February

20242NISTCSF2.0:RESOURCE&OVERVIEWGUIDE

NISTCSF20TheTheNISTCybersecurityFramework(CSF)2.0canhelporganizationsmanageandreducetheirrisksastheystartorimprovetheircybersecurityprogram.TheCSFoutlinesspecificoutcomesthatorganizationscanachievetoaddressrisk.OtherNISTresourceshelpexplainspecificactionsthatcanbetakentoachieveeachoutcome.ThisguideisasupplementtotheNISTCSFandisnotintendedtoreplaceit.TheCSF2.0,alongwithNIST’ssupplementaryresources,canbeusedbyorganizationstounderstand,assess,prioritize,andcommunicatecybersecurityrisks;itisparticularlyusefulforfosteringinternalandexternalcommunicationacrossteams—aswellasintegratingwithbroaderriskmanagementstrategies.TheCSF2.0isorganizedbysixFunctions—Govern,Identify,Protect,Detect,Respond,andRecover.Together,theseFunctionsprovideacomprehensiveviewformanagingcybersecurityrisk.ThisResource&OverviewGuideoffersdetailsabouteachFunctiontoserveaspotentialstartingpoints.TheCSF2.0iscomprisedCSFCore-Ataxonomyofhigh-levelcybersecurityoutcomesthatcanhelpanyorganizationmanageCSFOrganizationalProfiles-Amechanismfordescribinganorganization’scurrentand/ortargetcybersecuritypostureintermsoftheCSFCore’soutcomes.CSFTiers-CanbeappliedtoCSFOrganizationalProfilestocharacterizetherigorofanorganization’scybersecurityriskgovernanceandmanagementpractices.美國國家標(biāo)準(zhǔn)與技術(shù)研究院網(wǎng)絡(luò)安全框架（CSF）2.0低其網(wǎng)絡(luò)安全風(fēng)險(xiǎn)。CSF概述了組織可以實(shí)現(xiàn)的特定成果，以應(yīng)對風(fēng)險(xiǎn)。其他美國國家標(biāo)準(zhǔn)與技術(shù)研究院資源有助于解釋為實(shí)現(xiàn)每個(gè)成果可以采取的具體行動(dòng)。本指南是美國國家標(biāo)準(zhǔn)與技術(shù)研究院CSFCSF2.0以及美國國家標(biāo)準(zhǔn)與技術(shù)研究院的補(bǔ)充資源可以被組織用來理解、評估、優(yōu)先排序和溝通網(wǎng)絡(luò)功能共同提供了一個(gè)全面的管理網(wǎng)絡(luò)安全風(fēng)險(xiǎn)的觀點(diǎn)。本資源&概述指南提供了關(guān)于每個(gè)功能的詳細(xì)信息，CSF2.0CSF核心?CSF組織概況一種描述組CSFCSF層級?可應(yīng)用于CSFWHATISWHATISTHECSF2.0…ANDPOPULARWAYSTOUSEWHATCSF2.0NISTCSF2.0:RESOURCE&OVERVIEWGUIDEEXPLOREMORECSF2.0

