Coverage

Requirements coverage NIST Cybersecurity Framework Supplier GMV

Requeriments Capacities Services/Solutions Coverage
ID.AM-1 Inventory of physical devices and systems within the organization Network integrity control, Hardware and software inventory
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
ID.AM-2: Software platforms and applications within the organization are inventoried Hardware and software inventory, Verification of integrity of software and hardware code
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
SCVD Services Partial coverage
Cybersecurity Services Management Full coverage
ID.AM-3 Organizational communication and data flows are mapped Network communications control, Industrial DPI for anomaly detection, Network communication visualization
Integration of cybersecurity solutions in Control Centers Partial coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Optimización de políticas de seguridad Partial coverage
SSL Inspection Partial coverage
Cloud Security Partial coverage
ID.AM-4 External information systems are catalogued Hardware and software inventory
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cybersecurity Services Management Full coverage
ID.AM-5 Resources (e.g., hardware, devices, data, time, and software) are prioritized based on their classification, criticality, and business value Risk and Vulnerability Management, Access control policy, Use control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
ID.AM-6 Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established Role-based access, Communications plan, Access control policy, Reporting of events and communication to responsible parties
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
DE.AE-1 A baseline of network operations and expected data flows for users and systems is established and managed Industrial DPI for anomaly detection
DE.AE-2 Detected events are analyzed to understand attack targets and methods Network event correlation analysis, SIEM integration, Activity log policy, Reporting of events and communication to responsible parties
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
DE.AE-3 Event data are aggregated and correlated from multiple sources and sensors Network event correlation analysis, SIEM integration
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
CERT Full coverage
Cloud Security Full coverage
DE.AE-4 Impact of events is determined Activity log policy
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cloud Security Full coverage
DE.AE-5 Incident alert thresholds are established Activity log policy, Reporting of events and communication to responsible parties
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
DE.CM-1 The network is monitored to detect potential cybersecurity events WI-FI control, Network communications control, Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer, Detect attacks on industrial networks (signature-based) , Network communication visualization
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Partial coverage
DE.CM-2 The physical environment is monitored to detect potential cybersecurity events Activity log policy, Security log
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
CERT Partial coverage
Cloud Security Full coverage
DE.CM-3 Personnel activity is monitored to detect potential cybersecurity events Risk and Vulnerability Management, Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
DE.CM-4 Malicious code is detected Advanced antimalware, Equipment use control, Upgrade testing support
Integration of cybersecurity solutions in Control Centers Partial coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
DE.CM-5 Unauthorized mobile code is detected Advanced antimalware, Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
DE.CM-6 External service provider activity is monitored to detect potential cybersecurity events Network communications control, Secure network design, Risk and Vulnerability Management, Activity log policy
Integration of cybersecurity solutions in Control Centers Partial coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
DE.CM-7 Monitoring for unauthorized personnel, connections, devices, and software is performed Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
DE.CM-8 Vulnerability scans are performed Cybersecurity assessment, Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Cybersecurity Assesment Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Red Team/Blue Team/Purple Team Partial coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
DE.DP-1 Roles and responsibilities for detection are well defined to ensure accountability Awareness and Training, Risk and Vulnerability Management, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
DE.DP-2 Detection activities comply with all applicable requirements Compliance, Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
DE.DP-3 Detection processes are tested Risk and Vulnerability Management, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
DE.DP-4 Event detection information is communicated to appropriate parties Awareness and Training, Risk and Vulnerability Management, Communications plan, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
DE.DP-5 Detection processes are continuously improved Awareness and Training, Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
ID.BE-1 The organization’s role in the supply chain is identified and communicated Communications plan, Reporting of events and communication to responsible parties, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
ID.BE-2 The organization’s place in critical infrastructure and its industry sector is identified and communicated Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
ID.BE-3 Priorities for organizational mission, objectives, and activities are established and communicated Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
ID.BE-4 Dependencies and critical functions for delivery of critical services are established Physical security in the installation of devices, Redundancy system, Incident response support
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
ID.BE-5 Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations) Detect attacks on industrial networks (signature-based) , Reporting of events and communication to responsible parties, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
CERT Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
ID.GV-1 Organizational information security policy is established Centralized management of security policies, Access control policy, Activity log policy, Backup Policy
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
ID.GV-2 Information security roles & responsibilities are coordinated and aligned with internal roles and external partners Role-based access, Compliance, Communications plan, Reporting of events and communication to responsible parties
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
ID.GV-4 Governance and risk management processes address cybersecurity risks Compliance, Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
ID.RA-1 Asset vulnerabilities are identified and documented Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.RA-2 Cyber threat intelligence and vulnerability information is received from information sharing forums and sources Risk and Vulnerability Management, Communications plan, Reporting of events and communication to responsible parties
