Coverage

Requirements coverage NIST Cybersecurity Framework Supplier CCI

Requeriments Capacities Services/Solutions Coverage
ID.AM-1 Inventory of physical devices and systems within the organization Network integrity control, Hardware and software inventory
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
ID.AM-2: Software platforms and applications within the organization are inventoried Hardware and software inventory, Verification of integrity of software and hardware code
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
ID.AM-3 Organizational communication and data flows are mapped Network communications control, Industrial DPI for anomaly detection, Network communication visualization
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
ID.AM-4 External information systems are catalogued Hardware and software inventory
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Full coverage
ID.AM-5 Resources (e.g., hardware, devices, data, time, and software) are prioritized based on their classification, criticality, and business value Risk and Vulnerability Management, Access control policy, Use control policy
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
ID.AM-6 Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established Role-based access, Communications plan, Access control policy, Reporting of events and communication to responsible parties
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
DE.AE-1 A baseline of network operations and expected data flows for users and systems is established and managed Industrial DPI for anomaly detection
DE.AE-2 Detected events are analyzed to understand attack targets and methods Network event correlation analysis, SIEM integration, Activity log policy, Reporting of events and communication to responsible parties
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
DE.AE-3 Event data are aggregated and correlated from multiple sources and sensors Network event correlation analysis, SIEM integration
DE.AE-4 Impact of events is determined Activity log policy
T04. Workshop of Application of an Industrial Cybersecurity Management System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
DE.AE-5 Incident alert thresholds are established Activity log policy, Reporting of events and communication to responsible parties
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
DE.CM-1 The network is monitored to detect potential cybersecurity events WI-FI control, Network communications control, Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer, Detect attacks on industrial networks (signature-based) , Network communication visualization
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
DE.CM-2 The physical environment is monitored to detect potential cybersecurity events Activity log policy, Security log
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
DE.CM-3 Personnel activity is monitored to detect potential cybersecurity events Risk and Vulnerability Management, Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
DE.CM-4 Malicious code is detected Advanced antimalware, Equipment use control, Upgrade testing support
DE.CM-5 Unauthorized mobile code is detected Advanced antimalware, Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
DE.CM-6 External service provider activity is monitored to detect potential cybersecurity events Network communications control, Secure network design, Risk and Vulnerability Management, Activity log policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
DE.CM-7 Monitoring for unauthorized personnel, connections, devices, and software is performed Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
DE.CM-8 Vulnerability scans are performed Cybersecurity assessment, Risk and Vulnerability Management
Cyber suspicion Partial coverage
CyberDuel Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
DE.DP-1 Roles and responsibilities for detection are well defined to ensure accountability Awareness and Training, Risk and Vulnerability Management, Communications plan
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
DE.DP-2 Detection activities comply with all applicable requirements Compliance, Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
Publications specialized in Industrial Cybersecurity Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
DE.DP-3 Detection processes are tested Risk and Vulnerability Management, Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
DE.DP-4 Event detection information is communicated to appropriate parties Awareness and Training, Risk and Vulnerability Management, Communications plan, Incident response support
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
DE.DP-5 Detection processes are continuously improved Awareness and Training, Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
ID.BE-1 The organization’s role in the supply chain is identified and communicated Communications plan, Reporting of events and communication to responsible parties, Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
ID.BE-2 The organization’s place in critical infrastructure and its industry sector is identified and communicated Communications plan
M01. Online Professional Master of Industrial Cybersecurity Full coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
ID.BE-3 Priorities for organizational mission, objectives, and activities are established and communicated Communications plan
M01. Online Professional Master of Industrial Cybersecurity Full coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
ID.BE-4 Dependencies and critical functions for delivery of critical services are established Physical security in the installation of devices, Redundancy system, Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
ID.BE-5 Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations) Detect attacks on industrial networks (signature-based) , Reporting of events and communication to responsible parties, Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
ID.GV-1 Organizational information security policy is established Centralized management of security policies, Access control policy, Activity log policy, Backup Policy
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
ID.GV-2 Information security roles & responsibilities are coordinated and aligned with internal roles and external partners Role-based access, Compliance, Communications plan, Reporting of events and communication to responsible parties
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
ID.GV-4 Governance and risk management processes address cybersecurity risks Compliance, Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
Publications specialized in Industrial Cybersecurity Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
ID.RA-1 Asset vulnerabilities are identified and documented Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.RA-2 Cyber threat intelligence and vulnerability information is received from information sharing forums and sources Risk and Vulnerability Management, Communications plan, Reporting of events and communication to responsible parties
