Download the PDF version here.

NIST FunctionFunction IDCategoryDescriptionVerve SolutionComments
IDENTIFYID.AMAsset ManagementThe data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.YesVerve's endpoint asset management solution collects 1,000+ pieces of information beyond network devices for 360-degree IT and OT asset visibility. Prioritizing risk remediation is key to the management of the asset inventory.
IDENTIFYID.BEBusiness EnvironmentThe organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cyber security roles, responsibilities, and risk management decisions.Platform supports the practiceThe inventory is the base but the context of the asset helps organizations to better scope roles, responsibilities and activities of the most appropriate (ie, IT or OT) personnel.
IDENTIFYID.GVGovernanceThe policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cyber security risk.Platform supports the practiceVerve's real time view into actual system and risk configuration, activities and trends support and prove adherence or direct activities as required. Verve is a real time view into current risk and status of OT assets.
IDENTIFYID.RARisk AssessmentThe organization understands the cyber security risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.YesVerve's 360-degree asset analysis aggregates a full view of the environment into a single database to understand the vulnerability landscape and prioritize remediation actions.
IDENTIFYID.RMRisk Management StrategyThe organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.YesVerve's approach provides a quantifiable reduction in risk using proprietary risk scoring and remediation planning.
IDENTIFYID.SCSupply Chain Risk ManagementThe organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.Platform supports the practiceAs noted above, Verve provides real time data coupled with OT asset context to allow for owner/operators to make informed, contextual decisions about risk and assets.
PROTECTPR.ACIdentity Management & Access ControlAccess to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.YesVerve enumerates users, shared accounts, admin accounts, password expiry and tracks access to specific systems or actions on those systems as needed.
PROTECTPR.ATAwareness & TrainingThe organization’s personnel and partners are provided cyber security awareness education and are trained to perform their cyber security-related duties and responsibilities consistent with related policies, procedures, and agreements.Platform supports the practiceVerve data informs existing programs. For example, Verve displays non-patched assets with vendor approved status to show when patching cycles are lagging. Similarly, Verve enumerates user/access permissions. Clients often find this data invaluable in performing annual access reviews.
PROTECTPR.DSData SecurityInformation and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.Platform supports the practiceData handling is not currently a part of the Verve platform. However, Verve provides very granular control of access to risk and asset data which extends corporate information handling to the area of OT cyber security as provided by Verve.
PROTECTPR.IPInformation Protection Processes & ProceduresSecurity policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.Platform supports the practiceAs noted above, Verve is very useful in determining the adherence (or not) to corporate standards of risk, behavior and maintenance tasks.
PROTECTPR.MAMaintenanceMaintenance and repairs of industrial control and information system components are performed consistent with policies and procedures.NoVerve is not a maintenance platform, but identifies end-of-life assets as needed.
PROTECTPR.PTProtective TechnologyTechnical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.YesVerve is exactly this type of security tool, providing. OT Systems Management across a wide range of security practice from inventory to vulnerabilities, patching, software and user management, as well as system configuration (hardening) and monitoring and detection (Host Based Intrusion Detection).
DETECTDE.AEAnomalies & EventsAnomalous activity is detected and the potential impact of events is understood.YesThe Verve Security Center detects anomalous patterns in behavior that indicate potential threats in the environment.
DETECTDE.CMSecurity Continuous MonitoringThe information system and assets are monitored to identify cyber security events and verify the effectiveness of protective measures.YesVerve ships with hundreds of alerting and detection thresholds. We are continually evolving the capabilities of this function as real world risk evolves, thus providing clients with valuable monitoring capabiIities in line with emerging threats.
DETECTDE.DPDetection ProcessesDetection processes and procedures are maintained and tested to ensure awareness of anomalous events.YesOT/ICS-specific signals create alerts which can be sent to critical parties for vulnerability management, risk and compliance processes.
RESPONDRS.RPResponse PlanningResponse processes and procedures are executed and maintained, to ensure response to detected cybersecurity incidents.Platform supports the practiceVerve's SIEM allows for rapid response as soon as alerts are identified in a way that is controlled by OT engineers to ensure quick but reliable event response.
RESPONDRS.COCommunicationsResponse activities are coordinated with internal and external stakeholders (e.g. external support from law enforcement agencies).Platform supports the practiceVerve identifies in scope assets - this, coupled with a 360-degree view of an asset allows users to identify an asset, its owner, manufacturer and a host of other indicators that speed in the triage but also streamline the communication process during and after an incident.
RESPONDRS.ANAnalysisAnalysis is conducted to ensure effective response and support recovery activities.YesVerve's integrated visibility to current and past alarms allow for root cause analysis and incident handling.
RESPONDRS.MIMitigationActivities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.YesVerve is a real time view into risk as well as a mechanism to reactively (or proactively) take action on assets to reduce risk and/or mitigate impact. Verve is the only tool on the market that combines detection with remediation in the same platform.
RESPONDRS.IMImprovementsOrganizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.YesVerve's technology-enabled vulnerability assessment identifies potential gaps and provides an accurate view of the potential risks in each environment. This coupled with our HIDS and the analysis/data from those events are key contributors to learning from an event.
RECOVERRC.RPRecovery PlanningRecovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cyber security incidents.Platform supports the practiceVerve helps clients design and monitor backup/recovery mechanisms. From identifying high impact (high priority) assets to monitoring third party tools for backup success/fail, we provide significant insight into the creation and execution of a robust backup/recovery program.
RECOVERRC.IMImprovementsRecovery planning and processes are improved by incorporating lessons learned into future activities.YesVerve's tracking and monitoring capabilities help our clients learn with real data and context to continually improve their program and the actions it requires.
RECOVERRC.COCommunicationsRestoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).Platform supports the practiceVerve's status tracking before, during and after an event provide detailed insight into system status, health, configuration, etc.

 

Download the PDF version here.

Related Resources

Whitepaper

5 Steps to Greater Security Maturity with NIST CSF

This guide and the accompanying case study provide a roadmap to using the CSF to drive greater cybersecurity maturity in control systems.

Learn More
Webinar

Designing the Right OT Governance Structure & Approach

Align IT and OT security initiatives to make progress against a chosen standard for an efficient and effective cyber security program.

Learn More
Case Study

Achieving NIST CSF Maturity with Verve Security Center

This NIST CSF case study provides one example of a customer’s journey to greater security maturity with the Verve Security Center and VIP Services.

Learn More

See Verve in Action

Ready to see the Verve Security Center in action? Contact us today.

Contact Us