Unit 1 - NIST CSWP 29

Question 1

What does the NIST Cybersecurity Framework (CSF) 2.0 provide guidance on?

Answer 1

Managing cybersecurity risks

It offers a taxonomy of high-level cybersecurity outcomes for organizations of all sizes and sectors.

Question 2

What are the primary components of the CSF 2.0?

Answer 2

• CSF Core
• CSF Organizational Profiles
• CSF Tiers

Each component serves a unique purpose in managing cybersecurity risks.

Question 3

Who is the primary audience for the CSF?

Answer 3

Individuals responsible for developing and leading cybersecurity programs

It can also be used by executives, boards, risk managers, and policymakers.

Question 4

True or False: The CSF prescribes specific outcomes and how they should be achieved.

Answer 4

False

The CSF links to resources for additional guidance but does not prescribe methods.

Question 5

What is the purpose of CSF Organizational Profiles?

Answer 5

To describe an organization’s current and/or target cybersecurity posture

They relate to the outcomes defined in the CSF Core.

Question 6

What are the CSF Functions?

Answer 6

• GOVERN
• IDENTIFY
• PROTECT
• DETECT
• RESPOND
• RECOVER

These Functions organize cybersecurity outcomes at the highest level.

Question 7

Fill in the blank: The CSF Core is a taxonomy of high-level cybersecurity _______.

Answer 7

outcomes

It helps organizations manage their cybersecurity risks.

Question 8

What does the GOVERN Function focus on?

Answer 8

Establishing, communicating, and monitoring the cybersecurity risk management strategy

It also addresses policy and oversight of cybersecurity strategy.

Question 9

What does the IDENTIFY Function entail?

Answer 9

Understanding the organization’s current cybersecurity risks

This includes identifying assets and related cybersecurity risks.

Question 10

What is the role of the PROTECT Function?

Answer 10

To implement safeguards to manage cybersecurity risks

This includes identity management, data security, and platform security.

Question 11

What does DETECT refer to in the CSF?

Answer 11

The ability to find and analyze possible cybersecurity attacks and compromises

It supports incident response and recovery activities.

Question 12

What actions does the RESPOND Function cover?

Answer 12

Actions taken regarding a detected cybersecurity incident

This includes incident management and communication.

Question 13

What is the aim of the RECOVER Function?

Answer 13

To restore assets and operations affected by a cybersecurity incident

This helps reduce the effects of incidents and enables effective communication during recovery.

Question 14

True or False: The CSF is designed to be a one-size-fits-all approach.

Answer 14

False

Organizations have unique risks and varying risk appetites, necessitating tailored implementations.

Question 15

What are Informative References in the context of the CSF?

Answer 15

Sources of guidance on each outcome from existing global standards, guidelines, frameworks, regulations, and policies

They support organizations in achieving cybersecurity outcomes.

Question 16

What do Implementation Examples illustrate?

Answer 16

Potential ways to achieve each outcome within the CSF

They help organizations understand practical applications of the framework.

Question 17

Fill in the blank: The CSF is designed to be used by organizations of all _______ and sectors.

Answer 17

sizes

This includes industry, government, academia, and nonprofit organizations.

Question 18

What is the significance of the Cybersecurity Framework (CSF) 2.0?

Answer 18

It helps organizations manage and reduce their cybersecurity risks

It is useful regardless of the maturity level of an organization’s cybersecurity programs.

Question 19

What is the relationship between the CSF and enterprise risk management (ERM)?

Answer 19

The CSF is integrated into the broader ERM strategy

It addresses cybersecurity alongside other risks like financial and reputational risks.

Question 20

What are potential benefits of actions to reduce cybersecurity risk for an organization?

Answer 20

Increasing revenue

For example, offering excess facility space to a commercial hosting provider.

Question 21

What does the NIST Cybersecurity Framework (CSF) Functions diagram represent?

Answer 21

A wheel showing the interrelation of CSF Functions.

Question 22

What is the role of the GOVERN Function in the CSF?

Answer 22

It informs how an organization will implement the other five Functions.

Question 23

What are the five main Functions of the NIST Cybersecurity Framework?

Answer 23

• GOVERN
• IDENTIFY
• PROTECT
• DETECT
• RESPOND
• RECOVER

Question 24

True or False: Actions supporting GOVERN, IDENTIFY, PROTECT, and DETECT should occur continuously.

Answer 24

True

Question 25

What do CSF Profiles describe?

Answer 25

An organization’s current and/or target cybersecurity posture.

Question 26

What is a Current Profile in the context of CSF Profiles?

