Cyber Security - Identify Flashcards
ID.AM-1
Physical devices and systems within the organization are inventoried
ID.AM-2
Software platforms and applications within the organization are inventoried
ID.AM-3
Organizational communication and data flows are mapped
ID.AM-4
External information systems are catalogued
ID.AM-5
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
ID.AM-6
Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
ID.BE-1
The organization’s role in the supply chain is identified and communicated
ID.BE-2
The organization’s place in critical infrastructure and its industry sector is identified and communicated
ID.BE-3
Priorities for organizational mission, objectives, and activities are established and communicated
ID.BE-4
Dependencies and critical functions for delivery of critical services are established
ID.BE-5
Resilience requirements to support delivery of critical services are established
ID.GV-1
Organizational information security policy is established
ID.GV-2
Information security roles & responsibilities are coordinated and aligned with internal roles and external partners
ID.GV-3
Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
ID.GV-4
Governance and risk management processes address cybersecurity risks
ID.RA-1
Asset vulnerabilities are identified and documented
ID.RA-2
Threat and vulnerability information is received from information sharing forums and sources
ID.RA-3
Threats, both internal and external, are identified and documented
ID.RA-4
Potential business impacts and likelihoods are identified
ID.RA-5
Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
ID.RA-6
Risk responses are identified and prioritized
ID.RM-1
Risk management processes are established, managed, and agreed to by organizational stakeholders
ID.RM-2
Organizational risk tolerance is determined and clearly expressed
ID.RM-3
The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis