not intended to be used alone but in conjunction with other resources (e.g., frameworks, standards, guidelines, leading practices) to better manage cybersecurity risks and inform the overall management of information and communications technology (ICT) risks at an enterprise level. The CSF is a flexible framework that is intended to be tailored for use by all organizations regardless of size. LogRhythm’s supporting content is informed by other NIST Special Publications that align with the CSF functions.
Please refer to our User Guide for detailed information and implementation guidance on the included searches, lists, and dashboards.
NIST CSF dashboards and searches can be obtained from the compliance folder within the Axon Content GitHub repository.
Additional Resources
NIST provides an abundance of resources for their guidelines (NIST CSF) to assist organizations with their implementations and assessments:
Document Library
CSF 2.0
Quick Start Guides
CSF 2.0 Profiles
Informative References (Mappings) - Use of this section of the NIST website is highly encourage to see how the CSF functions align with other frameworks you need to follow or already follow.
Use of NIST’s resource center is highly encouraged in use alongside the supplemental LogRhythm supporting documentation. Refer to NIST CSF for information about these and other resources.