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
ID.RA-3 Threats, both internal and external, are identified and documented Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.RA-4 Potential business impacts and likelihoods are identified Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.RA-5 Threats, vulnerabilities, likelihoods, and impacts are used to determine risk Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.RA-6 Risk responses are identified and prioritized Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.RM-2 Organizational risk tolerance is determined and clearly expressed Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.RM-3 The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis Risk and Vulnerability Management, Communications plan
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
ID.SC-1 Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.SC-2 Identify, prioritize and assess suppliers and partners of critical information systems, components and services using a cyber supply chain risk assessment process Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.SC-3 Suppliers and partners are required by contract to implement appropriate measures designed to meet the objectives of the Information Security program or Cyber Supply Chain Risk Management Plan. Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
ID.SC-4 Suppliers and partners are monitored to confirm that they have satisfied their obligations as required. Reviews of audits, summaries of test results, or other equivalent evaluations of suppliers/providers are conducted Risk and Vulnerability Management, Communications plan
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
ID.SC-5 Response and recovery planning and testing are conducted with critical suppliers/providers Risk and Vulnerability Management, Communications plan, Activity log policy, Backup Policy, Reporting of events and communication to responsible parties, Redundancy system, Backup system
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.AC-1: Identities and credentials are issued, managed, revoked, and audited for authorized devices, users, and processes Basic user access control, User access control with hidden display, Account management, Access control policy
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AC-2 Physical access to assets is managed and protected Basic user access control, User access control with hidden display
PR.AC-3 Remote access is managed Basic user access control, User access control with hidden display, Multi-factor user access control, Access control policy
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties Role-based access, Basic user access control, Multi-factor user access control, Account management, Access control policy
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate Network communications control, Network integrity control, Secure network design, Separation of environments
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AC-6 Identities are proofed and bound to credentials, and asserted in interactions when appropriate Basic user access control, User access control with hidden display, Account management, Access control policy
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AT-1 All users are informed and trained Awareness and Training
OT risk awareness Full coverage
Cyber suspicion Full coverage
CyberDuel Full coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
T06. Workshop of Industrial Cybersecurity Incident Management Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
PR.AT-2: Privileged users understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities Certification of the main ICS providers, Awareness and Training, Communications plan, Access control policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AT-4: Senior executives understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.AT-5: Physical and information security personnel understand roles & responsibilities Awareness and Training, Communications plan, Access control policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.DS-1 Data-at-rest is protected Hardware Security Keys, Equipment use control, Certificate use policy, Data Protection
PR.DS-2 Data-in-transit is protected PKI infrastructure, Certificate use policy, Data Protection
PR.DS-3 Assets are formally managed throughout removal, transfers, and disposition Equipment use control, Hardware and software inventory, Data Protection, Physical security in the installation of devices
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.DS-4 Adequate capacity to ensure availability is maintained Redundancy system
PR.DS-5 Protections against data leaks are implemented Awareness and Training, Equipment use control, Compliance, Data Protection
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity Software usage control, File integrity monitoring, Verification of integrity of software and hardware code, Verify PLC integrity
PR.DS-7 The development and testing environment(s) are separate from the production environment Role-based access, Data Protection, Separation of environments
PR.DS-8 Integrity checking mechanisms are used to verify hardware integrity Verification of integrity of software and hardware code, Verify PLC integrity
PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating appropriate security principles (e.g. concept of least functionality) Configuration control, Detection of use of default passwords
PR.IP-2 A System Development Life Cycle to manage systems is implemented Awareness and Training, Configuration control, Centralized management of security policies, Risk and Vulnerability Management, Separation of environments
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.IP-3 Configuration change control processes are in place Configuration control, Activity log policy
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.IP-4 Backups of information are conducted, maintained, and tested periodically Backup Policy, Data Protection, Backup system
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met Compliance, Physical security in the installation of devices
Publications specialized in Industrial Cybersecurity Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
PR.IP-6 Data is destroyed according to policy Compliance, Data Protection
Publications specialized in Industrial Cybersecurity Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
PR.IP-7 Protection processes are continuously improved Centralized management of security policies, Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
PR.IP-8 Effectiveness of protection technologies is shared with appropriate parties Certification of the main ICS providers, Awareness and Training, Communications plan
