Skip to main content
Security effectiveness

Security Frameworks and Compliance Initiatives

A proactive approach to meeting requirements with the CyCognito platform.

The platform preempts attacks and helps satisfy key elements of most common security frameworks and many regulatory compliance standards. The CyCognito platform achieves this by discovering and testing your entire attack surface, prioritizing what needs to be fixed first, and automatically validating remediation.

SECURITY FRAMEWORKS

MITRE ATT&CK

LOGO-mitre-attack

See an interactive mapping of CyCognito’s capabilities to the MITRE ATT&CK framework.


The CyCognito platform helps you address tactics in the MITRE ATT&CK framework, a free and open knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. While the majority of the ATT&CK framework is geared to providing insight into detecting attackers in real-time during an attack, its Reconnaissance and Resource Development tactics are focused on attacker preparation. The CyCognito platform preempts attacks by addressing these two tactics. The platform also offers some support for the later ATT&CK tactics such as Initial Access, Execution, Persistence, Privilege Elevation, Defense Evasion, Credential Access, Discovery, Lateral Movement, and Collection.

NIST Cybersecurity Framework

The CyCognito platform helps organizations follow this standard by mapping closely to the Identify and Protect functions of the NIST Framework, and contributing to Detect, Respond and Recover functions.

The National Institute of Standards and Technology (NIST) Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications among both internal and external organizational stakeholders.

The table to the right shows shows where the CyCognito platform contributes to the NIST CyberSecurity Framework.

ORANGE = CyCognito maps significantly to the category
YELLOW = CyCognito offers a complementary, incidental, or ancillary mapping

The NIST Risk Management Framework (RMF), also known as special publication (SP) 800-53, provides a list of controls that support the development of secure and resilient federal information systems. NIST SP 800-53 rev. 5.1/800-53B is the latest version, containing 20 control families, each with multiple controls divided into low, medium and high priority.

The CyCognito platform aligns partially or substantially to 10 of the 20 control families as applied to externally facing assets. To learn more about how CyCognito aligns with NIST 800-53, download the datasheet here.

International Organization for Standardization ISO/IEC 27000 Series

The CyCognito platform contributes to addressing ISO 27001:2013 sections “6.1.2 Information Security Risk Assessment,” “9.1 Monitoring, Measurement, Analysis and Evaluation” and “10.1 Noncomformity and Corrective Action.” Of the 14 Categories in the Annex A controls, the CyCognito platform contributes significantly to three; A.8 Asset Management, A.12 Operations Security, and A.13 Communications Security.

One of the most widely known security standards, ISO/IEC 27000 series is a mature international framework focused on information security. Developed by the International Organization for Standardization (ISO), it is the cybersecurity equivalent of the ISO 9000 quality standards for manufacturers and operational excellence. It’s very comprehensive and broad, and can be used across a wide range of types and sizes of businesses.

Center for Internet Security Critical

Security Controls (CIS CSC)

The security controls give pragmatic, actionable recommendations for cyber security. The CyCognito platform maps to 14 of the CIS controls at least partially and provides extensive coverage around inventory of assets, vulnerability and penetration testing, and security of ports and services.

The table to the right shows broadly where the CyCognito platform contributes to the CIS CSC v7.0.

ORANGE = CyCognito maps significantly to the category
YELLOW = CyCognito offers a complementary, incidental, or ancillary mapping

The CIS guidelines consist of 20 key actions, called critical security controls (CSC), that organizations should implement to block or mitigate known attacks. The controls are designed so that primarily automated methods can be used to implement, enforce and monitor them.

Watch this short demo to see how the CyCognito platform identifies attack vectors that might go undetected by other security solutions.
Case Study

Scientific Games

"With the CyCognito platform we have greatly improved our attack surface visibility and enhanced our attack surface management workflows. The platform helps us operate smoothly and provides reduced risk, reduced complexity and increased visibility."

-Kevin Kealy Global CISO Scientific Games

NIST Special Publication 800-53

The CyCognito platform maps partially or substantially to 11 of the 19 NIST control families including: Risk Assessment, Assessment, Supply Chain Risk Management, Configuration Management, Communications Protection, Access Controls, Audit and Accountability, Authorization and Monitoring, Identification and Authentication, Incident Response, and PII Processing and Transparency.

The NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations is a US standard publication that provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks.

Start Eliminating Your Shadow Risks

CyCognito is solving one of the most fundamental business problems in cybersecurity: the need to understand how attackers view your organization, where they are most likely to break in, and how you can efficiently analyze, monitor and eliminate that risk.