CyFun Controls
All 34 CyberFundamentals Basic-level controls grouped by NIST CSF function
Identify
9 controls · 47% avgPhysical devices and systems are inventoried
Software platforms and applications are inventoried
Organizational communication and data flows are mapped
Resources are prioritized based on classification and business value
Organizational cybersecurity policy is established and communicated
Legal and regulatory requirements regarding cybersecurity are understood and managed
Governance and risk management processes address cybersecurity risks
Asset vulnerabilities are identified and documented
Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
Protect
17 controls · 73% avgIdentities and credentials are issued, managed, verified, revoked, and audited
Physical access to assets is managed and protected
Remote access is managed
Remote access is secured with multi-factor authentication (MFA)
Access permissions and authorizations are managed
Access to critical information is identified and managed
Least privilege access is enforced
Administrator privileges are not used for daily tasks
Network integrity is protected with firewalls
Network segmentation is implemented where appropriate
All users are informed and trained
Assets are formally managed throughout removal, transfers, and disposition
Backups of information are conducted, maintained, and tested
Cybersecurity is included in human resources practices
Maintenance and repair of assets is performed and logged with approved tools
Audit/log records are determined, documented, implemented, and reviewed
Communications and control networks are protected
Detect
4 controls · 83% avgEvent data are collected and correlated from multiple sources
The network is monitored to detect potential cybersecurity events
Personnel activity is monitored to detect potential cybersecurity events
Malicious code is detected