8.4. NIST CSF Mapping#
FlareInspect maps findings to NIST Cybersecurity Framework controls.
8.4.1. Usage#
flareinspect assess --token $TOKEN --compliance nist
8.4.2. Control Mapping#
Identify (ID)
NIST Control |
Check IDs |
|---|---|
ID.RA-1 |
CFL-SEC-001/002, CFL-ASM-001/002, CFL-INSIGHT-001/002 |
Protect (PR)
NIST Control |
Check IDs |
|---|---|
PR.AC-1 |
CFL-ACC-002, CFL-ZT-001, CFL-ZT-006 |
PR.AC-3 |
CFL-ZT-003, CFL-DEVICE-001 |
PR.AC-4 |
CFL-ACC-003, CFL-ZT-002 |
PR.AC-5 |
CFL-ZT-004, CFL-TUNNEL-001 |
PR.AC-7 |
CFL-ACC-001, CFL-ACC-005 |
PR.DS-5 |
CFL-SSL-001–005, CFL-DNS-001, CFL-MTLS-001, CFL-INSIGHT-002, CFL-DLP-001, CFL-PAGESHIELD-001, CFL-CDA-001, CFL-CH-001, CFL-AIGW-001 |
PR.IP-1 |
CFL-WAF-001–005, CFL-API-001/002, CFL-WORK-001/002, CFL-PAGE-001/002, CFL-TXRULE-001 |
Detect (DE)
NIST Control |
Check IDs |
|---|---|
DE.CM-1 |
CFL-ACC-004, CFL-LOG-001, CFL-INSIGHT-003 |
DE.CM-8 |
CFL-ASM-001, CFL-INSIGHT-001/002/004 |
Respond (RS) and Recover (RC)
NIST RS and RC controls are primarily procedural and are not directly mapped to technical checks. FlareInspect findings that support incident response include audit log availability and Logpush configuration.