Answer 26

Specifies the Core outcomes that an organization is currently achieving.

Question 27

What does a Target Profile specify?

Answer 27

Desired outcomes prioritized for cybersecurity risk management objectives.

Question 28

What is a Community Profile?

Answer 28

A baseline of CSF outcomes addressing shared interests among organizations.

Question 29

List the steps to create and use a CSF Organizational Profile.

Answer 29

* Scope the Organizational Profile * Gather needed information * Create the Organizational Profile * Analyze gaps and create an action plan * Implement the action plan and update the Profile

Question 30

What are CSF Tiers used for?

Answer 30

Characterizing the rigor of an organization’s cybersecurity risk governance.

Question 31

What are the four Tiers in the NIST Cybersecurity Framework?

Answer 31

* Partial (Tier 1) * Risk Informed (Tier 2) * Repeatable (Tier 3) * Adaptive (Tier 4)

Question 32

Fill in the blank: The CSF provides a basis for improved _______ regarding cybersecurity expectations.

Answer 32

[risk management communication]

Question 33

What types of online resources supplement the CSF?

Answer 33

* Informative References * Implementation Examples * Quick Start Guides

Question 34

What are Informative References?

Answer 34

Mappings indicating relationships between the Core and various standards.

Question 35

What do Implementation Examples provide?

Answer 35

Concise, action-oriented steps to achieve the outcomes of Subcategories.

Question 36

What is the purpose of Quick Start Guides (QSGs)?

Answer 36

To provide actionable first steps for implementing the CSF.

Question 37

How does the CSF improve risk management communication?

Answer 37

By fostering bidirectional information flow between executives and managers.

Question 38

What types of ICT risk can organizations face?

Answer 38

* Privacy * Supply chain * Artificial intelligence

Question 39

How can organizations integrate cybersecurity with other risk management programs?

Answer 39

By using Enterprise Risk Management (ERM) approaches.

Question 40

What resources describe the relationship between cybersecurity risk management and ERM?

Answer 40

* NIST Cybersecurity Framework 2.0 – Enterprise Risk Management Quick-Start Guide * NIST IR 8286 series

Question 41

What is the purpose of NIST Interagency Report (IR) 8286?

Answer 41

Integrating Cybersecurity and Enterprise Risk Management (ERM) ## Footnote IR 8286 consists of several parts, including identifying, estimating, prioritizing, and staging cybersecurity risks.

Question 42

What does the NIST Cybersecurity Framework (CSF) help organizations with?

Answer 42

Integrating cybersecurity risk management with individual ICT risk management programs ## Footnote This includes programs like SP 800-37 and SP 800-30.

Question 43

How does the CSF relate to privacy risks?

Answer 43

It helps address privacy risks related to the loss of confidentiality, integrity, and availability of individuals’ data ## Footnote Examples include data breaches leading to identity theft.

Question 44

What is Cybersecurity Supply Chain Risk Management (C-SCRM)?

Answer 44

A systematic process for managing exposure to cybersecurity risk throughout supply chains ## Footnote It includes developing appropriate response strategies, policies, and procedures.

Question 45

What are the key components of the NIST CSF Core?

Answer 45

Functions, Categories, and Subcategories ## Footnote These components help organizations in managing their cybersecurity risks.

Question 46

Fill in the blank: The organizational mission is understood and informs _______.

Answer 46

cybersecurity risk management

Question 47

What does the category 'Govern' (GV) in the CSF include?

Answer 47

Organizational Context, Risk Management Strategy, Roles, Responsibilities, and Authorities, Policy, Oversight, Cybersecurity Supply Chain Risk Management ## Footnote Each component has specific identifiers for tracking.

Question 48

What is the role of 'Identify' (ID) in the CSF?

Answer 48

Understanding the organization’s current cybersecurity risks ## Footnote This includes asset management and risk assessment.

Question 49

True or False: Privacy risks can only arise from cybersecurity incidents.

Answer 49

False ## Footnote Privacy risks can also arise from data processing unrelated to cybersecurity.

Question 50

What does the 'Protect' (PR) function focus on?

Answer 50

Using safeguards to manage the organization’s cybersecurity risks ## Footnote This includes identity management and data security.

Question 51

What is the significance of the NIST Artificial Intelligence Risk Management Framework (AI RMF)?

Answer 51

Helps address cybersecurity and privacy risks associated with AI ## Footnote AI risks are treated alongside other enterprise risks.

Question 52

What does the 'Recover' (RC) function in the CSF entail?

