matomo

Streamlining NIST CSF v2.0 Compliance with Devicie and Microsoft Intune

By leveraging Microsoft Intune, Devicie helps accelerate your organization's National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) program. Devicie’s advanced platform simplifies both delivery and ongoing management of endpoint devices.

The NIST Cybersecurity Framework is designed to help organizations of all sizes, sectors, and cybersecurity maturity levels. It has a focus on governance, emphasizing that cybersecurity is a major source of enterprise risk. The framework outlines specific outcomes that organizations can achieve to address risk.  

Together with Microsoft Intune, Devicie can help implement the NIST CSF in various ways.

  • Device Management: Intune provides comprehensive device and app management capabilities that can help organizations secure and manage the devices accessing their network. Devicie’s advanced reporting capabilities help provide a deeper understanding of what is being managed and how it is being used. 

  • Policy Enforcement: Intune allows organizations to enforce security policies on devices to ensure they comply with the standards outlined in the CSF. This includes password policies, device encryption, and more. Devicie simplifies policy configuration, ongoing management, and enforcement reporting.

  • Access Control: With Intune, organizations can control access to their resources based on the risk level of a device, or Devicie can enforce a device to only be able to access corporate resources once appropriately secured. This aligns with the CSF's focus on identifying, protecting, detecting, responding to, and recovering from cybersecurity threats.

  • Integration with Other Services: Intune integrates with other Microsoft services like Entra ID, Defender for Endpoint, Sentinel and Purview, providing a holistic approach to implementing the CSF. Devicie ensures endpoints are configured and maintained to create a solid foundation for integrating with other relevant tools. Devicie also can configure logs to be sent to these tools, where appropriate. 

While Devicie can aid in implementing the CSF, it's important to note that the CSF is not a one-size-fits-all solution. It should be tailored to address each organization's unique needs and risks.

NIST Cybersecurity Framework, Version 2.0  

Specific categories from each relevant function within the NIST CSF that Devicie can directly assist with: 

IDENTIFY (ID) 

  • Assess Management (ID.AM). Devices enrolled and managed by Devicie will be reported on and maintained. This includes managed hardware (ID.AM-01) and managed software (ID.AM-02). This inventory of managed devices assists with lifecycle management, from deployment (e.g., leveraging Autopilot) to transfer/reuse and eventual decommissioning (ID.AM-08).

  • Risk Assessment (ID.RA). Regular vulnerability scanning occurs across endpoints and is logged (ID.RA-01).

PROTECT (PR) 

  • Identity Management, Authentication and Access Control (PR.AA). In conjunction with existing identity management controls, Devicie enforces strict controls to limit access to the corporate environment to approved devices only (PRA.AA-01, PR.AA-03). 

  • Data Security (PR.DS). Endpoints can be encrypted (PR.DS-01). 

  • Platform Security (PR.PS). Baseline policies, developed in a collaborative approach between your security team and our teams experience, are established and applied to all managed endpoints (PR.PS-01). This can be deployed across layers in groups, so users operate with the principle of least functionality, while maintaining a functional environment. Managed software is updated, and the environment can be reviewed for outdated software, which can be removed as necessary (PR.PS-02). Logs from the endpoints are generated and made available where required (PR.PS-04). Users can be prevented from installing or executing unauthorized software (PR.PS-05). 

  • Technology Infrastructure Resilience (PR.IR). Devices can be configured to be blocked from accessing corporate resources, unless they meet baseline security requirements (PR.IR-01) 

DETECT (DE) 

  • Continuous Monitoring (DE.CM). Endpoint devices and the managed software on them are monitored and logged where applicable (DE.CM-09). This includes identifying missing patches, unauthorized software, and enforcing remediation actions where applicable.

  • Adverse Event Analysis (DE.AE). Devicie can direct our detailed endpoint logs to a SIEM platform for deeper analysis (DE.AE-02, DE.AE-03). These logs are configured to require elevation privileges for modification or deletion.  

Devicie manages each required control entirely, ensuring that every assigned device adheres to the appropriate policies and meets the required standards.

With Devicie, we efficiently handle continuous automated maintenance, monitoring, and remediation of Intune. Importantly, if the Essential Eight changes requirements within control, Devicie works to update our policies accordingly. These changes are automatically deployed as new policies to applicable environments, allowing you to project-manage and assign them to devices when ready.

References: 

NIST Cybersecurity Framework 2.0: Resource & Overview Guide 

Cybersecurity Framework | CSRC (nist.gov) + Cybersecurity and Privacy Reference Tool | CSRC (nist.gov) – this explains all the categories! 

Mobile Security: Microsoft Intune Configuration Frameworks and NIST Guidelines for Enterprises | LinkedIn  

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) - Microsoft Compliance | Microsoft Learn  

Intune Policies - Technical Documentation  

Learn about Intune security baselines for Windows devices | Microsoft Learn  

Microsoft 365 + the NIST (microsoft.com)