NIST CyberSecurity Framework 2.0
Leverage these Augmentt features to facilitate your journey towards NIST CSF 2.0.
NIST CSF 2.0 Requirement | Solution implementation |
ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained. | Deploy Augmentt Discover to discover all SaaS systems in use by the company. Configure Discover reports to be notified of new apps discovered. |
ID.RA-03: Internal and external threats to the organization are identified and recorded.
| Augmentt Alerts will monitor and record threats against M365. |
PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization (formerly PR.AC-01) | Onboard, offboard and manage users via Engage. Monitor for threats via Alerts. Augmentt’s Block Legacy Authentication posture ensures that legacy authentication is monitored and disabled. |
PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions (formerly PR.AC-06) | Augmentt’s MFA posture audit, configuration monitoring and reports ensure that users are properly identified when accessing M365 infrastructure. |
PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions (formerly PR.AC-06) | Augmentt’s Block Legacy Authentication & Modern Authentication for Exchange/Outlook help assess gaps that allow legacy authentication. |
PR.AA-03: Users, services, and hardware are authenticated (formerly PR.AC-03, PR.AC-07) | Augmentt Alerts monitor device compliance, sign-risks, user creations, etc. |
PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties (formerly PR.AC-01, PR.AC-03, PR.AC-04) | Manage user access permissions via Engage by adding users to Groups and Security Groups. Monitor least privilege, access permissions and entitlements with Augmentt’s Alerts
Guest user access should be restricted and ensure they have limited access and are required to use MFA. |
PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk (formerly PR.AC-02, PR.PT-04) | Augmentt’s alerts can help identify and remediate risky users by blocking and signing them out of the environment. |
ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded (formerly ID.RA-01, PR.IP-12, DE.CM-08) | MFA registration should periodically be reviewed to ensure that there are no gaps or misconfigurations of deployment. Augmentt’s MFA report and drift monitoring assist in ensuring MFA registration and usage. Augmentt’s postures are mapped to Secure Scores, identifying recommendations.
Deploy Augmentt Discover to identify Shadow IT and identify risks posed to the organization. |
ID.AM-03: Representations of the organization’s authorized network communication and internal and external network data flows are maintained (formerly ID.AM-03, DE.AE-01) | Augmentt alerts ensure that visibility is available over access controls for users, devices and applications. |
ID.AM-08: Systems, hardware, software, and services are managed throughout their life cycle (formerly PR.DS-03, PR.IP-02, PR.MA-01, PR.MA-02 | Use Augmentt Engage to ensure consistent onboarding and offboarding of users with best practices. |
PR.DS-02: The confidentiality, integrity, and availability of data-intransit are protected (formerly PR.DS02, PR.DS-05) | Monitor Sharepoint External and Guest sharing. Augmentt alerts notify you of external file sharing. |
PR.DS-11: Backups of data are created, protected, maintained, and tested (formerly PR.IP-04) | Our cloud backup partner will help you meet this requirement to backup your M365 and other SaaS data |
PR.PS-01: Configuration management practices are applied (formerly PR.IP-01, PR.IP-03, PR.PT-02, PR.PT-03) | Augmentt’s automatic forwarding rule posture and Alert monitoring prevents bad actors from using client-side forwarding rules to exfiltrate data to external recipients. |
PR.PS-04: Log records are generated and made available for continuous monitoring (formerly PR.PT-01) | Augmentt Alerts are integrated into Purview and Audit Logs to provide continuous monitoring and threat detection. Enable Unified Audit Log and Mailbox Auditing posture. |
PR.PS-05: Installation and execution of unauthorized software are prevented | Augmentt Alerts will notify of installed applications allowing review of unauthorized software installation. |
PR.IR-01: Networks and environments are protected from unauthorized logical access and usage (formerly PR.AC-03, PR.AC-05, PR.DS-07, PR.PT-04) | Augmentt Connected Apps & User Consent posture ensures that only authorized users have access to integrate 3rd party applications.
Team Default options ensure that the environment is protected from unauthorized guest access. |
DE.AE-02: Potentially adverse events are analyzed to better understand associated activities | Augmentt’s alerts identify and notify of potentially adverse events |
DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events (formerly DE.CM-03, DE.CM-07) | Enable external sender tag using Augmentt’s Security Posture. Seeing this message can help users identify email messages that might be spoofed and mark them as malicious.
|
DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events (formerly PR.DS-06, PR.DS-08, DE.CM-04, DE.CM-05, DE.CM-07) | Augmentt’s alerts monitor against phishing, malicious links and other adverse events. Enable Safe Attachments posture. |
R.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected (formerly PR.DS02, PR.DS-05) | Augmentt’s alerts help monitor for data loss prevention. |
RS.MA-02: Incident reports are triaged and validated (formerly RS.AN01, RS.AN-02) | Augmentt’s alerts should be monitored and reviewed by the security team. |