The Framework Mapper tool allows an assessment to be mapped to industry-accepted frameworks, as well as MITRE ATT&CK scenarios. See below for the latest full list.
Upon sharing your CyberGRX assessment in response to a Customer request for a questionnaire, the Framework Mapper allows the recipient to translate the CGRX assessment to several industry frameworks such as GDPR, CCPA, NIST 800/CSF, HIPAA, etc. This means customers are more likely to accept an assessment that conveniently fits the frameworks that they are accustomed to.
How to Use
1. Navigate to the assessment Results tab and scroll to the Framework Mapper. Select which framework you wish to map to and an excel will be downloaded.
The mapped file will include the CGRX results side by side with the chosen framework. If a particular item could not be properly mapped, it will be noted in the document.
2. Click through to the MITRE ATT&CK article for more information on how to utilize the Framework Mapper tool to review your own security controls and gain visibility into gaps.
Full List of Available Frameworks and Attack Scenarios
Australian Cyber Security Centre - Essential 8 Maturity Model Australian Energy Sector Cyber Security Framework (AESCSF) Australian Government Information Security Manual (ISM) Australian Prudential Regulation Authority (APRA) CPS 234 Australian Signals Directorate 37 (ASD 37) CISA's "Bad Practices" CMMC Level 5 CSA-CCM California Consumer Privacy Act (CCPA) Consensus Assessments Initiative Questionnaire (CAIQ) Lite Cybersecurity Maturity Model Certification (CMMC) Level 1 Cybersecurity Maturity Model Certification (CMMC) Level 2 Cybersecurity Maturity Model Certification (CMMC) Level 3 Cybersecurity Maturity Model Certification (CMMC) Level 5 General Data Protection Regulation (GDPR) Group Profile - Known Lapsus$ Extortion Techniques Health Insurance Portability and Accountability Act (HIPAA): The Security Rule Insurance Data Security Law LogJam - CVE-2021-44228 MITRE Full Technique List v11 NERC Critical Infrastructure Protection (CIP) NIST 800-171 NIST 800.53 NYDFS Cybersecurity Regulation (23 NYCRR 500) National Institute of Standards and Technology - Cybersecurity Framework (NIST CSF) National Institute of Standards and Technology 800.53 Revision 5 Payment Card Industry (PCI) Data Security Standard (DSS) REvil Ransomware - Kaseya Supply Chain Attack Ransomware Threat Profile Threat Profile - MedusaLocker Threat Profile - Online/Retail PoS Fraud - Point-of-Sale Card-Not-Present Threat Profile - Russian Destructive Malware_v2 Threat Profile: Accellion File Transfer Application Breach Threat Profile: CodeCov Breach Threat Profile: Hafnium Exchange Server Breach Threat Profile: LockBit 2.0 Threat Profile: Russian State-Sponsored Techniques and Tactics Threat Profile: SolarGate Breach
Please note: Framework Mapping is only available for authorized and released Tier 1 or Tier 2 reports.
Please sign in to leave a comment.