Framework: The NIST Cybersecurity Framework (CSF)
Episodes
Welcome to Framework: The NIST CSF
14 Oct 2025
Contributed by Lukas
Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world ...
RC.CO-04 - Sharing Public Recovery Updates
25 Feb 2025
Contributed by Lukas
RC.CO-04 involves sharing public updates on incident recovery using approved channels and messaging, such as breach notifications or preventative step...
RC.CO-03 - Communicating Recovery Progress
25 Feb 2025
Contributed by Lukas
RC.CO-03 ensures recovery activities and progress are shared with designated stakeholders—like leadership and suppliers—consistent with response p...
RC.RP-06 - Declaring Recovery Completion
25 Feb 2025
Contributed by Lukas
RC.RP-06 declares the end of recovery once predefined criteria are met, finalizing the process with a comprehensive after-action report detailing the ...
RC.RP-05 - Confirming System Restoration
25 Feb 2025
Contributed by Lukas
RC.RP-05 verifies the integrity of restored assets—checking for lingering threats or root causes—before returning systems to production, confirmin...
RC.RP-04 - Restoring Critical Functions Post-Incident
25 Feb 2025
Contributed by Lukas
RC.RP-04 considers critical mission functions and cybersecurity risks to define post-incident operational norms, using impact records to prioritize re...
RC.RP-03 - Verifying Backup Integrity
25 Feb 2025
Contributed by Lukas
RC.RP-03 ensures backups and restoration assets are checked for integrity—free of compromise or corruption—before use in recovery efforts. This ve...
RC.RP-02 - Prioritizing Recovery Actions
25 Feb 2025
Contributed by Lukas
RC.RP-02 involves selecting, scoping, and prioritizing recovery actions based on incident response plan criteria and available resources, adapting as ...
RC.RP-01 - Launching Incident Recovery Efforts
25 Feb 2025
Contributed by Lukas
RC.RP-01 initiates the recovery phase of the incident response plan once triggered, ensuring all responsible parties are aware of their roles and requ...
RS.MI-02 - Eradicating Incident Threats
25 Feb 2025
Contributed by Lukas
RS.MI-02 ensures incidents are fully eradicated, removing threats like malware or unauthorized access through automated system features or manual resp...
RS.MI-01 - Containing Cybersecurity Incidents
25 Feb 2025
Contributed by Lukas
RS.MI-01 focuses on containing incidents to prevent their expansion, using automated tools like antivirus or manual actions by responders to isolate t...
RS.CO-03 - Sharing Information with Stakeholders
25 Feb 2025
Contributed by Lukas
RS.CO-03 involves sharing incident information with designated stakeholders—both internal, like leadership, and external, like ISACs—consistent wi...
RS.CO-02 - Notifying Stakeholders of Incidents
25 Feb 2025
Contributed by Lukas
RS.CO-02 ensures timely notification of internal and external stakeholders—like customers, partners, or regulators—about incidents, following brea...
RS.AN-08 - Assessing Incident Magnitude
25 Feb 2025
Contributed by Lukas
RS.AN-08 estimates and validates an incident’s magnitude by assessing its scope and impact, searching other targets for indicators of compromise or ...
RS.AN-07 - Preserving Incident Data Integrity
25 Feb 2025
Contributed by Lukas
RS.AN-07 focuses on collecting and preserving incident data and metadata—such as source and timestamps—using chain-of-custody procedures to ensure...
RS.AN-06 - Recording Investigation Actions
25 Feb 2025
Contributed by Lukas
RS.AN-06 ensures that all investigative actions during an incident—like system checks or containment steps—are meticulously recorded, with integri...
RS.AN-03 - Investigating Incident Causes
25 Feb 2025
Contributed by Lukas
RS.AN-03 conducts detailed analysis to reconstruct incident events, identify involved assets, and pinpoint root causes, such as exploited vulnerabilit...
RS.MA-05 - Initiating Incident Recovery
25 Feb 2025
Contributed by Lukas
RS.MA-05 applies predefined criteria to determine when to shift from response to recovery, based on incident characteristics and operational considera...
