{"id":736,"date":"2021-05-15T23:56:18","date_gmt":"2021-05-15T23:56:18","guid":{"rendered":"https:\/\/smartnet.ua\/?p=736"},"modified":"2021-06-22T12:55:10","modified_gmt":"2021-06-22T12:55:10","slug":"practical-considerations-on-cybersecurity-framework-checklist","status":"publish","type":"post","link":"https:\/\/smartnet.ua\/en\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/","title":{"rendered":"Practical considerations on Cybersecurity framework checklist"},"content":{"rendered":"

Cybersecurity is broadly defined as the protection of\u00a0 organisation information from compromise through the use\u2014in whole or in part\u2014of information technology. Compromise refers to a loss of data confidentiality, integrity or availability.<\/p>\n

This checklist is needed to assist small to medium organizations with limited resources to establish a cybersecurity program to identify and assess cybersecurity threats, protect assets from cyber intrusions, detect when their systems and assets have been compromised, plan for the response when a compromise occurs and implement a plan to recover lost, stolen or unavailable assets. This checklist is primarily derived from the National Institute of Standards and Technology (NIST) Cybersecurity Framework.<\/p>\n

The NIST Cybersecurity Framework consists of a Framework Core, Profiles, and Implementation Tiers. We\u2019ll explore the Core and its five key components – Identify, Protect, Detect, Respond, and Recover – in greater detail. Part of the exploration is a simple
\nassessment tool that will allow you to pinpoint the degree to which you are prepared, or not, to mount an aggressive cyber defence.<\/p>\n

Overview of the NIST Cybersecurity Framework – The Core<\/strong><\/h3>\n\n\n\n\n\n\n\n\n
FRAMEWORK CORE<\/strong><\/td>\nOBJECTIVE<\/strong><\/td>\nASSOCIATED CATEGORIES<\/strong><\/td>\n<\/tr>\n
Identify<\/td>\nSecure a comprehensive
\nunderstanding of your organization\u2019s
\nrisk environment and risk
\nmanagement assets – both available
\nand needed<\/td>\n		\u2022 Asset Management
\n\u2022 Business Environment
\n\u2022 Governance
\n\u2022 Risk Assessment
\n\u2022 Risk Management Strategy
\n\u2022 Supply Chain Risk Management<\/td>\n<\/tr>\n
Protect<\/td>\nDevelop and implement critical
\ninfrastructure to limit or contain the
\nimpact of a potential cybersecurity
\nevent.<\/td>\n		\u2022 Identity Management and Access
\nControl
\n\u2022 Awareness and Training;
\n\u2022 Data Security
\n\u2022 Information Protection Processes
\nand Procedures
\n\u2022 Maintenance
\n\u2022 Protective Technology<\/td>\n<\/tr>\n
Detect<\/td>\nDevelopment and implementation of
\nactivities for recognizing the when a
\ncybersecurity event occurs.<\/td>\n		\u2022 Anomalies and Events
\n\u2022 Security Continuous Monitoring
\n\u2022 Detection Processes<\/td>\n<\/tr>\n
Respond<\/td>\nDevelopment and implementation
\nof a response plan including
\nidentification of appropriate actions
\nfor responding to a detected
\ncybersecurity incident.<\/td>\n		\u2022 Response Planning
\n\u2022 Communications
\n\u2022 Analysis
\n\u2022 Mitigation
\n\u2022 Improvements<\/td>\n<\/tr>\n
Recover<\/td>\nDevelopment and implementation of
\nplans for restoring any capabilities or
\nservices that were impaired due to a
\ncybersecurity event.<\/td>\n		\u2022 Recovery Planning
\n\u2022 Improvements
\n\u2022 Communications<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Function: IDENTIFY<\/h3>\n\n\n\n\n\n\n\n\n\n
CATEGORY<\/strong><\/td>\nSUBCATEGORY<\/strong><\/td>\nASSESSMENT<\/strong><\/td>\n<\/tr>\n
\n
Asset management<\/h5>\n