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
ID.RA-3 Threats, both internal and external, are identified and documented Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.RA-4 Potential business impacts and likelihoods are identified Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.RA-5 Threats, vulnerabilities, likelihoods, and impacts are used to determine risk Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.RA-6 Risk responses are identified and prioritized Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.RM-2 Organizational risk tolerance is determined and clearly expressed Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.RM-3 The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis Risk and Vulnerability Management, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
ID.SC-1 Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.SC-2 Identify, prioritize and assess suppliers and partners of critical information systems, components and services using a cyber supply chain risk assessment process Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.SC-3 Suppliers and partners are required by contract to implement appropriate measures designed to meet the objectives of the Information Security program or Cyber Supply Chain Risk Management Plan. Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
ID.SC-4 Suppliers and partners are monitored to confirm that they have satisfied their obligations as required. Reviews of audits, summaries of test results, or other equivalent evaluations of suppliers/providers are conducted Risk and Vulnerability Management, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Partial coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
ID.SC-5 Response and recovery planning and testing are conducted with critical suppliers/providers Risk and Vulnerability Management, Communications plan, Activity log policy, Backup Policy, Reporting of events and communication to responsible parties, Redundancy system, Backup system
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
PR.AC-1: Identities and credentials are issued, managed, revoked, and audited for authorized devices, users, and processes Basic user access control, User access control with hidden display, Account management, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.AC-2 Physical access to assets is managed and protected Basic user access control, User access control with hidden display
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
PR.AC-3 Remote access is managed Basic user access control, User access control with hidden display, Multi-factor user access control, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties Role-based access, Basic user access control, Multi-factor user access control, Account management, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate Network communications control, Network integrity control, Secure network design, Separation of environments
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.AC-6 Identities are proofed and bound to credentials, and asserted in interactions when appropriate Basic user access control, User access control with hidden display, Account management, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.AT-1 All users are informed and trained Awareness and Training
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
PR.AT-2: Privileged users understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities Certification of the main ICS providers, Awareness and Training, Communications plan, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
PR.AT-4: Senior executives understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
PR.AT-5: Physical and information security personnel understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
PR.DS-1 Data-at-rest is protected Hardware Security Keys, Equipment use control, Certificate use policy, Data Protection
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.DS-2 Data-in-transit is protected PKI infrastructure, Certificate use policy, Data Protection
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Partial coverage
PR.DS-3 Assets are formally managed throughout removal, transfers, and disposition Equipment use control, Hardware and software inventory, Data Protection, Physical security in the installation of devices
Integration of cybersecurity solutions in Control Centers Partial coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.DS-4 Adequate capacity to ensure availability is maintained Redundancy system
Integration of cybersecurity solutions in Control Centers Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
PR.DS-5 Protections against data leaks are implemented Awareness and Training, Equipment use control, Compliance, Data Protection
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity Software usage control, File integrity monitoring, Verification of integrity of software and hardware code, Verify PLC integrity
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
SCVD Services Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.DS-7 The development and testing environment(s) are separate from the production environment Role-based access, Data Protection, Separation of environments
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.DS-8 Integrity checking mechanisms are used to verify hardware integrity Verification of integrity of software and hardware code, Verify PLC integrity
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
SCVD Services Partial coverage
Cybersecurity Services Management Partial coverage
PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating appropriate security principles (e.g. concept of least functionality) Configuration control, Detection of use of default passwords
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Optimización de políticas de seguridad Partial coverage
SSL Inspection Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.IP-2 A System Development Life Cycle to manage systems is implemented Awareness and Training, Configuration control, Centralized management of security policies, Risk and Vulnerability Management, Separation of environments
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
PR.IP-3 Configuration change control processes are in place Configuration control, Activity log policy
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Optimización de políticas de seguridad Partial coverage
SSL Inspection Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Partial coverage
PR.IP-4 Backups of information are conducted, maintained, and tested periodically Backup Policy, Data Protection, Backup system
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met Compliance, Physical security in the installation of devices
Integration of cybersecurity solutions in Control Centers Partial coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Full coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
PR.IP-6 Data is destroyed according to policy Compliance, Data Protection
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
PR.IP-7 Protection processes are continuously improved Centralized management of security policies, Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
