NIST_CSFIDENTIFYvoice-validated
NIST_CSF ID: IDENTIFY
NIST_CSF
AL
Founder at SQUR · last verified 2026-06-20
Regulation text
The organisation's current cybersecurity risks are understood. Identifying assets, suppliers, and related cybersecurity risks enables an organisation to focus and prioritise its efforts consistent with its risk management strategy and the mission needs.
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| T1595.001 | 1. Attackers perform active scanning to identify an organisation's assets and vulnerabilities. This directly exploits a failure to understand current cybersecurity risks, as outlined in IDENTIFY. | 90% |
| T1046 | 1. Attackers conduct network service scanning to discover active services and open ports on systems. This technique thrives when an organisation lacks a comprehensive understanding of its network assets and their configurations, as required by IDENTIFY. | 85% |
| T1087.001 | 1. Attackers perform account discovery to map user accounts and their privileges. A lack of identified and managed accounts within the organisation's risk management strategy, as per IDENTIFY, facilitates this activity. | 80% |
| T1083 | 1. Attackers search for sensitive files and directories. This is enabled when an organisation fails to identify and classify its data assets and their storage locations, a core component of IDENTIFY. | 75% |
| T1018 | 1. Attackers discover remote systems within the network. This technique exploits an organisation's incomplete asset inventory and understanding of its network topology, directly conflicting with IDENTIFY's requirement to identify assets. | 70% |
| T1049 | 1. Attackers identify system network connections to understand communication paths. This is possible when an organisation has not fully identified and documented its network dependencies and asset relationships, as mandated by IDENTIFY. | 70% |
| T1033 | 1. Attackers discover system owners and users. This technique is effective when asset ownership and user responsibilities are not clearly identified and managed within the organisation's risk framework, as per IDENTIFY. | 65% |
| T1003.001 | 1. Attackers dump OS credentials from systems. This is a significant risk if systems storing credentials are not identified as critical assets requiring enhanced protection, a key aspect of IDENTIFY. | 80% |
| T1190 | 1. Attackers exploit public-facing applications for initial access. Unidentified or poorly managed public-facing assets represent a critical gap in understanding cybersecurity risks, directly addressed by IDENTIFY. | 90% |
| T1195.002 | 1. Supply chain compromise involves attackers targeting an organisation through its suppliers. This directly relates to IDENTIFY's emphasis on identifying suppliers and their associated cybersecurity risks. | 95% |
| T1036.003 | 1. Attackers use masquerading to appear as legitimate processes or users. This technique is more successful when an organisation lacks a clear understanding and identification of its legitimate baseline activities and assets, as per IDENTIFY. | 70% |
| T1053.005 | 1. Attackers establish persistence via scheduled tasks or jobs. This can go undetected on systems that are not adequately identified, monitored, or included in the organisation's risk management strategy, as required by IDENTIFY. | 65% |
| T1021.001 | 1. Attackers use remote services for lateral movement. This is facilitated by a lack of comprehensive identification and management of network services and access paths across the organisation's assets, as specified in IDENTIFY. | 70% |
| T1005 | 1. Attackers collect data from local systems. This is easier when an organisation has not identified and classified its sensitive data assets and their locations, a crucial part of understanding risks under IDENTIFY. | 75% |
| T1486 | 1. Attackers encrypt data for impact, leading to ransomware attacks. The impact is maximised when critical assets and data are not properly identified and prioritised within the organisation's risk management strategy, as per IDENTIFY. | 85% |
Defending mitigations · 7
| Mitigation | What it does | Confidence |
|---|---|---|
| M1035 | 1. Asset Management directly supports IDENTIFY by requiring comprehensive inventory and classification of all organisational assets, enabling a clear understanding of cybersecurity risks. | 95% |
| M1017 | 1. User Account Management ensures all user accounts are identified, managed, and linked to specific assets and roles. This is critical for understanding access-related risks, as required by IDENTIFY. | 90% |
| M1028 | 1. Operating System Configuration involves securing and standardising OS settings. This helps identify and protect systems, aligning with IDENTIFY's goal of understanding asset-specific risks. | 85% |
| M1031 | 1. Network Segmentation aids in identifying and isolating critical assets and their associated risks. This directly contributes to understanding the organisation's cybersecurity posture, as per IDENTIFY. | 85% |
| M1047 | 1. Regular Audits identify gaps in asset inventory, configurations, and risk understanding. This continuous verification process supports the ongoing requirements of IDENTIFY. | 80% |
| M1040 | 1. Data Backup requires the identification of critical data for recovery planning. This directly supports understanding the impact of data loss, a key aspect of risk identification under IDENTIFY. | 80% |
| M1015 | 1. Software Configuration ensures applications on assets are properly configured and secured. This helps identify and mitigate software-related vulnerabilities, aligning with IDENTIFY's risk understanding. | 80% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-200 | 1. Exposure of Sensitive Information occurs when sensitive assets are not identified and protected. This directly undermines IDENTIFY's objective of understanding and prioritising risks to sensitive data. | 90% |
| CWE-284 | 1. Improper Access Control results from a failure to identify appropriate access levels for assets. This weakness directly impedes understanding and managing access-related cybersecurity risks, as per IDENTIFY. | 85% |
| CWE-306 | 1. Missing Authentication for Critical Function arises when critical functions on unidentified assets lack necessary authentication. This represents a significant unaddressed risk, contrary to IDENTIFY's goals. | 80% |
| CWE-312 | 1. Cleartext Storage of Sensitive Information is a weakness stemming from a failure to identify sensitive data and its storage requirements. This directly impacts understanding data-related risks under IDENTIFY. | 80% |
| CWE-668 | 1. Exposure of Resource to Wrong Sphere occurs when assets are exposed due to a lack of identification of their intended scope. This directly conflicts with IDENTIFY's requirement to understand asset context and risks. | 75% |
| CWE-693 | 1. Protection Mechanism Failure represents a general inability to identify and implement effective protective measures for assets. This broad weakness directly hinders the risk understanding mandated by IDENTIFY. | 70% |
| CWE-1007 | 1. Insufficient Logging on unidentified systems prevents detection of anomalous activities. This weakness directly impairs the ability to understand and monitor cybersecurity risks, as required by IDENTIFY. | 70% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0206 compute · voice-rubric self-validated