RS.MA-04 - Escalating Incidents When Needed
25 Feb 2025
Contributed by Lukas
RS.MA-04 ensures incidents are escalated or elevated to higher levels of authority or expertise when their complexity or impact exceeds initial handli...
RS.MA-03 - Categorizing and Prioritizing Incidents
25 Feb 2025
Contributed by Lukas
RS.MA-03 categorizes incidents—such as ransomware or data breaches—and prioritizes them based on scope, impact, and urgency, balancing rapid recov...
RS.MA-02 - Triaging and Validating Incident Reports
25 Feb 2025
Contributed by Lukas
RS.MA-02 involves triaging and validating incident reports to confirm their cybersecurity relevance and need for response, applying severity criteria ...
RS.MA-01 - Executing the Incident Response Plan
25 Feb 2025
Contributed by Lukas
RS.MA-01 initiates the execution of the incident response plan in coordination with third parties—like outsourcers or suppliers—once an incident i...
DE.AE-08 - Declaring Incidents Based on Criteria
25 Feb 2025
Contributed by Lukas
DE.AE-08 involves declaring incidents when adverse events meet predefined criteria, such as severity or scope, ensuring a formal response is triggered...
DE.AE-07 - Enhancing Analysis with Threat Intelligence
25 Feb 2025
Contributed by Lukas
DE.AE-07 integrates cyber threat intelligence and contextual data—like asset inventories or vulnerability disclosures—into adverse event analysis ...
DE.AE-06 - Sharing Adverse Event Information
25 Feb 2025
Contributed by Lukas
DE.AE-06 ensures that information about adverse events is promptly shared with authorized staff—such as SOC teams and incident responders—and inte...
DE.AE-04 - Estimating the Impact of Adverse Events
25 Feb 2025
Contributed by Lukas
DE.AE-04 estimates the impact and scope of adverse events to gauge their potential harm, using tools like SIEMs or manual analysis to assess affected ...
DE.AE-03 - Correlating Data from Multiple Sources
25 Feb 2025
Contributed by Lukas
DE.AE-03 correlates information from diverse sources—like logs, sensors, and threat intelligence—to build a unified picture of potential adverse e...
DE.AE-02 - Analyzing Adverse Events for Insights
25 Feb 2025
Contributed by Lukas
DE.AE-02 focuses on analyzing potentially adverse events to understand their nature, using tools like SIEM systems to examine log events for malicious...
DE.CM-09 - Detecting Threats Across Technology Stacks
25 Feb 2025
Contributed by Lukas
DE.CM-09 involves monitoring hardware, software, runtime environments, and associated data to detect adverse events like malware, phishing, or tamperi...
DE.CM-06 - Monitoring External Service Providers
25 Feb 2025
Contributed by Lukas
DE.CM-06 requires monitoring the activities and services of external providers—like cloud platforms or ISPs—to detect adverse events that could im...
DE.CM-03 - Tracking Personnel and Technology Usage
25 Feb 2025
Contributed by Lukas
DE.CM-03 monitors personnel activity and technology usage to identify potentially adverse events, such as insider threats or policy violations, using ...
DE.CM-02 - Watching the Physical Environment for Threats
25 Feb 2025
Contributed by Lukas
DE.CM-02 involves monitoring the physical environment housing technology assets to detect adverse events, such as unauthorized access or tampering wit...
DE.CM-01 - Monitoring Networks for Adverse Events
25 Feb 2025
Contributed by Lukas
DE.CM-01 focuses on continuously monitoring networks and network services, such as DNS and BGP, to detect potentially adverse events like unauthorized...
PR.IR-04 - Maintaining Resource Capacity for Availability
25 Feb 2025
Contributed by Lukas
PR.IR-04 maintains sufficient resource capacity—storage, compute, power, and bandwidth—to ensure system availability, monitoring usage and forecas...
