Professional Documents
Culture Documents
Tenable Automates NIST Cybersecurity Framework Technical Controls - Tenable Network Security
Tenable Automates NIST Cybersecurity Framework Technical Controls - Tenable Network Security
Tenable Automates NIST Cybersecurity Framework Technical Controls - Tenable Network Security
Controls
The CSF, a best practice security framework, is gaining broad acceptance beyond
organizations that deliver critical infrastructure. The National Association for Corporate
Directors has recommended that directors set the expectation that management has
considered the CSF in developing the companys cyber-risk defense and response plans.
The above mentioned Gartner report also stated, Organizations that choose to ignore
the framework due to its voluntary nature may be missing a strategic planning
opportunity.
The CSF Core contains five functions to improve security posture. These functions
(Identify, Protect, Detect, Respond, and Recover) are the high level view, and each
function contains numerous categories and subcategories that drive particular security
outcomes. These categories and subcategories can be thought of as controls or
control objectives used in other security and compliance frameworks.
There are two control types: administrative and technical. Administrative controls are
typically procedural and can be implemented and audited using manual processes. In
contrast, technical controls typically deal with huge amounts of fast moving data.
Therefore, automation is necessary to implement and audit the technical controls, which
account for about half of all of the controls listed in the CSF.
If your organization has adopted CSF or plans to, how will you automate its controls and
track your progress and success?
"SecurityCenter CV supports over 90% of the CSF technical controls and builds them into
an automated control foundation that helps organizations manage risk and achieve their
target security profile. "
Tenable SecurityCenter CV supports over 90% of the CSF technical controls and builds
them into an automated control foundation that helps organizations manage risk and
achieve their target security profile. SecurityCenter CV includes 20 new interactive
dashboards purpose-built to inform security staff with continuous visibility of control
operation. If an unexpected condition is reported by a dashboard, staff can quickly drill
down to gain the critical context necessary to prioritize further investigation.
Additionally, eight new Assurance Report Cards (ARCs) communicate CSF conformance
to business leaders. ARCs can graphically summarize progress towards the attainment of
CSF target profiles. All of the dashboards and ARCs are templates that can be easily
tailored and applied to specific business services. The ARC below shows high-level CSF
conformance that can be communicated to non-technical stakeholders.
SecurityCenter CV CSF ARCs
Please take a minute to learn more about how SecurityCenter CV can help you automate
and simplify CSF adoption.