PR.IP-8 Effectiveness of protection technologies is shared with appropriate parties Certification of the main ICS providers, Awareness and Training, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed Certification of the main ICS providers, Awareness and Training, Communications plan, Access control policy
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
PR.IP-10 Response and recovery plans are tested Awareness and Training, Communications plan, Backup Policy, Backup system
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) Awareness and Training, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
PR.IP-12 A vulnerability management plan is developed and implemented Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
PR.MA-1 Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools Use control policy, Activity log policy, Security log, Physical security in the installation of devices
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.MA-2 Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access Device control, Use control policy, Activity log policy, Security log
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
CERT Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.PT-1 Audit/log records are determined, documented, implemented, and reviewed in accordance with policy Equipment protection diagnostics, Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log, Reporting of events and communication to responsible parties
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.PT-2 Removable media is protected and its use restricted according to policy Device control, Monitor USB access, Activity log policy, Reporting of events and communication to responsible parties
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Securing platforms, networks and services. CASB and End Point Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
PR.PT-3 The principle of least functionality is incorporated by configuring systems to provide only essential capabilities Configuration control, Equipment use control
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Optimización de políticas de seguridad Partial coverage
SSL Inspection Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
PR.PT-4 Communications and control networks are protected WI-FI control, Network communications control, Network integrity control, Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer, Detect attacks on industrial networks (signature-based) , Secure network design, PKI infrastructure, Network communication visualization
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
PR.PT-5 Systems operate in pre-defined functional states to achieve availability (e.g. under duress, under attack, during recovery, normal operations). Secure network design, Advanced process control rules
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
Optimización de políticas de seguridad Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
RS.RP-1 Response plan is executed during or after an event Awareness and Training, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
CERT Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
RS.CO-1 Personnel know their roles and order of operations when a response is needed Awareness and Training, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
RS.CO-2 Events are reported consistent with established criteria Awareness and Training, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
RS.CO-3 Information is shared consistent with response plans Awareness and Training, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
RS.CO-4 Coordination with stakeholders occurs consistent with response plans Awareness and Training, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
RS.CO-5 Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness Awareness and Training, Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
RS.AN-1 Notifications from detection systems are investigated  Awareness and Training, Communications plan, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
RS.AN-2 The impact of the incident is understood Awareness and Training, Communications plan, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
RS.AN-3 Forensics are performed Industrial network event log (forensic analysis), Incident response support
Integration of cybersecurity solutions in Control Centers Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
CERT Partial coverage
Cybersecurity Services Management Full coverage
Forensic Analysis Partial coverage
RS.AN-4 Incidents are categorized consistent with response plans Communications plan, Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Partial coverage
CERT Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Partial coverage
Regulatory Compliance Partial coverage
RS.MI-1 Incidents are contained Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
CERT Full coverage
Cybersecurity Services Management Full coverage
RS.MI-2 Incidents are mitigated Incident response support
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
CERT Full coverage
Cybersecurity Services Management Full coverage
RS.MI-3 Newly identified vulnerabilities are mitigated or documented as accepted risks Risk and Vulnerability Management
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Implementation of security management systems Full coverage
Cumplimiento normativo Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
RS.IM-2 Response strategies are updated Compliance
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
Forensic Analysis Full coverage
RS.IM-1 Response plans incorporate lessons learned Awareness and Training, Compliance, Backup Policy
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
RC.RP-1 Recovery plan is executed during or after an event Backup Policy, Redundancy system, Backup system
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Partial coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Partial coverage
Specialized Consulting in Cybersecurity Partial coverage
RC.IM-1 Recovery plans incorporate lessons learned Awareness and Training, Compliance, Backup Policy
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
RC.IM-2 Recovery strategies are updated Awareness and Training, Compliance, Communications plan, Backup Policy
Integration of cybersecurity solutions in Control Centers Full coverage
Critical Infrastructure Protection Partial coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Cumplimiento normativo Partial coverage
Centros de Respaldo Partial coverage
Cloud Security Partial coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Partial coverage
Forensic Analysis Partial coverage
RC.CO-1 Public relations are managed Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
RC.CO-2: Reputation after an event is repaired Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage
RC.CO-3 Recovery activities are communicated to internal stakeholders and executive and management teams Communications plan
Integration of cybersecurity solutions in Control Centers Full coverage
Servicios de Seguridad para Sistemas y Redes de Información Full coverage
Centros de Respaldo Full coverage
Cloud Security Full coverage
Cybersecurity Services Management Full coverage
Specialized Consulting in Cybersecurity Full coverage
Regulatory Compliance Full coverage