PR.IR-03 - Building Resilient Technology Systems
25 Feb 2025
Contributed by Lukas
PR.IR-03 implements mechanisms like redundant storage, load balancing, and high-availability components to meet resilience requirements under both nor...
PR.IR-02 - Shielding Assets from Environmental Threats
25 Feb 2025
Contributed by Lukas
PR.IR-02 safeguards technology assets from environmental threats like flooding, fire, or excessive heat, using physical protections and resilient infr...
PR.IR-01 - Protecting Against Unauthorized Network Access
25 Feb 2025
Contributed by Lukas
PR.IR-01 protects networks and environments from unauthorized logical access by segmenting them based on trust boundaries (e.g., IT, IoT, OT) and rest...
PR.PS-06 - Securing the Software Development Process
25 Feb 2025
Contributed by Lukas
PR.PS-06 integrates secure development practices into the software lifecycle, protecting code from tampering and ensuring releases have minimal vulner...
PR.PS-05 - Preventing Unauthorized Software Use
25 Feb 2025
Contributed by Lukas
PR.PS-05 prevents the installation and execution of unauthorized software by restricting platforms to approved applications and verifying software int...
PR.PS-04 - Enabling Continuous Monitoring with Logs
25 Feb 2025
Contributed by Lukas
PR.PS-04 requires configuring systems, applications, and services to generate log records that support continuous monitoring, ensuring visibility into...
PR.PS-03 - Managing Hardware Lifecycles
25 Feb 2025
Contributed by Lukas
PR.PS-03 ensures hardware is maintained, replaced, or securely removed based on its security capabilities and risk profile, such as replacing devices ...
PR.PS-02 - Maintaining Software Security
25 Feb 2025
Contributed by Lukas
PR.PS-02 focuses on maintaining, replacing, or removing software based on risk, including timely patching, updating container images, and phasing out ...
PR.PS-01 - Implementing Configuration Management
25 Feb 2025
Contributed by Lukas
PR.PS-01 establishes and applies configuration management practices to maintain secure baselines for hardware, software, and services, adhering to the...
PR.DS-11 - Ensuring Reliable Data Backups
25 Feb 2025
Contributed by Lukas
PR.DS-11 ensures that data backups are regularly created, securely stored, and tested to maintain availability and integrity for recovery purposes. Th...
PR.DS-10 - Safeguarding Data-in-Use
25 Feb 2025
Contributed by Lukas
PR.DS-10 protects data-in-use—actively processed in memory or applications—by removing it when no longer needed and isolating it from other users ...
PR.DS-02 - Securing Data-in-Transit
25 Feb 2025
Contributed by Lukas
PR.DS-02 secures data-in-transit—moving across networks or communications—using encryption and integrity checks like digital signatures to prevent...
PR.DS-01 - Protecting Data-at-Rest
25 Feb 2025
Contributed by Lukas
PR.DS-01 focuses on securing data-at-rest—stored in files, databases, or devices—using encryption, digital signatures, and physical controls to pr...
PR.AT-02 - Preparing Specialists for Cybersecurity Roles
25 Feb 2025
Contributed by Lukas
PR.AT-02 targets individuals in specialized roles—like cybersecurity staff, finance personnel, or senior leaders—with tailored training to address...
PR.AT-01 - Training Personnel on Cybersecurity Basics
25 Feb 2025
Contributed by Lukas
PR.AT-01 ensures that all personnel—employees, contractors, and partners—receive basic cybersecurity awareness and training to handle tasks secure...
PR.AA-06 - Controlling Physical Access to Assets
25 Feb 2025
Contributed by Lukas
PR.AA-06 addresses the management and monitoring of physical access to assets, using controls like security guards, cameras, and locked entries to res...
PR.AA-05 - Enforcing Access Control Policies
25 Feb 2025
Contributed by Lukas
PR.AA-05 establishes a policy-driven approach to managing access permissions, ensuring they are granted based on need (least privilege) and distinct r...