The data, personnel, devices,
\nsystems, and facilities that enable
\nthe organization to achieve business
\npurposes are identified and managed
\nconsistent with their relative
\nimportance to organizational objectives
\nand the organization\u2019s risk strategy.<\/td>\n

\u2022 Physical devices and systems within the organization are inventoried
\n\u2022 Software platforms and applications within the organization are inventoried
\n\u2022 Organizational communication and data flows are mapped
\n\u2022 External information systems are catalogued
\n\u2022 Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value
\n\u2022 Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Business environment<\/h5>\n

The organization\u2019s mission, objectives,
\nstakeholders, and activities are understood and prioritized;
\nthis information is used to inform cybersecurity roles, responsibilities, and risk management decisions.<\/td>\n

\u2022 The organization\u2019s role in the supply chain is identified and communicated
\n\u2022 The organization\u2019s place in critical infrastructure and its industry sector is identified and communicated
\n\u2022 Priorities for organizational mission, objectives, and activities are established and communicated
\n\u2022 Dependencies and critical functions for delivery of critical services are established
\n\u2022 Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress\/attack, during recovery, normal operations)<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Governance<\/h5>\n

The policies, procedures, and processes to manage and monitor the organization\u2019s regulatory,
\nlegal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.<\/td>\n

\u2022 Organizational cybersecurity policy is established and communicated
\n\u2022 Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
\n\u2022 Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
\n\u2022 Governance and risk management processes address cybersecurity risks<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Risk Assessment<\/h5>\n

The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.<\/td>\n

\u2022 Asset vulnerabilities are identified and documented
\n\u2022 Cyber threat intelligence is received from information sharing forums and sources
\n\u2022 Threats, both internal and external, are identified and documented
\n\u2022 Potential business impacts and likelihoods are identified
\n\u2022 Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
\n\u2022 Risk responses are identified and prioritized<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Risk Management Strategy<\/h5>\n

The organization\u2019s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.<\/td>\n

\u2022 Risk management processes are established, managed, and agreed to by organizational stakeholders
\n\u2022 Organizational risk tolerance is determined and clearly expressed
\n\u2022 The organization\u2019s determination of risk tolerance is informed by its role in critical infrastructure and sector-specific risk analysis<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Supply Chain
\nRisk Management<\/h5>\n

The organization\u2019s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.<\/td>\n

\u2022 Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders
\n\u2022 Suppliers and third-party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process
\n\u2022 Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization\u2019s cybersecurity program and Cyber Supply Chain Risk Management Plan
\n\u2022 Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations
\n\u2022 Response and recovery planning and testing are conducted with suppliers and third-party providers<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Function: PROTECT<\/h3>\n\n\n\n\n\n\n\n\n\n
CATEGORY<\/strong><\/td>\nSUBCATEGORY<\/strong><\/td>\nASSESSMENT<\/strong><\/td>\n<\/tr>\n
\n
Identity Management, Authentication and Access Control<\/h5>\n

Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.<\/td>\n

\u2022 Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
\n\u2022 Physical access to assets is managed and protected
\n\u2022 Remote access is managed
\n\u2022 Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
\n\u2022 Network integrity is protected (e.g., network segregation, network segmentation)
\n\u2022 Identities are proofed and bound to credentials and asserted in interactions
\n\u2022 Users, devices, and other assets are authenticated (e.g., single-factor, multifactor) commensurate with the risk of the transaction (e.g., individuals\u2019 security and privacy risks and other organizational risks)<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Awareness and Training<\/h5>\n

The organization\u2019s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity related duties and responsibilities consistent with related policies, procedures, and agreements.<\/td>\n

\u2022All users are informed and trained
\n\u2022Privileged users understand their roles and responsibilities
\n\u2022Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities
\n\u2022Senior executives understand their roles and responsibilities
\n\u2022Physical and cybersecurity personnel understand their roles and responsibilities<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Data Security<\/h5>\n

Information and records (data) are managed consistent with the organization\u2019s risk strategy to protect the confidentiality, integrity, and availability of information.<\/td>\n