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed Certification of the main ICS providers, Awareness and Training, Communications plan, Access control policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
PR.IP-10 Response and recovery plans are tested Awareness and Training, Communications plan, Backup Policy, Backup system
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) Awareness and Training, Communications plan
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
PR.IP-12 A vulnerability management plan is developed and implemented Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
PR.MA-1 Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools Use control policy, Activity log policy, Security log, Physical security in the installation of devices
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.MA-2 Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access Device control, Use control policy, Activity log policy, Security log
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.PT-1 Audit/log records are determined, documented, implemented, and reviewed in accordance with policy Equipment protection diagnostics, Inspect endpoint logs, SIEM integration, Activity log policy, Industrial network event log (forensic analysis), Security log, Reporting of events and communication to responsible parties
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.PT-2 Removable media is protected and its use restricted according to policy Device control, Monitor USB access, Activity log policy, Reporting of events and communication to responsible parties
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.PT-3 The principle of least functionality is incorporated by configuring systems to provide only essential capabilities Configuration control, Equipment use control
PR.PT-4 Communications and control networks are protected WI-FI control, Network communications control, Network integrity control, Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer, Detect attacks on industrial networks (signature-based) , Secure network design, PKI infrastructure, Network communication visualization
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
PR.PT-5 Systems operate in pre-defined functional states to achieve availability (e.g. under duress, under attack, during recovery, normal operations). Secure network design, Advanced process control rules
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
RECIN (IEC 62443 cybersecurity requirements identification platform in projects Partial coverage
RS.RP-1 Response plan is executed during or after an event Awareness and Training, Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Full coverage
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
RS.CO-1 Personnel know their roles and order of operations when a response is needed Awareness and Training, Communications plan
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RS.CO-2 Events are reported consistent with established criteria Awareness and Training, Communications plan
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RS.CO-3 Information is shared consistent with response plans Awareness and Training, Communications plan
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RS.CO-4 Coordination with stakeholders occurs consistent with response plans Awareness and Training, Communications plan
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RS.CO-5 Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness Awareness and Training, Communications plan
OT risk awareness Partial coverage
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RS.AN-1 Notifications from detection systems are investigated  Awareness and Training, Communications plan, Incident response support
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RS.AN-2 The impact of the incident is understood Awareness and Training, Communications plan, Incident response support
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RS.AN-3 Forensics are performed Industrial network event log (forensic analysis), Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
RS.AN-4 Incidents are categorized consistent with response plans Communications plan, Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
RS.MI-1 Incidents are contained Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Full coverage
RS.MI-2 Incidents are mitigated Incident response support
T06. Workshop of Industrial Cybersecurity Incident Management Full coverage
RS.MI-3 Newly identified vulnerabilities are mitigated or documented as accepted risks Risk and Vulnerability Management
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Full coverage
RS.IM-2 Response strategies are updated Compliance
Publications specialized in Industrial Cybersecurity Full coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Full coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
T06. Workshop of Industrial Cybersecurity Incident Management Full coverage
RS.IM-1 Response plans incorporate lessons learned Awareness and Training, Compliance, Backup Policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RC.RP-1 Recovery plan is executed during or after an event Backup Policy, Redundancy system, Backup system
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Partial coverage
RC.IM-1 Recovery plans incorporate lessons learned Awareness and Training, Compliance, Backup Policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RC.IM-2 Recovery strategies are updated Awareness and Training, Compliance, Communications plan, Backup Policy
Cyber suspicion Partial coverage
CyberDuel Partial coverage
T01. Practical workshop to assess maturity in the industrial cybersecurity process Partial coverage
T02. Workshop of Diagnosis of cybersecurity in an industrial automation environment Partial coverage
T04. Workshop of Application of an Industrial Cybersecurity Management System Partial coverage
T06. Workshop of Industrial Cybersecurity Incident Management Partial coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Partial coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Partial coverage
M01. Online Professional Master of Industrial Cybersecurity Full coverage
RC.CO-1 Public relations are managed Communications plan
M01. Online Professional Master of Industrial Cybersecurity Full coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
RC.CO-2: Reputation after an event is repaired Communications plan
M01. Online Professional Master of Industrial Cybersecurity Full coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage
RC.CO-3 Recovery activities are communicated to internal stakeholders and executive and management teams Communications plan
M01. Online Professional Master of Industrial Cybersecurity Full coverage
C01. Multidisciplinary Course on Digital Security in Industry [4.0] and Protection of Esse Full coverage
C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control System Full coverage