Content library
CyFun

Requirements included in the framework

Policy
Linked frameworks
Framework
Tasks
Effectiveness of protection technologies is shared.
PR.IP-8
CyberFundamentals (Belgium)
3
Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.
PR.IP-9
CyberFundamentals (Belgium)
4
Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools.
PR.MA-1
CyberFundamentals (Belgium)
4
Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access.
PR.MA-2
CyberFundamentals (Belgium)
2
Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.
PR.PT-1
CyberFundamentals (Belgium)
6
Removable media is protected, and its use restricted according to policy.
PR.PT-2
CyberFundamentals (Belgium)
3
The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.
PR.PT-3
CyberFundamentals (Belgium)
3
Communications and control networks are protected. Web and e-mail filters shall be installed and used.
PR.PT-4
CyberFundamentals (Belgium)
6
Public relations are managed.
RC.CO-1
CyberFundamentals (Belgium)
4
Reputation is repaired after an incident.
RC.CO-2
CyberFundamentals (Belgium)
4
Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
RC.CO-3
CyberFundamentals (Belgium)
1
Recovery plans incorporate lessons learned.
RC.IM-1
CyberFundamentals (Belgium)
4
Recovery strategies are updated.
RC.IM-2
CyberFundamentals (Belgium)
3
Recovery plan is executed during or after a cybersecurity incident.
RC.RP-1
CyberFundamentals (Belgium)
6
Notifications from detection systems are investigated.
RS.AN-1
CyberFundamentals (Belgium)
4
The impact of the incident is understood.
RS.AN-2
CyberFundamentals (Belgium)
4
Forensics are performed.
RS.AN-3
CyberFundamentals (Belgium)
2
Incidents are categorized consistent with response plans.
RS.AN-4
CyberFundamentals (Belgium)
2
Processes are established to receive, analyse, and respond to vulnerabilities disclosed to the organization from internal and external sources.
RS.AN-5
CyberFundamentals (Belgium)
6
Personnel know their roles and order of operations when a response is needed.
RS.CO-1
CyberFundamentals (Belgium)
2
Incidents are reported consistent with established criteria.
RS.CO-2
CyberFundamentals (Belgium)
3
Information is shared consistent with response plans.
RS.CO-3
CyberFundamentals (Belgium)
5
Coordination with stakeholders occurs consistent with response plans.
RS.CO-4
CyberFundamentals (Belgium)
2
Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness.
RS.CO-5
CyberFundamentals (Belgium)
2