Coverage

Requirements coverage NIST Cybersecurity Framework Supplier EURECAT

Requeriments Capacities Services/Solutions Coverage
ID.AM-1 Inventory of physical devices and systems within the organization Network integrity control, Hardware and software inventory
ID.AM-2: Software platforms and applications within the organization are inventoried Hardware and software inventory, Verification of integrity of software and hardware code
ID.AM-3 Organizational communication and data flows are mapped Network communications control, Industrial DPI for anomaly detection, Network communication visualization
ID.AM-4 External information systems are catalogued Hardware and software inventory
ID.AM-5 Resources (e.g., hardware, devices, data, time, and software) are prioritized based on their classification, criticality, and business value Risk and Vulnerability Management, Access control policy, Use control policy
ID.AM-6 Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established Role-based access, Communications plan, Access control policy, Reporting of events and communication to responsible parties
DE.AE-1 A baseline of network operations and expected data flows for users and systems is established and managed Industrial DPI for anomaly detection
DE.AE-2 Detected events are analyzed to understand attack targets and methods Network event correlation analysis, SIEM integration, Activity log policy, Reporting of events and communication to responsible parties
DE.AE-3 Event data are aggregated and correlated from multiple sources and sensors Network event correlation analysis, SIEM integration
DE.AE-4 Impact of events is determined Activity log policy
DE.AE-5 Incident alert thresholds are established Activity log policy, Reporting of events and communication to responsible parties
DE.CM-1 The network is monitored to detect potential cybersecurity events WI-FI control, Network communications control, Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer, Detect attacks on industrial networks (signature-based) , Network communication visualization
DE.CM-2 The physical environment is monitored to detect potential cybersecurity events Activity log policy, Security log
DE.CM-3 Personnel activity is monitored to detect potential cybersecurity events Risk and Vulnerability Management, Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log
DE.CM-4 Malicious code is detected Advanced antimalware, Equipment use control, Upgrade testing support
DE.CM-5 Unauthorized mobile code is detected Advanced antimalware, Risk and Vulnerability Management
DE.CM-6 External service provider activity is monitored to detect potential cybersecurity events Network communications control, Secure network design, Risk and Vulnerability Management, Activity log policy
DE.CM-7 Monitoring for unauthorized personnel, connections, devices, and software is performed Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log
DE.CM-8 Vulnerability scans are performed Cybersecurity assessment, Risk and Vulnerability Management
Cybersecurity in connected vehicles Partial coverage
Cybersecurity in electronic devices Partial coverage
DE.DP-1 Roles and responsibilities for detection are well defined to ensure accountability Awareness and Training, Risk and Vulnerability Management, Communications plan
DE.DP-2 Detection activities comply with all applicable requirements Compliance, Risk and Vulnerability Management
DE.DP-3 Detection processes are tested Risk and Vulnerability Management, Incident response support
DE.DP-4 Event detection information is communicated to appropriate parties Awareness and Training, Risk and Vulnerability Management, Communications plan, Incident response support
DE.DP-5 Detection processes are continuously improved Awareness and Training, Risk and Vulnerability Management
ID.BE-1 The organization’s role in the supply chain is identified and communicated Communications plan, Reporting of events and communication to responsible parties, Incident response support
ID.BE-2 The organization’s place in critical infrastructure and its industry sector is identified and communicated Communications plan
ID.BE-3 Priorities for organizational mission, objectives, and activities are established and communicated Communications plan
ID.BE-4 Dependencies and critical functions for delivery of critical services are established Physical security in the installation of devices, Redundancy system, Incident response support
ID.BE-5 Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations) Detect attacks on industrial networks (signature-based) , Reporting of events and communication to responsible parties, Incident response support
ID.GV-1 Organizational information security policy is established Centralized management of security policies, Access control policy, Activity log policy, Backup Policy
ID.GV-2 Information security roles & responsibilities are coordinated and aligned with internal roles and external partners Role-based access, Compliance, Communications plan, Reporting of events and communication to responsible parties