\u2022 Data-at-rest is protected
\n\u2022 Data-in-transit is protected
\n\u2022 Assets are formally managed throughout removal, transfers, and disposition
\n\u2022 Adequate capacity to ensure availability is maintained
\n\u2022 Protections against data leaks are implemented
\n\u2022 Integrity checking mechanisms are used to verify software, firmware, and information integrity
\n\u2022 The development and testing environment(s) are separate from the production environment
\n\u2022 Integrity checking mechanisms are used to verify hardware integrity<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Information protection and procedures<\/h5>\n

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.<\/td>\n

\u2022 A baseline configuration of information technology\/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)
\n\u2022 A System Development Life Cycle to manage systems is implemented
\n\u2022 Configuration change control processes are in place
\n\u2022 Backups of information are conducted, maintained, and tested
\n\u2022 Policy and regulations regarding the physical operating environment for organizational assets are met
\n\u2022 Data is destroyed according to policy
\n\u2022 Protection processes are improved
\n\u2022 Effectiveness of protection technologies is shared
\n\u2022 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
\n\u2022 Response and recovery plans are tested
\n\u2022 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
\n\u2022 A vulnerability management plan is developed and implemented<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Maintenance<\/h5>\n

Maintenance and repairs of industrial control and information system components are performed consistent with policies and procedures.<\/td>\n

\u2022 Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools
\n\u2022 Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Protective Technology<\/h5>\n

Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.<\/td>\n

\u2022 Audit\/log records are determined, documented, implemented, and reviewed in accordance with policy
\n\u2022 Removable media is protected, and its use restricted according to policy
\n\u2022 The principle of least functionality is incorporated by configuring systems to provide only essential capabilities
\n\u2022 Communications and control networks are protected
\n\u2022 Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Function: DETECT<\/h3>\n

 <\/p>\n\n\n\n\n\n\n
CATEGORY<\/strong><\/td>\nSUBCATEGORY<\/strong><\/td>\nASSESSMENT<\/strong><\/td>\n<\/tr>\n
\n
Anomalies and events<\/h5>\n

Anomalous activity is detected, and the potential impact of events is understood.<\/td>\n

\u2022 A baseline of network operations and expected data flows for users and systems is established and managed
\n\u2022 Detected events are analyzed to understand attack targets and methods
\n\u2022 Event data are collected and correlated from multiple sources and sensors
\n\u2022 Impact of events is determined
\n\u2022 Incident alert thresholds are established<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Security continuous monitoring<\/h5>\n

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.<\/td>\n

\u2022The network is monitored to detect potential cybersecurity events
\n\u2022The physical environment is monitored to detect potential cybersecurity events
\n\u2022Personnel activity is monitored to detect potential cybersecurity events
\n\u2022Malicious code is detected
\n\u2022Unauthorized mobile code is detected
\n\u2022External service provider activity is monitored to detect potential cybersecurity events
\n\u2022Monitoring for unauthorized personnel, connections, devices, and software is performed
\n\u2022Vulnerability scans are performed<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Detection Process<\/h5>\n

Detection processes and procedures are maintained and tested to ensure awareness of anomalous events.<\/td>\n

\u2022Roles and responsibilities for detection are well defined to ensure accountability
\n\u2022Detection activities comply with all applicable requirements
\n\u2022Detection processes are tested
\n\u2022Event detection information is communicated
\n\u2022Detection processes are continuously improved<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Function: RESPOND<\/h3>\n\n\n\n\n\n\n
CATEGORY<\/strong><\/td>\nSUBCATEGORY<\/strong><\/td>\nASSESSMENT<\/strong><\/td>\n<\/tr>\n
\n
Response Planning<\/h5>\n

Response processes and procedures are executed and maintained, to ensure response to detected cybersecurity incidents.<\/td>\n

\u2022 Response plan is executed during or after an incident<\/td>\nYes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Communications<\/h5>\n

Response activities are coordinated with internal and external stakeholders (e.g. external support from law enforcement agencies<\/td>\n

