Control 1 Mapping to the NIST Cybersecurity Framework

00:00

Hey, everyone, welcome back to the course. So in the last video, we took a look at control number one of the CIA's control. So again, that one was inventory and control of hardware assets. In this video, we're just gonna take a look at how that control maps to the NIST cybersecurity framework.

00:16

So we're gonna be basically looking at the sub controls under control one, and we're going to see how they map map up. Now, one thing to keep in mind as we go throughout this course is not all of these are a 1 to 1 match. You know, Tate, that as we go through the course

00:32

So first up, we have some control 1.1 which is basically covering using active directory tool.

00:39

And that's mapping to a nist CSF d dot cmm dash seven. So again, a lot of the cybersecurity framework ones are more generalized, but they'll be mapping in sort of a 1 to 1 sense to many of the C I s up controls. But again, there are some that are not a 1 to 1 match.

01:00

Next, we have some control 1.2, which is just using a passive asset discovery tool.

01:04

And again, the whole purpose here is to try to identify what are the hardware assets we have on our network?

01:12

Some control 1.3 using two D HCP logging to update asset inventory

01:19

and then maps to the nus CSF d dot c M Dash seven. Now again, I'm not going to be reading through every single one of these verbatim because you can read for yourself on the slides. And again, I want to mention that thes slides are available for download in this course under the resource is section, so you can use those as a guide to study as well.

01:38

We've got some control 1.4, which covers are maintaining a detailed asset inventory. So again, once we identify those assets, we need to maintain them. And if you've ever worked as like a sys admin or network engineer, you definitely know when you go to a new company, there's lots of random things. You find that your say, Hey, where's this at? This isn't even identified,

01:56

and that's just part of the game, right? That's why a lot of companies have issues with

02:00

identifying exactly what's on their network and what should be there and what shouldn't be there

02:07

some control. 1.5. We're talking again about maintaining the acid inventory, but in this end instance we're talking about the information. So not just listing. We got this device over here. What is that device? What's it being used for? Why do we even have it on the network?

02:23

And what happens if we need to get rid of that device? What happens if we need to replace it? We need to maintain it, etcetera.

02:30

See, I assume control 1.62 covers unauthorized assets. So when we find that random WiFi a pineapple, right, the pineapple device. When we find that,

02:40

what do we do?

02:42

How do I do? How do we address that?

02:46

CS sub control 1.7

02:49

deploying port level access control.

02:52

I'm basically meaning that's her. Users can just open up any ports they want to, or that a nefarious actor can't do so as well. That doesn't prevent it 100% but just putting that type of protection in place.

03:04

PCSK sub control 1.8 here were utilizing the client certificates to authenticate or hardware assets. So just making sure that this is an asset and using a security certificate to make sure.

03:16

So in this video we discovered a brief overview of how the CS sub controls for control one again inventory in control of hardware assets. How that actually maps to the NIST cybersecurity framework

03:29

in the next video, we're gonna go ahead and get a little hands on. So we're gonna do a lab that's called Run a Network, Skin using and map. And basically, we're just gonna run some scans using and map and more specifically, the gooey version. Which Zen map. So don't worry if you don't have any hands on experience using and map bird and go step by, step through that lab. And by the way,

03:46

in the resource is section of this course. There are downloadable guides that walk you step by, step through the lab. So that way you could have that