CAF Outcome A2.b: Assurance
From the UK NCSC's Cyber Assessment Framework (version 3.1):
You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
A2.b: Assurance to CSF mappings generated from UK Cabinet Office table.
| Control ID | Description |
|---|---|
| ID.RA-5 | Threats, vulnerabilities, likelihoods, and impacts are used to determine risk |
| DE.DP-2 | Detection activities comply with all applicable requirements |
| DE.DP-3 | Detection processes are tested |
| ID.RA-1 | Asset vulnerabilities are identified and documented |
| ID.RA-6 | Risk responses are identified and prioritized |
| ID.GV-4 | Governance and risk management processes address cybersecurity risks |
| PR.PT-1 | Audit/log records are determined, documented, implemented, and reviewed in accordance with policy |
| PR.IP-12 | A vulnerability management plan is developed and implemented |
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Conduct periodic IACS audits (4.4.2.2)
ISA/IEC 62443-2-1:2009 -
Establish conformance metrics (4.4.2.3)
ISA/IEC 62443-2-1:2009 -
Audit the information and document management process (4.3.4.4.7)
ISA/IEC 62443-2-1:2009 -
Specify the methodology of the audit process (4.4.2.1)
ISA/IEC 62443-2-1:2009
Related ISO 27001 Controls
Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Information systems audit controls (12.7.1)
ISO 27001:2013 -
Technical compliance review (18.2.3)
ISO 27001:2013 -
System security testing (14.2.8)
ISO 27001:2013
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.