\u2022 Personnel know their roles and order of operations when a response is needed
\n\u2022 Incidents are reported consistent with established criteria
\n\u2022 Information is shared consistent with response plans
\n\u2022 Coordination with stakeholders occurs consistent with response plans
\n\u2022 Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n
\n
Analysis<\/h5>\n

Analysis is conducted to ensure effective response and support recovery activities.<\/td>\n

\u2022Notifications from detection systems are investigated
\n\u2022The impact of the incident is understood
\n\u2022Forensics are performed
\n\u2022Incidents are categorized consistent with response plans
\n\u2022Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)<\/td>\n		Yes
\nNo
\nIn development
\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Cybersecurity is broadly defined as the protection of\u00a0 organisation information from compromise through the use\u2014in whole or in part\u2014of information […]<\/p>\n","protected":false},"author":8,"featured_media":766,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[],"tags":[],"class_list":["post-736","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"\nPractical considerations on Cybersecurity framework checklist - Smartnet<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Practical considerations on Cybersecurity framework checklist - Smartnet\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity is broadly defined as the protection of\u00a0 organisation information from compromise through the use\u2014in whole or in part\u2014of information […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/\" \/>\n<meta property=\"og:site_name\" content=\"Smartnet\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-15T23:56:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-22T12:55:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png\" \/>\n\t<meta property=\"og:image:width\" content=\"480\" \/>\n\t<meta property=\"og:image:height\" content=\"449\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Andrey Loginov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrey Loginov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/\"},\"author\":{\"name\":\"Andrey Loginov\",\"@id\":\"https:\/\/smartnet.ua\/#\/schema\/person\/d437d291345752c4a3afd958605b02cd\"},\"headline\":\"Practical considerations on Cybersecurity framework checklist\",\"datePublished\":\"2021-05-15T23:56:18+00:00\",\"dateModified\":\"2021-06-22T12:55:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/\"},\"wordCount\":1952,\"publisher\":{\"@id\":\"https:\/\/smartnet.ua\/#organization\"},\"image\":{\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/\",\"url\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/\",\"name\":\"Practical considerations on Cybersecurity framework checklist - Smartnet\",\"isPartOf\":{\"@id\":\"https:\/\/smartnet.ua\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png\",\"datePublished\":\"2021-05-15T23:56:18+00:00\",\"dateModified\":\"2021-06-22T12:55:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage\",\"url\":\"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png\",\"contentUrl\":\"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png\",\"width\":480,\"height\":449},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/smartnet.ua\/en\/network-security-solutions\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Practical considerations on Cybersecurity framework checklist\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/smartnet.ua\/#website\",\"url\":\"https:\/\/smartnet.ua\/\",\"name\":\"Smartnet\",\"description\":\"\u0420\u0456\u0448\u0435\u043d\u043d\u044f \u043c\u0435\u0440\u0435\u0436\u0435\u0432\u043e\u0457 \u0431\u0435\u0437\u043f\u0435\u043a\u0438\",\"publisher\":{\"@id\":\"https:\/\/smartnet.ua\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/smartnet.ua\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/smartnet.ua\/#organization\",\"name\":\"Smartnet\",\"url\":\"https:\/\/smartnet.ua\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/smartnet.ua\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/smartnet.ua\/wp-content\/uploads\/2026\/01\/logo.svg\",\"contentUrl\":\"https:\/\/smartnet.ua\/wp-content\/uploads\/2026\/01\/logo.svg\",\"width\":299,\"height\":157,\"caption\":\"Smartnet\"},\"image\":{\"@id\":\"https:\/\/smartnet.ua\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/smartnet.ua\/#\/schema\/person\/d437d291345752c4a3afd958605b02cd\",\"name\":\"Andrey Loginov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/smartnet.ua\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/efb6684cb69919b107eb6560d199e62dc0ea98e899836571d5e594f738ad5959?