NISTCSF2.0:CSF2.0AdditionalAdditionalResourcesCSFCSFViewandcreatemappingsbetweenCSF2.0andotherdocuments.DoyouwanttosubmityourmappingstoNISTdocumentsandhavethemViewandcreatemappingsbetweenCSF2.0andotherdocuments.DoyouwanttosubmityourmappingstoNISTdocumentsandhavethemdisplayedonoursite?Pleasefollowthelinktotheleftoremailolir@ifyouhaveanyquestions.ViewandcreatemappingsbetweenCSF2.0andotherNIST您有任何問題，請點(diǎn)擊左側(cè)鏈接或發(fā)送郵件至olir@。BrowseanddownloadtheCSF2.0Core&mappedcontent.CPRTprovidesacentralized,standardized,andBrowseanddownloadtheCSF2.0Core&mappedcontent.CPRTprovidesacentralized,standardized,andmodernizedmechanismformanagingreferencedatasets(andoffersaconsistentformatforaccessingreferencedatafromvariousNISTcybersecurityandprivacystandards,guidelines,andframeworks).&PrivacyBrowseanddownloadtheCSF2.0Core&mappedcontent.CPRTprovidesacentralized,standardized,andmodernizedmechanismformanagingreferencedatasets(andoffersaconsistentformatforaccessingreferencedatafromvariousNISTcybersecurityandprivacystandards,guidelines,andframeworks).&PrivacyViewanddownloadnotionalexamplesofconcise,action-orientedstepstohelpachievetheoutcomesoftheCSF2.0SubcategoriesinadditiontotheguidanceprovidedintheInformativeReferences.助實(shí)現(xiàn)CSF2.0子類別的成果，此外還包括信息參考中提供的指導(dǎo)。Accesshumanandmachine-readableversionsoftheCore(inJSONandExcel).YoucanalsoviewandexportportionsoftheCoreusingkeysearchterms.CSF訪問核心內(nèi)容的機(jī)器可讀和人類可讀版本（JSONExcel）。工 AdditionalResourcesCommunityProfilesandProfiletemplates(helporganizationsputtheCSFintoSearchtools(simplifyandstreamlineasyoulookforspecificConceptpapers(learnmoreaboutvariousCSFFAQs(seewhatothersareaskingandgetanswerstotopExplorethesuiteofNIST’sCSF2.0Resource探索NIST的CSF2.0資源 NISTCSF2.0:RESOURCE&OVERVIEWGUIDE

NISTCSF2.0:RESOURCE&OVERVIEWGUIDENAVIGATINGNIST’sCSF2.0QUICKSTARTGUIDESQSGSmallBusinessProvidesSMBs,specificallythosewhohavemodestornocybersecurityplansinplace,withconsiderationstokick-starttheircybersecurityriskmanagementstrategy.SeetheCreatingandUsingProvidesallorganizationswithconsiderationsforcreatingandusingCurrentand/orTargetProfilestoimplementtheCSF2.0.SeetheUsingtheCSFExplainshowanyorganizationcanapplytheCSFTierstoOrganizationalProfilestocharacterizetherigorofitscybersecurityriskgovernanceandmanagementpractices.SeetheSupplyChainRiskHelpsallorganizationstobecomesmartacquirersandsuppliersoftechnologyproductsandservicesbyimprovingtheirC-SCRMSeetheDraftEnterpriseRiskManagement(ERM)PractitionersDetailshowEnterpriseRiskManagementpractitionerscanutilizetheoutcomesprovidedinCSF2.0toimproveorganizationalcybersecurityriskmanagement.Seethe…andmoretofollowinthe

