myctrl.tools
Compare

PM-16Threat Awareness Program

>Control Description

Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence.

>Control Enhancements(1)

PM-16(1)

>Cross-Framework Mappings

NIST CSF 2.0

via NIST CSF 2.0 Concept Crosswalk
DE.AE-03
Compare
DE.AE-06
Compare
DE.AE-07
Compare
ID.RA-02
Compare
ID.RA-03
Compare
ID.RA-05
Compare

SCF

THR-01
Compare

>Supplemental Guidance

Because of the constantly changing and increasing sophistication of adversaries, especially the advanced persistent threat (APT), it may be more likely that adversaries can successfully breach or compromise organizational systems. One of the best techniques to address this concern is for organizations to share threat information, including threat events (i.e., tactics, techniques, and procedures) that organizations have experienced, mitigations that organizations have found are effective against certain types of threats, and threat intelligence (i.e., indications and warnings about threats). Threat information sharing may be bilateral or multilateral.

Bilateral threat sharing includes government-to-commercial and government-to-government cooperatives. Multilateral threat sharing includes organizations taking part in threat-sharing consortia. Threat information may require special agreements and protection, or it may be freely shared.

>Related Controls

IR-4
PM-12

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for implementing threat awareness programs across the organization?
  • How does the organization ensure threat information is timely, relevant, and actionable?
  • Who is responsible for coordinating threat awareness activities?
  • How is threat awareness information disseminated to appropriate organizational personnel?
  • What governance exists for measuring the effectiveness of threat awareness programs?

Technical Implementation:

  • What threat intelligence platforms or feeds are utilized?
  • How is threat information disseminated to relevant personnel and systems?
  • What integration exists between threat awareness and detection/prevention tools?
  • How are threat indicators operationalized in security controls?

Evidence & Documentation:

  • Provide threat awareness program documentation.
  • Provide threat awareness communications distributed in the past quarter.
  • Provide evidence of threat information integration into security operations.
  • Provide metrics on threat awareness program effectiveness.

Ask AI

Configure your API key to use AI features.