NIST Cybersecurity Framework
Improve cybersecurity for
The NIST Cybersecurity Framework provides a voluntary set of guidelines for managing and reducing cybersecurity risk. Organizations across many industries and countries are now using the Framework as a basis for risk management discussions and decision-making.
TITUS solutions help organizations align with the Identify, Detect, and Respond functions of the Framework, as described below.
Identify: Access management
Asset Management (ID.AM):
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-3: Organizational communication and data flows are mapped.
TITUS solutions monitor user handling of email and documents, producing log files that can be used to track data flows and communication. TITUS solutions can also provide a data inventory of files stored on-premise and in the cloud.
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value.
With support for automated, system-suggested, and user-driven classification, TITUS solutions enable organizations to identify the sensitivity and business value of unstructured data.
Protect: Data security
Data Security (PR.DS):
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-1: Data-at-rest is protected.
TITUS solutions identify the sensitivity and value of unstructured data-at-rest and apply information protection policies to that data, such as encryption.
PR.DS-2: Data-in-transit is protected.
TITUS solutions for Outlook and mobile devices provide protection for email data-in-transit. TITUS also has various solutions to protect files and documents as they are moved to new locations, including the cloud.
PR.DS-5: Protections against data leaks are implemented.
TITUS provides multiple levels of protection, from interactive policy warnings and security education to encryption and policy enforcement.
Detect: Anomalies and events
Anomalies and Events (DE.AE):
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
DE.AE-3: Event data are aggregated and correlated from multiple sources and sensors.
As users work with email, documents, and files, TITUS logs user activity and sends the information to a central server, such as a syslog server, McAfee ePO, or a TITUS-defined reporting database.
DE.AE-5: Incident alert thresholds are established.
TITUS log events are categorized at different severity levels. In addition, each event has a unique ID that can be leveraged for more fine-grained alert threshold management.
Analysis is conducted to ensure adequate response and support recovery activities.
RS.AN-3: Forensics are performed.
As users work with email, documents, and files, TITUS logs meaningful activities for detailed reporting, analytics, and threat detection.
RS.AN-4: Incidents are categorized consistent with response plans.
TITUS events are categorized at different severity levels, and events can be correlated to specific response plans through reporting and analytics.