ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
PM-15: Security and Privacy Groups and Associations
Establish and institutionalize contact with selected groups and associations within the security and privacy communities: To facilitate ongoing security and privacy education and training for organizational personnel; To maintain currency with recommended security and privacy practices, techniques, and technologies; and To share current security and privacy information, including threats, vulnerabilities, and incidents.
PM-16: Threat Awareness Program
Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence.
RA-10: Threat Hunting
Establish and maintain a cyber threat hunting capability to: Search for indicators of compromise in organizational systems; and Detect, track, and disrupt threats that evade existing controls; and Employ the threat hunting capability [Assignment: organization-defined frequency].
SI-5: Security Alerts, Advisories, and Directives
Receive system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; Generate internal security alerts, advisories, and directives as deemed necessary; Disseminate security alerts, advisories, and directives to: [Assignment (one or more): [Assignment: organization-defined personnel or roles] , [Assignment: organization-defined elements within the organization] , [Assignment: organization-defined external organizations] ];…
NIST Special Publication 800-171 Revision 2
3.14.1: Identify, report, and correct system flaws in a timely manner
Organizations identify systems that are affected by announced software and firmware flaws including potential vulnerabilities resulting from those flaws and report this information to designated personnel with information security responsibilities. Security-relevant updates include patches, service packs, hot fixes, and anti-virus signatures. Organizations address flaws discovered during security assessments, continuous monitoring, incident response activities, and system…
3.14.3: Monitor system security alerts and advisories and take action in response
There are many publicly available sources of system security alerts and advisories. For example, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness across the federal government and in nonfederal organizations. Software vendors, subscription services, and industry information sharing and analysis centers (ISACs) may…
Cloud Controls Matrix v3.0.1
SEF-01: Contact / Authority Maintenance
Points of contact for applicable regulation authorities, national and local law enforcement, and other legal jurisdictional authorities shall be maintained and regularly updated (e.g., change in impacted-scope and/or a change in any compliance obligation) to ensure direct compliance liaisons have been established and to be prepared for a forensic investigation requiring rapid engagement with law…
SEF-03: Incident Reporting
Workforce personnel and external business relationships shall be informed of their responsibilities and, if required, shall consent and/or contractually agree to report all information security events in a timely manner. Information security events shall be reported through predefined communications channels in a timely manner adhering to applicable legal, statutory, or regulatory compliance obligations.
NIST Special Publication 800-53 Revision 4
PM-15: Contacts With Security Groups And Associations
The organization establishes and institutionalizes contact with selected groups and associations within the security community: To facilitate ongoing security education and training for organizational personnel; To maintain currency with recommended security practices, techniques, and technologies; and To share current security-related information including threats, vulnerabilities, and incidents.
PM-16: Threat Awareness Program
The organization implements a threat awareness program that includes a cross-organization information-sharing capability.
SI-5: Security Alerts, Advisories, And Directives
The organization: Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; Generates internal security alerts, advisories, and directives as deemed necessary; Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]];…