ID.GV-4 Governance and risk management processes address cybersecurity risks Compliance, Risk and Vulnerability Management
ID.RA-1 Asset vulnerabilities are identified and documented Risk and Vulnerability Management
ID.RA-2 Cyber threat intelligence and vulnerability information is received from information sharing forums and sources Risk and Vulnerability Management, Communications plan, Reporting of events and communication to responsible parties
ID.RA-3 Threats, both internal and external, are identified and documented Risk and Vulnerability Management
ID.RA-4 Potential business impacts and likelihoods are identified Risk and Vulnerability Management
ID.RA-5 Threats, vulnerabilities, likelihoods, and impacts are used to determine risk Risk and Vulnerability Management
ID.RA-6 Risk responses are identified and prioritized Risk and Vulnerability Management
ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders Risk and Vulnerability Management
ID.RM-2 Organizational risk tolerance is determined and clearly expressed Risk and Vulnerability Management
ID.RM-3 The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis Risk and Vulnerability Management, Communications plan
ID.SC-1 Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders Risk and Vulnerability Management
ID.SC-2 Identify, prioritize and assess suppliers and partners of critical information systems, components and services using a cyber supply chain risk assessment process Risk and Vulnerability Management
ID.SC-3 Suppliers and partners are required by contract to implement appropriate measures designed to meet the objectives of the Information Security program or Cyber Supply Chain Risk Management Plan. Risk and Vulnerability Management
ID.SC-4 Suppliers and partners are monitored to confirm that they have satisfied their obligations as required. Reviews of audits, summaries of test results, or other equivalent evaluations of suppliers/providers are conducted Risk and Vulnerability Management, Communications plan
ID.SC-5 Response and recovery planning and testing are conducted with critical suppliers/providers Risk and Vulnerability Management, Communications plan, Activity log policy, Backup Policy, Reporting of events and communication to responsible parties, Redundancy system, Backup system
PR.AC-1: Identities and credentials are issued, managed, revoked, and audited for authorized devices, users, and processes Basic user access control, User access control with hidden display, Account management, Access control policy
PR.AC-2 Physical access to assets is managed and protected Basic user access control, User access control with hidden display
PR.AC-3 Remote access is managed Basic user access control, User access control with hidden display, Multi-factor user access control, Access control policy
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties Role-based access, Basic user access control, Multi-factor user access control, Account management, Access control policy
PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate Network communications control, Network integrity control, Secure network design, Separation of environments
PR.AC-6 Identities are proofed and bound to credentials, and asserted in interactions when appropriate Basic user access control, User access control with hidden display, Account management, Access control policy
PR.AT-1 All users are informed and trained Awareness and Training
PR.AT-2: Privileged users understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities Certification of the main ICS providers, Awareness and Training, Communications plan, Access control policy
PR.AT-4: Senior executives understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
PR.AT-5: Physical and information security personnel understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
PR.DS-1 Data-at-rest is protected Hardware Security Keys, Equipment use control, Certificate use policy, Data Protection
Cybersecurity in electronic devices Partial coverage
PR.DS-2 Data-in-transit is protected PKI infrastructure, Certificate use policy, Data Protection
PR.DS-3 Assets are formally managed throughout removal, transfers, and disposition Equipment use control, Hardware and software inventory, Data Protection, Physical security in the installation of devices
PR.DS-4 Adequate capacity to ensure availability is maintained Redundancy system
PR.DS-5 Protections against data leaks are implemented Awareness and Training, Equipment use control, Compliance, Data Protection
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity Software usage control, File integrity monitoring, Verification of integrity of software and hardware code, Verify PLC integrity
PR.DS-7 The development and testing environment(s) are separate from the production environment Role-based access, Data Protection, Separation of environments
PR.DS-8 Integrity checking mechanisms are used to verify hardware integrity Verification of integrity of software and hardware code, Verify PLC integrity
PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating appropriate security principles (e.g. concept of least functionality) Configuration control, Detection of use of default passwords
