NIST CSF: PR.PT-1 Subcategory

From NIST's Cyber Security Framework (version 1):

Audit/log records are determined, documented, implemented, and reviewed in accordance with policy

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Information systems audit controls (12.7.1)
ISO 27001:2013
Clock synchronisation (12.4.4)
ISO 27001:2013
Event Logging (12.4.1)
ISO 27001:2013
Administrator and operator logs (12.4.3)
ISO 27001:2013
Protection of log information (12.4.2)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Timestamps (SR 2.11)
ISA/IEC 62443-3-3:2013
Auditable events (SR 2.8)
ISA/IEC 62443-3-3:2013
Establish procedures for the addition, removal, and disposal of assets (4.3.3.3.9)
ISA/IEC 62443-2-1:2009
Conduct periodic IACS audits (4.4.2.2)
ISA/IEC 62443-2-1:2009
Response to audit processing failures (SR 2.10)
ISA/IEC 62443-3-3:2013
Audit account administration (4.3.3.5.8)
ISA/IEC 62443-2-1:2009
Establish a document audit trail (4.4.2.4)
ISA/IEC 62443-2-1:2009
Audit the information and document management process (4.3.4.4.7)
ISA/IEC 62443-2-1:2009
Specify the methodology of the audit process (4.4.2.1)
ISA/IEC 62443-2-1:2009
Non-repudiation (SR 2.12)
ISA/IEC 62443-3-3:2013
Audit storage capacity (SR 2.9)
ISA/IEC 62443-3-3:2013

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID	Name	Description
B2.d	Identity and Access Management (IdAM)	You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function.
C1.a	Monitoring Coverage	The data sources that you include in your monitoring allow for timely identification of security events which might affect the operation of your essential function.
C1.b	Securing Logs	You hold logging da ta securely and grant read access only to accounts with business need. No employee should ever need to modify or delete logging data within an agreed retention period, after which it should be deleted.
A2.b	Assurance	You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.
B2.c	Privileged User Management	You closely manage privileged user access to networks and information systems supporting the essential function.
C1.c	Generating Alerts	Evidence of potential security incidents contained in your monitoring data is reliably identified and triggers alerts.

NIST CSF: PR.PT-1 Subcategory

Cyber Threat Graph Context

Related ISO 27001 Controls

Information systems audit controls (12.7.1)

Clock synchronisation (12.4.4)

Event Logging (12.4.1)

Administrator and operator logs (12.4.3)

Protection of log information (12.4.2)

Related ISA/IEC 62443 Controls

Timestamps (SR 2.11)

Auditable events (SR 2.8)

Establish procedures for the addition, removal, and disposal of assets (4.3.3.3.9)

Conduct periodic IACS audits (4.4.2.2)

Response to audit processing failures (SR 2.10)

Audit account administration (4.3.3.5.8)

Establish a document audit trail (4.4.2.4)

Audit the information and document management process (4.3.4.4.7)

Specify the methodology of the audit process (4.4.2.1)

Non-repudiation (SR 2.12)

Audit storage capacity (SR 2.9)

CSF Mapped to the NCSC CAF