BloodHound Enterprise Compliance Framework
BloodHound Enterprise Compliance Framework Resource
BloodHound Enterprise aids numerous organizations in meeting their compliance requirements through our continuous monitoring of identity Attack Path exposure within their environments. We’re eager to support you and your auditors in gaining a deeper understanding of the inner workings of BloodHound Enterprise and how we can help you meet your compliance goals.
Below, you’ll find tables outlining various standard controls, detailing how BloodHound Enterprise supports these controls, and mapping them to relevant sections within the specific compliance frameworks.
Within each table, the specific controls can be expanded to learn how BloodHound Enterprise satisfies each particular control.
Asset Management
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Asset Management The organization retains control over a system of devices, which undergoes reconciliation at intervals defined by the organization. | BloodHound Enterprise provides a comprehensive inventory of Active Directory and Azure assets through automated scans of the environment. | ID.AM-1 ID.AM-2 ID.AM-5 PR.IP-1 | ID.AM-01 ID.AM-02 ID.AM-05 | 3.1.1 3.4.1 | CM-8 CP-2 PM-5 RA-2 |
Risk Assessment
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Risk Assessment The organization employs mechanisms to understand the cybersecurity risk to operations, assets, and individuals. | BloodHound Enterprise’s attack path analysis and risk scoring help to satisfy this control. | ID.RA-1 ID.RA-3 ID.RA-5 | ID.RA-01 ID.RA-03 ID.RA-05 | 3.11.1 3.11.2 3.11.3 3.12.1 3.12.2 3.12.3 3.14.1 3.14.2 | CA-2 CA-7 CA-8 RA-3 RA-5 SA-5 SA-11 SI-2 SI-4 |
Configuration Management
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Configuration Management The organization employs proactive mechanisms to detect deviations from baseline configurations within production environments. | Analysis of Active Directory/Azure Identities audits user and object permissions for deviations from established access and identity baselines | PR.AC-4 PR.IP-1 DE.AE-1 | PR.PS-01 | 3.1.1 3.1.2 3.1.5 3.1.6 3.1.7 3.4.5 3.4.6 | AC-2 AC-3 IA-1 IA-2 IA-4 IA-8 |
Detection
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Detection The organization employs mechanisms within the environment that continuously monitor for anomalies and events. | Identity Attack Path vectors are assigned a severity rating in BloodHound Enterprise when detected during routine and on-demand scans | DE.AE-2 DE.AE-4 DE.AE-5 DE.CM-1 DE.CM-8 | DE.AE-02 DE.AE-04 DE.AE-08 | 3.3.1 3.3.2 3.3.5 | CA-3 CM-2 |
Respond
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Respond Activities are performed to ensure effective response, support recovery activities, and mitigating steps are taken to prevent the expansion of an incident. | BloodHound Enterprise detects and reports identified attack paths with a quantifiable risk metric and inventory of all impacted systems. Relevant remediation and mitigation documentation provided during analysis may help to satisfy this control. | RS.AN-1 RS.AN-2 RS.MI-2 | RS.MI-02 | 3.3.1 3.3.2 3.3.5 3.6.1 3.6.2 | CA-7 IR-5 |