NIST CSF Function PR
The Protect (PR) Function is the primary defensive pillar of the NIST Cybersecurity Framework (CSF) 2.0, operating as the “safeguard” engine since its inception to provide a unified technical response to identified cyber risks. The PR Function supports both infrastructure teams and data owners by offering a suite of proactive controls, such as identity management and encryption, to reduce the likelihood and impact of adverse events and to help make the organization the safest place for business-critical services to operate. Acting as the framework’s “armor,” the PR Function monitors access attempts, issues requirements for security awareness training, coordinates with the Identify function to ensure the most critical assets receive the strongest protections, and serves as the single point of mitigation before an incident occurs, ensuring a coordinated and resilient technical approach to cybersecurity.
The ANSSI document “Building Trust in AI Through a Cyber Risk-Based Approach” provides a comprehensive analysis of the cybersecurity risks associated with AI systems and advocates for a risk-based strategy… Read More »ANSSI Building Trust in AI Through a Cyber Risk-Based Approach
BSI TR-02102-2 provides specific technical recommendations for the secure use of the Transport Layer Security (TLS) protocol to protect data in transit across networks. It serves as a detailed configuration… Read More »BSI TR-02102-2: Use of Transport Layer Security (TLS)
The OWASP Top 10 for Large Language Model (LLM) Applications is a community-driven list identifying the most critical security risks specific to LLMs and generative AI systems. It highlights vulnerabilities… Read More »OWASP Top 10 for Large Language Model Applications
ANSSI recommends isolating each phase of the generative AI system lifecycle (training, deployment, production) using network segmentation, dedicated hardware, and strict access controls to prevent data leakage and unauthorized access. Secure… Read More »ANSSI Security Recommendations for a Generative AI System
NIST SP 800-172 is a supplementary publication to NIST SP 800-171 that provides 35 enhanced security requirements designed to protect controlled unclassified information (CUI) on non-federal systems, especially when related… Read More »NIST SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
NIST SP 800-171 is a set of cybersecurity standards developed by the National Institute of Standards and Technology (NIST) to protect Controlled Unclassified Information (CUI) in nonfederal systems and organizations.… Read More »NIST SP 800-171 Rev. 3 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
The OWASP LLM AI Cybersecurity & Governance Checklist provides organizations with a structured framework to manage the risks and responsibilities associated with deploying Large Language Models (LLMs). It covers 13… Read More »OWASP LLM Applications Cybersecurity and Governance Checklist v1.1
The CNIL Practice Guide for the Security of Personal Data (2024 edition) provides comprehensive guidance for organizations to implement appropriate technical and organizational measures to protect personal data in compliance… Read More »CNIL Practice Guide for the Security of Personal Data
NIST Special Publication 1800-28, titled “Data Confidentiality: Identifying and Protecting Assets Against Data Breaches,” provides a comprehensive guide to help organizations identify and protect their data assets from unauthorized access… Read More »NIST SP 1800-28 Data Confidentiality: Identifying and Protecting Assets Against Data Breaches
NIST Special Publication 1800-29, “Data Confidentiality: Detect, Respond to, and Recover from Data Breaches,” provides organizations with practical guidance on managing data confidentiality risks by focusing on the latter three… Read More »NIST SP 1800-29 Data Confidentiality: Detect, Respond to, and Recover from Data Breaches