探索小型企 擁有適度或無網(wǎng)絡(luò)安全計(jì)劃的， QCSF2.0CSF2.0QCSF解釋任何組織如何應(yīng)用CSF和管理實(shí)踐。QC?SCRMQ(ERMCSF2.0Q...andmoretofollowintheSeetheSeethecurrentonlineQSG查看當(dāng)前的在線QSG存儲(chǔ) NISTCSF2.0:RESOURCE&OVERVIEWGUIDE NISTCSF2.0:RESOURCE&OVERVIEWGUIDETheorganization’scybersecurityriskmanagementstrategy,expectations,andpolicyareestablished,communicated,andmonitored.Understandandassessspecificcybersecurityneeds.Determineyourorganization’suniquerisksandneeds.Discussthecurrentandpredictedriskenvironmentandtheamountofriskyourorganizationiswillingtoaccept.Seekinputandideasfromacrosstheorganization.Understandwhathasworkedornotworkedwellinthepastanddiscussitopenly.Developatailoredcybersecurityriskstrategy.Thisshouldbebasedonyourorganization’sspecificcybersecurityobjectives,theriskenvironment,andlessonslearnedfromthepast—andfromothers.Manage,update,anddiscussthestrategyatregularintervals.Rolesandresponsibilitiesshouldbeclear.Establishdefinedriskmanagementpolicies.Policiesshouldbeapprovedbymanagementandshouldbeorganization-wide,repeatable,andrecurring,andshouldalignwiththecurrentcybersecuritythreatenvironment,risks(whichwillchangeovertime),andmissionobjectives.Embedpoliciesincompanyculturetohelpdriveandinspiretheabilitytomakeinformeddecisions.Accountforlegal,regulatory,andcontractualDevelopandcommunicateorganizationalcybersecuritypractices.Thesemustbestraightforwardandcommunicatedregularly.Theyshouldreflecttheapplicationofriskmanagementtochangesinmissionorbusinessrequirements,threats,andoveralltechnicallandscape.Documentpracticesandsharethemwithroomforfeedbackandtheagilitytochangecourse.Establishandmonitorcybersecuritysupplychainriskmanagement.Establishstrategy,policy,androlesandresponsibilities—includingforoverseeingsuppliers,customers,andpartners.Incorporaterequirementsintocontracts.Involvepartnersandsuppliersinplanning,response,andrecovery.Implementcontinuousoversightandcheckpoints.Analyzerisksatregularintervalsandmonitorthemcontinuously(justasyouwouldwithfinancial

Theorganization’scurrentcybersecurityrisksareunderstood.Identifycriticalbusinessprocessesandassets.Considerwhichofyourorganization’sactivitiesabsolutelymustcontinuetobeviable.Forexample,thiscouldbemaintainingawebsitetoretrievepayments,securelyprotectingcustomer/patientinformation,orensuringthattheinformationcriticaltoyourorganizationremainsaccessibleandaccurate.Maintaininventoriesofhardware,software,services,andsystems.Knowwhatcomputersandsoftwareyourorganizationuses—includingservicesprovidedbysuppliers—becausethesearefrequentlytheentrypointsofmaliciousactors.Thisinventorycouldbeassimpleasaspreadsheet.Considerincludingowned,leased,andemployees’personaldevicesandapps.Documentinformationflows.Considerwhattypeofinformationyourorganizationcollectsanduses(andwherethedataarelocatedandhowtheyareused),especiallywhencontractsandexternalpartnersareIdentifythreats,vulnerabilities,andrisktoassets.Informedbyknowledgeofinternalandexternalthreats,risksshouldbeidentified,assessed,anddocumented.Examplesofwaystodocumentthemincluderiskregisters–repositoriesofriskinformation,includingdataaboutrisksovertime.Ensureriskresponsesareidentified,prioritized,andexecuted,andthatresultsaremonitored.Lessonslearnedareusedtoidentifyimprovements.Whenconductingday-to-daybusinessoperations,itisimportanttoidentifywaystofurtherrefineorenhanceperformance,includingopportunitiestobettermanageandreducecybersecurityrisks.Thisrequirespurposefuleffortbyyourorganizationatalllevels.Ifthereisanincident,assesswhathappened.Prepareanafter-actionreportthatdocumentstheincident,theresponse,recoveryactionstaken,andlessonslearned.

T政策應(yīng)由管理層批準(zhǔn)，

文檔信息流.考慮您的組織收集和使用的信息類識別資產(chǎn)面臨的威脅、漏洞和風(fēng)險(xiǎn)。<brNISTCSF2.0:RESOURCE&OVERVIEWGUIDE NISTCSF2.0:RESOURCE&OVERVIEWGUIDE

