NIST_CSFPROTECTvoice-validated
NIST_CSF PR: PROTECT
NIST_CSF
AL
Founder at SQUR · last verified 2026-06-20
Regulation text
Safeguards to manage the organisation's cybersecurity risks are used. Once assets and risks are identified and prioritised, PROTECT supports the ability to secure those assets to prevent or lower the likelihood and impact of adverse cybersecurity events, as well as to increase the likelihood and impact of taking advantage of opportunities.
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| T1190 | 1. Safeguards against public-facing application exploits are crucial. The PROTECT function mandates securing assets, including applications, to prevent initial access and lower adverse event likelihood. | 90% |
| T1566 | 1. User training and email filtering, as part of PROTECT's safeguards, reduce the likelihood of successful phishing attacks, securing organisational assets and preventing initial access. | 80% |
| T1059 | 1. Robust endpoint security and application whitelisting, core to PROTECT, restrict unauthorised command execution, lowering adverse event impact by preventing malicious code execution. | 85% |
| T1547 | 1. Configuration management and endpoint security controls, central to PROTECT, prevent adversaries from establishing persistence through autostart mechanisms, securing system integrity. | 90% |
| T1068 | 1. Patch management and secure configuration, as PROTECT safeguards, reduce vulnerabilities exploitable for privilege escalation, securing critical systems and limiting attacker capabilities. | 90% |
| T1027 | 1. Data encryption and integrity checks, mandated by PROTECT, render obfuscated information ineffective, preventing defense evasion and ensuring data confidentiality. | 80% |
| T1070 | 1. Comprehensive logging and immutable system configurations, part of PROTECT, counter indicator removal, ensuring event visibility and supporting incident response. | 75% |
| T1003 | 1. Strong authentication and credential management systems, key PROTECT safeguards, prevent OS credential dumping, protecting sensitive access data and user identities. | 95% |
| T1056 | 1. Endpoint detection and response (EDR) and input validation, as PROTECT measures, detect and prevent input capture, securing user interactions and sensitive information. | 85% |
| T1087 | 1. Least privilege principles and network segmentation, core to PROTECT, limit the scope of account discovery, reducing attacker visibility and potential for lateral movement. | 80% |
| T1046 | 1. Network access controls and firewalls, essential PROTECT safeguards, restrict unauthorised network service discovery, limiting lateral movement and securing network infrastructure. | 85% |
| T1021 | 1. Secure remote access policies and multi-factor authentication, as PROTECT controls, prevent unauthorised use of remote services for lateral movement, securing network boundaries. | 90% |
| T1005 | 1. Data loss prevention (DLP) and access controls, central to PROTECT, restrict unauthorised data collection from local systems, securing sensitive information and preventing exfiltration. | 90% |
| T1071 | 1. Network intrusion detection/prevention systems (NIDS/NIPS) and egress filtering, as PROTECT safeguards, disrupt C2 communications over application layer protocols, preventing command execution. | 85% |
| T1486 | 1. Regular data backups and robust access controls, as PROTECT safeguards, mitigate the impact of data encryption for impact, ensuring business continuity and data recovery. | 95% |
Defending mitigations · 6
| Mitigation | What it does | Confidence |
|---|---|---|
| M1032 | 1. Multi-factor authentication, a key PROTECT safeguard, significantly reduces the risk of unauthorised access, securing user accounts and assets as mandated by the control. | 95% |
| M1031 | 1. Network segmentation, as part of PROTECT, limits the blast radius of attacks, preventing lateral movement and securing critical assets by isolating systems. | 90% |
| M1040 | 1. Privileged account management, a core PROTECT control, restricts administrative access, preventing privilege abuse and securing sensitive operations as per control objectives. | 90% |
| M1026 | 1. Data backup and recovery, a critical PROTECT measure, ensures data availability and integrity, reducing the impact of adverse cybersecurity events and securing information. | 95% |
| M1035 | 1. User account management, a fundamental PROTECT safeguard, ensures appropriate access levels, preventing unauthorised access to assets and fulfilling control requirements. | 85% |
| M1017 | 1. User training, as a PROTECT safeguard, educates personnel on cybersecurity risks, reducing human error and strengthening overall security posture against adverse events. | 80% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-79 | 1. Input validation and secure coding practices, as PROTECT safeguards, prevent cross-site scripting vulnerabilities, securing web applications and lowering adverse event likelihood. | 85% |
| CWE-200 | 1. Access controls and data encryption, core PROTECT measures, prevent the exposure of sensitive information to unauthorised actors, protecting data confidentiality. | 90% |
| CWE-287 | 1. Robust authentication mechanisms, a primary PROTECT safeguard, prevent improper authentication, securing access to systems and data as per control objectives. | 95% |
| CWE-269 | 1. Least privilege and role-based access control, as PROTECT principles, prevent improper privilege management, securing system functions and limiting attacker capabilities. | 90% |
| CWE-306 | 1. Mandatory authentication for critical functions, a key PROTECT safeguard, prevents unauthorised execution of sensitive operations, securing system integrity. | 85% |
| CWE-502 | 1. Secure deserialization practices and input validation, as PROTECT safeguards, prevent deserialization of untrusted data, securing applications from code execution. | 80% |
| CWE-732 | 1. Strict permission assignment and regular reviews, as PROTECT safeguards, prevent incorrect permissions, securing critical resources and preventing unauthorised access. | 85% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0181 compute · voice-rubric self-validated