NIST CSF Function PR
The Protect (PR) Function is the primary defensive pillar of the NIST Cybersecurity Framework (CSF) 2.0, operating as the “safeguard” engine since its inception to provide a unified technical response to identified cyber risks. The PR Function supports both infrastructure teams and data owners by offering a suite of proactive controls, such as identity management and encryption, to reduce the likelihood and impact of adverse events and to help make the organization the safest place for business-critical services to operate. Acting as the framework’s “armor,” the PR Function monitors access attempts, issues requirements for security awareness training, coordinates with the Identify function to ensure the most critical assets receive the strongest protections, and serves as the single point of mitigation before an incident occurs, ensuring a coordinated and resilient technical approach to cybersecurity.
The OWASP Application Security Verification Standard (ASVS) is a comprehensive framework that defines security requirements for designing, developing, and testing web applications and APIs. It is organized into 14 chapters,… Read More »OWASP Application Security Verification Standard (ASVS) 5.0 ★★★★★
The ANSSI document “Building Trust in AI Through a Cyber Risk-Based Approach” provides a comprehensive analysis of the cybersecurity risks associated with AI systems and advocates for a risk-based strategy… Read More »ANSSI Building Trust in AI Through a Cyber Risk-Based Approach
BSI TR-02102-2 provides specific technical recommendations for the secure use of the Transport Layer Security (TLS) protocol to protect data in transit across networks. It serves as a detailed configuration… Read More »BSI TR-02102-2: Use of Transport Layer Security (TLS)
The OWASP Top 10 for Large Language Model (LLM) Applications is a community-driven list identifying the most critical security risks specific to LLMs and generative AI systems. It highlights vulnerabilities… Read More »OWASP Top 10 for Large Language Model Applications
The EU Cyber Resilience Act (CRA) is a regulation aimed at enhancing cybersecurity for hardware and software products with digital elements placed on the EU market. It establishes mandatory cybersecurity… Read More »EU Regulation 2019/1020 Cyber Resilience Act (CRA)
CMMC 2.0 is a Department of Defense (DoD) framework designed to unify cybersecurity standards across the Defense Industrial Base (DIB) to protect sensitive unclassified information. It streamlines the previous version… Read More »US Cybersecurity Maturity Model Certification (CMMC) 2.0
ANSSI recommends isolating each phase of the generative AI system lifecycle (training, deployment, production) using network segmentation, dedicated hardware, and strict access controls to prevent data leakage and unauthorized access. Secure… Read More »ANSSI Security Recommendations for a Generative AI System
NIST SP 800-172 is a supplementary publication to NIST SP 800-171 that provides 35 enhanced security requirements designed to protect controlled unclassified information (CUI) on non-federal systems, especially when related… Read More »NIST SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
NIST SP 800-171 is a set of cybersecurity standards developed by the National Institute of Standards and Technology (NIST) to protect Controlled Unclassified Information (CUI) in nonfederal systems and organizations.… Read More »NIST SP 800-171 Rev. 3 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
Regulation (EU) 2024/1183 of the European Parliament and of the Council, adopted on 11 April 2024, amends Regulation (EU) No 910/2014 to establish the European Digital Identity Framework. Its core… Read More »EU Regulation 2024/1183 eIDAS v2 on Electronic Identification