Safeguardstomanagetherisksareused.Manageaccess.Createuniqueaccountsforemployeesandensureusersonlyhaveaccesstonecessaryresources.Authenticateusersbeforetheyaregrantedaccesstoinformation,computers,andapplications.ManageandtrackphysicalaccesstoTrainusers.Regularlytrainemployeestoensuretheyareawareofcybersecuritypoliciesandproceduresandthattheyhavetheknowledgeandskillstoperformgeneralandspecifictasks;explainhowtorecognizecommonattacksandreportsuspiciousactivity.Certainrolesmayrequireextratraining.Protectandmonitoryourdevices.Considerusingendpointsecurityproducts.Applyuniformconfigurationstodevicesandcontrolchangestodeviceconfigurations.Disableservicesorfeaturesthatdon'tsupportmissionfunctions.Configuresystemsandservicestogeneratelogrecords.Ensuredevicesaredisposedofsecurely.Protectsensitivedata.Ensuresensitivestoredortransmitteddataareprotectedbyencryption.Considerutilizingintegritycheckingsoonlyapprovedchangesaremadetodata.Securelydeleteand/ordestroydatawhennolongerneededorrequired.Manageandmaintainsoftware.Regularlyupdateoperatingsystemsandapplications;enableautomaticupdates.Replaceend-of-lifesoftwarewithsupportedversions.Considerusingsoftwaretoolstoscandevicesforadditionalvulnerabilitiesandremediatethem.Conductregularbackups.Backupdataatagreed-uponschedulesorusebuilt-inbackupcapabilities;softwareandcloudsolutionscanautomatethisprocess.Keepatleastonefrequentlybacked-upsetofdataofflinetoprotectitagainstransomware.Testtoensurethatbacked-updatacanbesuccessfullyrestoredtosystems.

Possiblecybersecurityattacksandcompromisesarefoundandanalyzed.Monitornetworks,systems,andfacilitiescontinuouslytofindpotentiallyadverseevents.Developandtestprocessesandproceduresfordetectingindicatorsofacybersecurityincidentonthenetworkandinthephysicalenvironment.Collectloginformationfrommultipleorganizationalsourcestoassistindetectingunauthorizedactivity.Determineandanalyzetheestimatedimpactandscopeofadverseevents.Ifacybersecurityeventisdetected,yourorganizationshouldworkquicklyandthoroughlytounderstandtheimpactoftheincident.Understandingdetailsregardinganycybersecurityincidentswillhelpinformtheresponse.Provideinformationonadverseeventstoauthorizedstaffandtools.Whenadverseeventsaredetected,provideinformationabouttheeventinternallytoauthorizedpersonneltoensureappropriateincidentresponseactionsaretaken.

為員工創(chuàng)建唯一的賬戶，并確保用戶定期更新操作系統(tǒng)和應(yīng)用程序；

檢測到負(fù)面事件時(shí)，p向內(nèi)部授權(quán)人員提供有關(guān)事NISTCSF2.0:RESOURCE&OVERVIEWGUIDE NISTCSF2.0:RESOURCE&OVERVIEWGUIDE

Actionsregardingadetectedcybersecurityincidentaretaken.Executeanincidentresponseplanonceanincidentisdeclared,incoordinationwithrelevantthirdparties.Toproperlyexecuteanincidentresponseplan,ensureeveryoneknowstheirresponsibilities;thisincludesunderstandinganyrequirements(e.g.,regulatory,legalreporting,andinformationsharing).Categorizeandprioritizeincidentsandescalateorelevateasneeded.Analyzewhathasbeentakingplace,determinetherootcauseoftheincident,andprioritizewhichincidentsrequireattentionfirstfromyourorganization.Communicatethisprioritizationtoyourteamandensureeveryoneunderstandswhoinformationshouldbecommunicatedtoregardingaprioritizedincidentwhenitoccurs.Collectincidentdataandpreserveitsintegrityandprovenance.Collectinginformationinasafemannerwillhelpinyourorganization’sresponsetoanincident.Ensurethatdataarestillsecureaftertheincidenttomaintainyourorganization’sreputationandtrustfromstakeholders.Storingthisinformationinasafemannercanalsohelpinformupdatedandfutureresponseplanstobeevenmoreeffective.Notifyinternalandexternalstakeholdersofanyincidentsandshareincidentinformationwiththem—followingpoliciessetbyyourorganization.Securelyshareinformationconsistentwithresponseplansandinformation-sharingagreements.Notifybusin