PR.AA-04 - Securing Identity Assertions
25 Feb 2025
Contributed by Lukas
PR.AA-04 focuses on securing identity assertions—digital statements used to convey authentication and user information—across systems like single ...
PR.AA-03 - Authenticating Users and Devices
25 Feb 2025
Contributed by Lukas
PR.AA-03 mandates the authentication of users, services, and hardware to verify their identity before granting access to organizational assets. This c...
PR.AA-02 - Verifying Identities for Credential Issuance
25 Feb 2025
Contributed by Lukas
PR.AA-02 requires verifying the identities of individuals or entities before binding them to credentials, tailoring the proofing process to the contex...
PR.AA-01 - Managing Identities and Credentials
25 Feb 2025
Contributed by Lukas
PR.AA-01 focuses on the management of identities and credentials for all authorized entities—users, services, and hardware—within the organization...
ID.IM-04 - Strengthening Incident Response Plans
25 Feb 2025
Contributed by Lukas
ID.IM-04 involves establishing, sharing, and maintaining cybersecurity plans—like incident response or disaster recovery—that impact operations, w...
ID.IM-03 - Enhancing Processes from Operational Insights
25 Feb 2025
Contributed by Lukas
ID.IM-03 seeks improvements from the day-to-day execution of cybersecurity processes, procedures, and activities, capturing lessons learned in real-wo...
ID.IM-02 - Improving Through Security Tests and Exercises
25 Feb 2025
Contributed by Lukas
ID.IM-02 identifies improvements from security tests and exercises, like penetration testing or incident response simulations, often involving supplie...
ID.IM-01 - Learning from Cybersecurity Evaluations
25 Feb 2025
Contributed by Lukas
ID.IM-01 focuses on identifying improvements to cybersecurity risk management through evaluations, such as self-assessments or third-party audits. The...
ID.RA-10 - Assessing Critical Suppliers Before Acquisition
25 Feb 2025
Contributed by Lukas
ID.RA-10 involves conducting risk assessments of critical suppliers before engaging them, evaluating their cybersecurity practices and supply chain ri...
ID.RA-09 - Verifying Hardware and Software Integrity
25 Feb 2025
Contributed by Lukas
ID.RA-09 requires assessing the authenticity and integrity of hardware and software before purchase or deployment, ensuring they are free from tamperi...
ID.RA-08 - Handling Vulnerability Disclosures
25 Feb 2025
Contributed by Lukas
ID.RA-08 establishes processes for handling vulnerability disclosures from suppliers, customers, or government sources, ensuring timely analysis and r...
ID.RA-07 - Managing Changes and Exceptions in Risk
25 Feb 2025
Contributed by Lukas
ID.RA-07 focuses on managing changes to systems or processes and exceptions to policies, assessing their risk impacts, and documenting them for oversi...
ID.RA-06 - Prioritizing Risk Response Strategies
25 Feb 2025
Contributed by Lukas
ID.RA-06 involves selecting, prioritizing, and planning risk responses—such as mitigation, acceptance, or transfer—based on assessed risks, then t...
ID.RA-05 - Understanding Inherent Cybersecurity Risks
25 Feb 2025
Contributed by Lukas
ID.RA-05 uses data on threats, vulnerabilities, likelihoods, and impacts to assess inherent risk—the risk before controls are applied—and prioriti...
ID.RA-04 - Assessing Threat Impact and Likelihood
25 Feb 2025
Contributed by Lukas
ID.RA-04 requires assessing and documenting the likelihood and potential impacts of threats exploiting identified vulnerabilities, such as data breach...
ID.RA-03 - Recognizing Internal and External Threats
25 Feb 2025
Contributed by Lukas
ID.RA-03 involves identifying and documenting threats—both internal, like insider risks, and external, like cyberattacks—that could impact the org...
ID.RA-02 - Leveraging Cyber Threat Intelligence
25 Feb 2025
Contributed by Lukas
ID.RA-02 focuses on gathering cyber threat intelligence from forums, advisories, and reputable sources to stay informed about current and emerging thr...
