Asset Management
Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
Asset Management The organization retains control over a system of devices, which undergoes reconciliation at intervals defined by the organization. | BloodHound Enterprise provides a comprehensive inventory of Active Directory and Azure assets through automated scans of the environment. | ID.AM-1 ID.AM-2 ID.AM-5 PR.IP-1 | ID.AM-01 ID.AM-02 ID.AM-05 | 3.1.1 3.4.1 | CM-8 CP-2 PM-5 RA-2 |
Risk Assessment
Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
Risk Assessment The organization employs mechanisms to understand the cybersecurity risk to operations, assets, and individuals. | BloodHound Enterprise’s attack path analysis and risk scoring help to satisfy this control. | ID.RA-1 ID.RA-3 ID.RA-5 | ID.RA-01 ID.RA-03 ID.RA-05 | 3.11.1 3.11.2 3.11.3 3.12.1 3.12.2 3.12.3 3.14.1 3.14.2 | CA-2 CA-7 CA-8 RA-3 RA-5 SA-5 SA-11 SI-2 SI-4 |
Configuration Management
Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
Configuration Management The organization employs proactive mechanisms to detect deviations from baseline configurations within production environments. | Analysis of Active Directory/Azure Identities audits user and object permissions for deviations from established access and identity baselines | PR.AC-4 PR.IP-1 DE.AE-1 | PR.PS-01 | 3.1.1 3.1.2 3.1.5 3.1.6 3.1.7 3.4.5 3.4.6 | AC-2 AC-3 IA-1 IA-2 IA-4 IA-8 |
Detection
Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
Detection The organization employs mechanisms within the environment that continuously monitor for anomalies and events. | Identity Attack Path vectors are assigned a severity rating in BloodHound Enterprise when detected during routine and on-demand scans | DE.AE-2 DE.AE-4 DE.AE-5 DE.CM-1 DE.CM-8 | DE.AE-02 DE.AE-04 DE.AE-08 | 3.3.1 3.3.2 3.3.5 | CA-3 CM-2 |
Respond
Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
Respond Activities are performed to ensure effective response, support recovery activities, and mitigating steps are taken to prevent the expansion of an incident. | BloodHound Enterprise detects and reports identified attack paths with a quantifiable risk metric and inventory of all impacted systems. Relevant remediation and mitigation documentation provided during analysis may help to satisfy this control. | RS.AN-1 RS.AN-2 RS.MI-2 | RS.MI-02 | 3.3.1 3.3.2 3.3.5 3.6.1 3.6.2 | CA-7 IR-5 |