Answer 52

Incident Recovery Plan Execution and Incident Recovery Communication ## Footnote This function ensures that organizations can recover from incidents.

Question 53

What is the purpose of the NIST Privacy Framework?

Answer 53

To address different aspects of cybersecurity and privacy risks ## Footnote It works alongside the NIST Cybersecurity Framework.

Question 54

Fill in the blank: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established and _______.

Answer 54

communicated

Question 55

What is the focus of the 'Detect' (DE) function in the CSF?

Answer 55

Continuous Monitoring and Adverse Event Analysis ## Footnote This function helps organizations identify cybersecurity incidents.

Question 56

What does the 'Incident Management' (RS.MA) subcategory involve?

Answer 56

Managing incidents effectively to mitigate impacts ## Footnote It is part of the 'Respond' (RS) function.

Question 57

What is the goal of 'Risk Assessment' (ID.RA) in the CSF?

Answer 57

Understanding the cybersecurity risk to the organization, assets, and individuals ## Footnote This includes identifying vulnerabilities and potential impacts.

Question 58

True or False: The CSF is only applicable to large organizations.

Answer 58

False ## Footnote The CSF is applicable to organizations of all sizes.

Question 59

What does 'Awareness and Training' (PR.AT) ensure?

Answer 59

Personnel possess the knowledge and skills to perform cybersecurity tasks ## Footnote Training is essential for effective risk management.

Question 60

What are access permissions, entitlements, and authorizations defined in?

Answer 60

A policy ## Footnote These are managed, enforced, and reviewed while incorporating the principles of least privilege and separation of duties.

Question 61

What is the purpose of awareness and training (PR.AT) in cybersecurity?

Answer 61

To provide personnel with cybersecurity awareness and training ## Footnote This ensures they can perform their cybersecurity-related tasks effectively.

Question 62

What does PR.AT-01 focus on?

Answer 62

Providing personnel with awareness and training for general cybersecurity tasks ## Footnote This includes understanding cybersecurity risks.

Question 63

What is the aim of PR.DS in data security?

Answer 63

To manage data consistent with the organization’s risk strategy ## Footnote This protects the confidentiality, integrity, and availability of information.

Question 64

What does PR.DS-01 protect?

Answer 64

The confidentiality, integrity, and availability of data-at-rest

Question 65

What does PR.PS stand for?

Answer 65

Platform Security ## Footnote It involves managing hardware, software, and services to protect their confidentiality, integrity, and availability.

Question 66

What is the purpose of PR.IR?

Answer 66

To manage security architectures with the organization’s risk strategy ## Footnote This protects asset confidentiality, integrity, and availability.

Question 67

What does DE.CM encompass in the detect phase?

Answer 67

Continuous monitoring of assets ## Footnote This is to find anomalies, indicators of compromise, and other potentially adverse events.

Question 68

What is the focus of DE.AE?

Answer 68

Analyzing anomalies and indicators of compromise ## Footnote This helps characterize events and detect cybersecurity incidents.

Question 69

What does RS.MA in the respond phase refer to?

Answer 69

Incident Management ## Footnote This involves managing responses to detected cybersecurity incidents.

Question 70

What is the goal of RC.RP in the recovery phase?

Answer 70

To perform restoration activities for operational availability ## Footnote This is for systems and services affected by cybersecurity incidents.

Question 71

What does Tier 1 of the CSF Tiers represent?

Answer 71

Partial application of the organizational cybersecurity risk strategy ## Footnote It indicates ad hoc management and limited awareness of cybersecurity risks.

Question 72

What characterizes Tier 3 of the CSF Tiers?

Answer 72

Repeatable risk management practices ## Footnote Policies are formally approved and cybersecurity practices are regularly updated.

Question 73

What is a CSF Category?

Answer 73

A group of related cybersecurity outcomes ## Footnote These collectively comprise a CSF Function.

Question 74

Define CSF Function.

Answer 74

The highest level of organization for cybersecurity outcomes ## Footnote There are six CSF Functions: Govern, Identify, Protect, Detect, Respond, and Recover.

Question 75

What does CSF Target Profile specify?

Answer 75

Desired Core outcomes prioritized for achieving cybersecurity objectives

Question 76

What is the role of CSF Informative Reference?

Answer 76

To map a relationship between a CSF Core outcome and existing standards ## Footnote This includes guidelines, regulations, or other content.

Question 77

True or False: The organization adapts its cybersecurity practices based on previous activities.

Answer 77

True

Question 78

Fill in the blank: CSF __________ is a mechanism for describing an organization’s current and/or target cybersecurity posture.

Answer 78

Organizational Profile