ID.RA-01 - Identifying and Recording Asset Vulnerabilities
25 Feb 2025
Contributed by Lukas
ID.RA-01 involves identifying, validating, and documenting vulnerabilities in organizational assets, including software, hardware, and facilities. Thi...
ID.AM-08 - Managing Assets Across Their Lifecycle
25 Feb 2025
Contributed by Lukas
ID.AM-08 focuses on managing all assets—systems, hardware, software, services, and data—across their entire life cycles, from deployment to dispos...
ID.AM-07 - Inventorying Sensitive Data and Metadata
25 Feb 2025
Contributed by Lukas
ID.AM-07 requires maintaining inventories of designated data types—like PII, health information, or intellectual property—along with metadata such...
ID.AM-05 - Prioritizing Assets by Importance
25 Feb 2025
Contributed by Lukas
ID.AM-05 involves prioritizing assets—data, hardware, software, and services—based on their classification, criticality, resource needs, and missi...
ID.AM-04 - Cataloging Supplier-Provided Services
25 Feb 2025
Contributed by Lukas
ID.AM-04 requires organizations to keep inventories of supplier-provided services, such as IaaS, PaaS, SaaS, and APIs, used in their operations. This ...
ID.AM-03 - Mapping Network Communication Flows
25 Feb 2025
Contributed by Lukas
ID.AM-03 involves maintaining up-to-date representations of authorized network communications and data flows, both within the organization and with ex...
ID.AM-02 - Managing Software and Service Inventories
25 Feb 2025
Contributed by Lukas
ID.AM-02 focuses on maintaining detailed inventories of software, services, and systems, covering everything from commercial applications to cloud-bas...
ID.AM-01 - Tracking Organizational Hardware Assets
25 Feb 2025
Contributed by Lukas
ID.AM-01 requires organizations to maintain comprehensive inventories of all hardware assets under their control, including IT, IoT, OT, and mobile de...
GV.SC-10 - Planning for Post-Partnership Security
25 Feb 2025
Contributed by Lukas
GV.SC-10 ensures that supply chain risk management plans address post-relationship activities, such as terminating supplier access or managing data di...
GV.SC-09 - Monitoring Supply Chain Security Practices
25 Feb 2025
Contributed by Lukas
GV.SC-09 embeds supply chain security practices into cybersecurity and enterprise risk management, ensuring consistent oversight from acquisition to d...
GV.SC-08 - Including Suppliers in Incident Response Planning
25 Feb 2025
Contributed by Lukas
GV.SC-08 integrates key suppliers and third parties into the organization’s incident planning, response, and recovery efforts, ensuring coordinated ...
GV.SC-07 - Managing Supplier Risks Throughout Relationships
25 Feb 2025
Contributed by Lukas
GV.SC-07 ensures ongoing understanding and management of risks from suppliers and third parties throughout their relationship with the organization. T...
GV.SC-06 - Conducting Due Diligence Before Supplier Partnerships
25 Feb 2025
Contributed by Lukas
GV.SC-06 mandates thorough planning and due diligence before engaging suppliers or third parties, assessing their cybersecurity capabilities and risks...
GV.SC-05 - Setting Cybersecurity Requirements for Suppliers
25 Feb 2025
Contributed by Lukas
GV.SC-05 establishes and prioritizes cybersecurity requirements for suppliers, embedding them into contracts and agreements to enforce consistent secu...
GV.SC-04 - Prioritizing Suppliers by Criticality
25 Feb 2025
Contributed by Lukas
GV.SC-04 requires organizations to identify all suppliers and rank them based on their criticality to operations, considering factors like data sensit...
GV.SC-03 - Integrating Supply Chain Risks into Broader Frameworks
25 Feb 2025
Contributed by Lukas
GV.SC-03 integrates supply chain risk management into the organization’s broader cybersecurity and enterprise risk management (ERM) frameworks, ensu...
