Dodati NIST CSF 2.0 #31

New Issue

2025-06-27T15:55:34+02:00

edelic1 commented

2025-06-27 15:55:34 +02:00

(Migrated from gitlab.com)

Zamijeniti kontrole u registru, umjesto CIS 18 ubaciti NIST CSF 2.0
Ovdje se moze uraditi export u JSON:
https://csrc.nist.rip/Projects/Cybersecurity-Framework/Filters#/csf/filters

Kontrole se pohranjuju centralni registar, kao sto su trenutno CIS 18 kontrole. U Registru kontrola treba omoguciti nekoliko polja za svaku kontrolu:

Subcategory, npr. "GV.SC-06"
Funkcija (Function:Govern: Establish and monitor the organization's cybersecurity risk management strategy, expectations, and policy)
Kategorija (Category: Cybersecurity Supply Chain Risk Management (GV.SC)).
Implementation examples.
Effectiveness monitoring examples.
Documentation Score
Implementation Score.

Mozda bude jos ovih kolona nekad.

Primjer jedne kontrole:
Subcategory
GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
Implementation Examples
Ex1: Perform thorough due diligence on prospective suppliers that is consistent with procurement planning and commensurate with the level of risk, criticality, and complexity of each supplier relationship
Ex2: Assess the suitability of the technology and cybersecurity capabilities and the risk management practices of prospective suppliers
Ex3: Conduct supplier risk assessments against business and applicable cybersecurity requirements, including lower-tier suppliers and the supply chain for critical suppliers
Ex4: Assess the authenticity, integrity, and security of critical products prior to acquisition and use

Zamijeniti kontrole u registru, umjesto CIS 18 ubaciti NIST CSF 2.0 Ovdje se moze uraditi export u JSON: https://csrc.nist.rip/Projects/Cybersecurity-Framework/Filters#/csf/filters Kontrole se pohranjuju centralni registar, kao sto su trenutno CIS 18 kontrole. U Registru kontrola treba omoguciti nekoliko polja za svaku kontrolu: - Subcategory, npr. "GV.SC-06" - Funkcija (Function:Govern: Establish and monitor the organization's cybersecurity risk management strategy, expectations, and policy) - Kategorija (Category: Cybersecurity Supply Chain Risk Management (GV.SC)). - Implementation examples. - Effectiveness monitoring examples. - Documentation Score - Implementation Score. Mozda bude jos ovih kolona nekad. Primjer jedne kontrole: Subcategory GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships Implementation Examples Ex1: Perform thorough due diligence on prospective suppliers that is consistent with procurement planning and commensurate with the level of risk, criticality, and complexity of each supplier relationship Ex2: Assess the suitability of the technology and cybersecurity capabilities and the risk management practices of prospective suppliers Ex3: Conduct supplier risk assessments against business and applicable cybersecurity requirements, including lower-tier suppliers and the supply chain for critical suppliers Ex4: Assess the authenticity, integrity, and security of critical products prior to acquisition and use

edelic1 commented

2025-06-27 16:14:46 +02:00

(Migrated from gitlab.com)

Primjer za kontrole. CyFun_Self-Assessment_tool_V2024-11-05.xlsx

Primjer za kontrole. [CyFun_Self-Assessment_tool_V2024-11-05.xlsx](/uploads/db70fddf593bd41dae6dc2cac159eff7/CyFun_Self-Assessment_tool_V2024-11-05.xlsx)

senaduka (Migrated from gitlab.com) closed this issue

2025-08-08 23:55:02 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: senaduka/old-riskletpy#31