PR.IP-2 A System Development Life Cycle to manage systems is implemented Awareness and Training, Configuration control, Centralized management of security policies, Risk and Vulnerability Management, Separation of environments
PR.IP-3 Configuration change control processes are in place Configuration control, Activity log policy
PR.IP-4 Backups of information are conducted, maintained, and tested periodically Backup Policy, Data Protection, Backup system
PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met Compliance, Physical security in the installation of devices
PR.IP-6 Data is destroyed according to policy Compliance, Data Protection
PR.IP-7 Protection processes are continuously improved Centralized management of security policies, Risk and Vulnerability Management
PR.IP-8 Effectiveness of protection technologies is shared with appropriate parties Certification of the main ICS providers, Awareness and Training, Communications plan
PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed Certification of the main ICS providers, Awareness and Training, Communications plan, Access control policy
PR.IP-10 Response and recovery plans are tested Awareness and Training, Communications plan, Backup Policy, Backup system
PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) Awareness and Training, Communications plan
PR.IP-12 A vulnerability management plan is developed and implemented Risk and Vulnerability Management
PR.MA-1 Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools Use control policy, Activity log policy, Security log, Physical security in the installation of devices
PR.MA-2 Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access Device control, Use control policy, Activity log policy, Security log
PR.PT-1 Audit/log records are determined, documented, implemented, and reviewed in accordance with policy Equipment protection diagnostics, Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log, Reporting of events and communication to responsible parties
PR.PT-2 Removable media is protected and its use restricted according to policy Device control, Monitor USB access, Activity log policy, Reporting of events and communication to responsible parties
PR.PT-3 The principle of least functionality is incorporated by configuring systems to provide only essential capabilities Configuration control, Equipment use control
PR.PT-4 Communications and control networks are protected WI-FI control, Network communications control, Network integrity control, Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer, Detect attacks on industrial networks (signature-based) , Secure network design, PKI infrastructure, Network communication visualization
PR.PT-5 Systems operate in pre-defined functional states to achieve availability (e.g. under duress, under attack, during recovery, normal operations). Secure network design, Advanced process control rules
RS.RP-1 Response plan is executed during or after an event Awareness and Training, Incident response support
RS.CO-1 Personnel know their roles and order of operations when a response is needed Awareness and Training, Communications plan
RS.CO-2 Events are reported consistent with established criteria Awareness and Training, Communications plan
RS.CO-3 Information is shared consistent with response plans Awareness and Training, Communications plan
RS.CO-4 Coordination with stakeholders occurs consistent with response plans Awareness and Training, Communications plan
RS.CO-5 Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness Awareness and Training, Communications plan
RS.AN-1 Notifications from detection systems are investigated  Awareness and Training, Communications plan, Incident response support
RS.AN-2 The impact of the incident is understood Awareness and Training, Communications plan, Incident response support
RS.AN-3 Forensics are performed Industrial network event log (forensic analysis), Incident response support
RS.AN-4 Incidents are categorized consistent with response plans Communications plan, Incident response support
RS.MI-1 Incidents are contained Incident response support
RS.MI-2 Incidents are mitigated Incident response support
RS.MI-3 Newly identified vulnerabilities are mitigated or documented as accepted risks Risk and Vulnerability Management
RS.IM-2 Response strategies are updated Compliance
RS.IM-1 Response plans incorporate lessons learned Awareness and Training, Compliance, Backup Policy
RC.RP-1 Recovery plan is executed during or after an event Backup Policy, Redundancy system, Backup system
RC.IM-1 Recovery plans incorporate lessons learned Awareness and Training, Compliance, Backup Policy
RC.IM-2 Recovery strategies are updated Awareness and Training, Compliance, Communications plan, Backup Policy
RC.CO-1 Public relations are managed Communications plan
RC.CO-2: Reputation after an event is repaired Communications plan
RC.CO-3 Recovery activities are communicated to internal stakeholders and executive and management teams Communications plan