GV.SC-02 - Defining Cybersecurity Roles in the Supply Chain
25 Feb 2025
Contributed by Lukas
GV.SC-02 emphasizes defining and sharing cybersecurity roles and responsibilities for all parties in the supply chain—suppliers, customers, and part...
GV.SC-01 - Building a Supply Chain Risk Management Program
25 Feb 2025
Contributed by Lukas
GV.SC-01 focuses on creating a structured cybersecurity supply chain risk management program that includes a clear strategy, objectives, policies, and...
GV.OV-03 - Evaluating Cybersecurity Performance
25 Feb 2025
Contributed by Lukas
GV.OV-03 emphasizes measuring and reviewing the organization’s cybersecurity risk management performance using indicators like KPIs and KRIs. This e...
GV.OV-02 - Adjusting Strategies for Comprehensive Risk Coverage
25 Feb 2025
Contributed by Lukas
GV.OV-02 involves periodic reviews of the cybersecurity risk management strategy to confirm it addresses all organizational requirements and emerging ...
GV.OV-01 - Reviewing Cybersecurity Strategy Outcomes
25 Feb 2025
Contributed by Lukas
GV.OV-01 focuses on evaluating the outcomes of the cybersecurity risk management strategy to refine its direction and effectiveness. This involves mea...
GV.PO-02 - Keeping Cybersecurity Policies Current
25 Feb 2025
Contributed by Lukas
GV.PO-02 ensures that the cybersecurity risk management policy remains dynamic, undergoing regular reviews to adapt to evolving threats, technologies,...
GV.PO-01 - Establishing a Cybersecurity Risk Management Policy
25 Feb 2025
Contributed by Lukas
GV.PO-01 involves creating a formal cybersecurity risk management policy that reflects the organization’s unique context, strategy, and priorities. ...
GV.RR-04 - Embedding Cybersecurity in HR Practices
25 Feb 2025
Contributed by Lukas
GV.RR-04 integrates cybersecurity considerations into human resources processes, such as hiring, onboarding, training, and offboarding, to enhance org...
GV.RR-03 - Allocating Resources for Cybersecurity Success
25 Feb 2025
Contributed by Lukas
GV.RR-03 ensures that sufficient resources—people, processes, and technology—are allocated to support the organization’s cybersecurity risk stra...
GV.RR-02 - Clarifying Cybersecurity Roles and Responsibilities
25 Feb 2025
Contributed by Lukas
GV.RR-02 focuses on defining and disseminating clear roles, responsibilities, and authorities for cybersecurity risk management across the organizatio...
GV.RR-01 - Leadership’s Role in Cybersecurity Accountability
25 Feb 2025
Contributed by Lukas
GV.RR-01 assigns responsibility to leadership for overseeing cybersecurity risk, ensuring they are accountable for strategy development and execution....
GV.RM-07 - Embracing Strategic Opportunities in Risk Management
25 Feb 2025
Contributed by Lukas
GV.RM-07 recognizes that not all risks are negative, encouraging organizations to identify and discuss strategic opportunities, or “positive risks,”...
GV.RM-06 - Standardizing Cybersecurity Risk Assessment
25 Feb 2025
Contributed by Lukas
GV.RM-06 establishes a consistent methodology for assessing and prioritizing cybersecurity risks, using tools like risk registers or quantitative form...
GV.RM-05 - Building Communication Channels for Cybersecurity Risks
25 Feb 2025
Contributed by Lukas
GV.RM-05 emphasizes creating structured communication channels to share cybersecurity risk information across departments and with external parties li...
GV.RM-04 - Crafting Strategic Risk Response Options
25 Feb 2025
Contributed by Lukas
GV.RM-04 focuses on defining and sharing a strategic direction for responding to cybersecurity risks, outlining options like acceptance, mitigation, o...
GV.RM-03 - Integrating Cybersecurity into Enterprise Risk Management
25 Feb 2025
Contributed by Lukas
GV.RM-03 integrates cybersecurity risk management into the broader enterprise risk management (ERM) framework, ensuring it is considered alongside oth...