NIST Cybersecurity Policies

13.06.2023

# Policy Reference (CSF 1.1)

Acceptable Use of Information ID.AM-1, ID.AM-2, ID.AM-6,
1.
Technology Resource Policy PR.AC-1, PR.AT-1, PR.PT-2
ID.AM-1, ID.AM-2,
2. Access Control Policy
PR.AC-4, PR.DS-3, PR.IP-1, PR.PT-1
Account Management/Access ID.AM-1, ID.AM-2,
3.
Control Standard PR.AC-1, PR.AC-4, PR.DS-3, PR.IP-1, PR.PT-1
Auditing and Accountability
4. DE.AE-3, DE.CM-4, DE.CM-7
Standard
5. Authentication Tokens Standard PR.AC-1, PR.AC-4, PR.DS-3, PR.IP-1, PR.PT-1
6. Configuration Management Policy PR.AC-1, PR.AC-4, PR.DS-3, PR.IP-1, PR.PT-1
ID.SC-5,
PR.DS-1, PR.DS-2, PR.IP-4, PR.IP-9, PR.IP-10,
DE.DP-1, DE.DP-4,
Computer Security Threat
7. RS.RP-1, RS.CO-1, RS.CO-2, RS.CO-3, RS.CO-4,
Response Policy
RS.CO-5, RS.AN-4, RS.IM-1, RS.IM-2,
RC.RP-1, RC.IM-1, RC.IM-2, RC.CO-1, RC.CO-2,
RC.CO-3
8. Contingency Planning Policy RC.RP-1, RC.IM-1, RC.IM-2
ID.SC-5,
PR.DS-1, PR.DS-2, PR.IP-4, PR.IP-9, PR.IP-10,
DE.DP-1, DE.DP-4, RS.RP-1,
Cyber Incident Response
9. RS.CO-1, RS.CO-2, RS.CO-3, RS.CO-4, RS.CO-5,
Standard
RS.AN-4, RS.IM-1, RS.IM-2,
RC.RP-1, RC.IM-1, RC.IM-2, RC.CO-1, RC.CO-2,
RC.CO-3
PR.DS-1, PR.DS-2, PR.IP-4, PR.PT-4,
10. Encryption Standard
DE.CM-1
Identification and Authentication ID.AM-1, ID.AM-2, ID.SC-2, ID.SC-4,
11.
Policy PR.AC-1, PR.AC-4, PR.DS-3, PR.IP-1, PR.PT-1
ID.SC-5,
PR.DS-1, PR.DS-2, PR.IP-4, PR.IP-9, PR.IP-10,
DE.DP-1, DE.DP-4,
12. Incident Response Policy RS.RP-1, RS.CO-1, RS.CO-2, RS.CO-3, RS.CO-4,
RS.CO-5, RS.AN-4, RS.IM-1, RS.IM-2,
RC.RP-1, RC.IM-1, RC.IM-2, RC.CO-1, RC.CO-2,
RC.CO-3
Information Classification
13. ID.AM-5
Standard
ID.AM-1, ID.AM-2, ID.AM-5, ID.AM-6, ID.RM-1,
14. Information Security Policy PR.AT-1, PR.DS-1, PR.DS-2, PR.IP-4, PR.PT-4,
DE.CM-1, DE.DP-1, DE.DP-4
Information Security Risk
15. ID.RM-1
Management Standard

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

www.patreon.com/AndreyProzorov
 NIST Cybersecurity Policies
13.06.2023

# Policy Reference (CSF 1.1)

PR.DS-1, PR.DS-2, PR.IP-4, PR.IP-6, PR.MA-2,
16. Maintenance Policy PR.PT-4,
DE.CM-1
PR.DS-1, PR.DS-2, PR.IP-4, PR.IP-6, PR.PT-2,
17. Media Protection Policy PR.PT-4,
DE.CM-1
PR.AC-5, PR.DS-1, PR.DS-2, PR.IP-4, PR.PT-2,
18. Mobile Device Security PR.PT-4,
DE.CM-1
PR.DS-1, PR.DS-2, PR.IP-4,
19. Patch Management Standard
DE.CM-1
20. Personnel Security Policy PR.AT-1
Physical and Environmental
21. PR.AT-1
Protection Policy
PR.IP-9, PR.IP-10,
22. Planning Policy
RS.RP-1
23. Remote Access Standard PR.AC-3, PR.MA-2
24. Risk Assessment Policy ID.RM-1
Sanitization Secure Disposal
25. PR.AC-1, PR.AC-4, PR.DS-3, PR.IP-1, PR.PT-1
Standard
26. Secure Coding Standard DE.CM-4
PR.AC-1, PR.AC-4, PR.DS-3, PR.IP-1, PR.IP-6,
27. Secure Configuration Standard
PR.PT-1
Secure System Development Life
28. PR.AC-1, PR.AC-4, PR.DS-3, PR.IP-1, PR.PT-1
Cycle Standard
Security Assessment and ID.AM-1, ID.AM-2, ID.SC-2, ID.SC-4,
29.
Authorization Policy DE.CM-1
Security Awareness and Training ID.AM-1, ID.AM-2, ID.AM-6,
30.
Policy PR.AT-1
PR.MA-2, PR.PT-1,
31. Security Logging Standard
DE.AE-3, DE.CM-4, DE.CM-7
System and Communications ID.AM-4,
32.
Protection Policy PR.PT-4
System and Information Integrity PR.AC-5, PR.DS-8,
33.
Policy DE.AE-3, DE.CM-4, DE.CM-7
Systems and Services Acquisition
34. ID.SC-2, ID.SC-4, ID.SC-5
Policy
35. Vulnerability Scanning Standard DE.AE-3, DE.CM-1, DE.CM-4, DE.CM-7
802.11 Wireless Network Security
36. PR.AC-5
Standard

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

www.patreon.com/AndreyProzorov