NIST CSF: PR.DS-4 Subcategory
From NIST's Cyber Security Framework (version 1):
Adequate capacity to ensure availability is maintained
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Capacity management (12.1.3)
ISO 27001:2013 -
Availability of information processing facilities (17.2.1)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Resource management (SR 7.2)
ISA/IEC 62443-3-3:2013 -
Denial of service protection (SR 7.1)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1561 | Disk Wipe | Impact |
| T1561.001 | Disk Content Wipe | Impact |
| T1486 | Data Encrypted for Impact | Impact |
| T1490 | Inhibit System Recovery | Impact |
| T1491.001 | Internal Defacement | Impact |
| T1485 | Data Destruction | Impact |
| T1561.002 | Disk Structure Wipe | Impact |
| T1491.002 | External Defacement | Impact |
| T1491 | Defacement | Impact |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| A3.a | Asset Management | Everything required to deliver, maintain or support networks and information systems necessary for the operation of essential functions is determined and understood. This includes data, people and systems, as well as any supporting infrastructure (such as power or cooling). |
| B3.b | Data in Transit | You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties. |
| B5.b | Design for Resilience | You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated. |
| B3.a | Understanding Data | You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions. |