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/efb6684cb69919b107eb6560d199e62dc0ea98e899836571d5e594f738ad5959?s=96&d=mm&r=g\",\"caption\":\"Andrey Loginov\"},\"url\":\"https:\/\/smartnet.ua\/en\/blog\/author\/andrey\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Practical considerations on Cybersecurity framework checklist - Smartnet","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/","og_locale":"en_US","og_type":"article","og_title":"Practical considerations on Cybersecurity framework checklist - Smartnet","og_description":"Cybersecurity is broadly defined as the protection of\u00a0 organisation information from compromise through the use\u2014in whole or in part\u2014of information […]","og_url":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/","og_site_name":"Smartnet","article_published_time":"2021-05-15T23:56:18+00:00","article_modified_time":"2021-06-22T12:55:10+00:00","og_image":[{"width":480,"height":449,"url":"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png","type":"image\/png"}],"author":"Andrey Loginov","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Andrey Loginov","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#article","isPartOf":{"@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/"},"author":{"name":"Andrey Loginov","@id":"https:\/\/smartnet.ua\/#\/schema\/person\/d437d291345752c4a3afd958605b02cd"},"headline":"Practical considerations on Cybersecurity framework checklist","datePublished":"2021-05-15T23:56:18+00:00","dateModified":"2021-06-22T12:55:10+00:00","mainEntityOfPage":{"@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/"},"wordCount":1952,"publisher":{"@id":"https:\/\/smartnet.ua\/#organization"},"image":{"@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/","url":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/","name":"Practical considerations on Cybersecurity framework checklist - Smartnet","isPartOf":{"@id":"https:\/\/smartnet.ua\/#website"},"primaryImageOfPage":{"@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage"},"image":{"@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png","datePublished":"2021-05-15T23:56:18+00:00","dateModified":"2021-06-22T12:55:10+00:00","breadcrumb":{"@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#primaryimage","url":"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png","contentUrl":"https:\/\/smartnet.ua\/wp-content\/uploads\/2021\/05\/framework-01.png","width":480,"height":449},{"@type":"BreadcrumbList","@id":"https:\/\/smartnet.ua\/blog\/practical-considerations-on-cybersecurity-framework-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/smartnet.ua\/en\/network-security-solutions\/"},{"@type":"ListItem","position":2,"name":"Practical considerations on Cybersecurity framework checklist"}]},{"@type":"WebSite","@id":"https:\/\/smartnet.ua\/#website","url":"https:\/\/smartnet.ua\/","name":"Smartnet","description":"\u0420\u0456\u0448\u0435\u043d\u043d\u044f \u043c\u0435\u0440\u0435\u0436\u0435\u0432\u043e\u0457 \u0431\u0435\u0437\u043f\u0435\u043a\u0438","publisher":{"@id":"https:\/\/smartnet.ua\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/smartnet.ua\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/smartnet.ua\/#organization","name":"Smartnet","url":"https:\/\/smartnet.ua\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartnet.ua\/#\/schema\/logo\/image\/","url":"https:\/\/smartnet.ua\/wp-content\/uploads\/2026\/01\/logo.svg","contentUrl":"https:\/\/smartnet.ua\/wp-content\/uploads\/2026\/01\/logo.svg","width":299,"height":157,"caption":"Smartnet"},"image":{"@id":"https:\/\/smartnet.ua\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/smartnet.ua\/#\/schema\/person\/d437d291345752c4a3afd958605b02cd","name":"Andrey Loginov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartnet.ua\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/efb6684cb69919b107eb6560d199e62dc0ea98e899836571d5e594f738ad5959?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/efb6684cb69919b107eb6560d199e62dc0ea98e899836571d5e594f738ad5959?s=96&d=mm&r=g","caption":"Andrey Loginov"},"url":"https:\/\/smartnet.ua\/en\/blog\/author\/andrey\/"}]}},"_links":{"self":[{"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/posts\/736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":28,"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"predecessor-version":[{"id":823,"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/posts\/736\/revisions\/823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/media\/766"}],"wp:attachment":[{"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smartnet.ua\/en\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}