NIST CSF: ID.AM-6 Subcategory

From NIST's Cyber Security Framework (version 1):

Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
PM-11: Mission and Business Process Definition
CP-2: Contingency Plan
PS-7: External Personnel Security

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Information security roles and responsibilities (6.1.1)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Define the organisational responsibilities (4.3.2.3.3)
    ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID Title Associated Tactics
T1561 Disk Wipe Impact
T1561.001 Disk Content Wipe Impact
T1486 Data Encrypted for Impact Impact
T1490 Inhibit System Recovery Impact
T1491.001 Internal Defacement Impact
T1485 Data Destruction Impact
T1561.002 Disk Structure Wipe Impact
T1491.002 External Defacement Impact
T1491 Defacement Impact

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
A4.a Supply Chain The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.
A1.b Roles and Responsibilities Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.