NIST CSF 2.0 COMPLIANCE
NIST CSF 2.0 Mapping
Map internet-exposed OT assets to NIST Cybersecurity Framework Identify, Protect, and Detect functions.
NIST CSF 2.0 is the most widely adopted cybersecurity framework for critical infrastructure organizations. Its Identify function requires comprehensive asset inventory—including assets you may not know are internet-exposed.
ShiftSix provides the external perspective that completes your NIST CSF implementation: discovering internet-facing OT assets (ID.AM), identifying unauthorized access paths (PR.AC), and continuously monitoring for new exposure (DE.CM).
How ShiftSix Maps to NIST
Physical Devices and Systems Inventory
ShiftSix discovers internet-exposed OT devices that may be missing from your asset inventory, directly supporting ID.AM-1 requirements for comprehensive asset identification.
Software Platforms and Applications Inventory
Protocol fingerprinting identifies exposed software, firmware versions, and application services running on internet-facing OT assets.
Remote Access Management
External scanning identifies unauthorized remote access paths to OT systems—vendor VPNs, cellular gateways, and misconfigured firewalls that create internet-to-OT paths.
Network Integrity Protection
Internet-exposed OT assets indicate network segmentation failures. ShiftSix maps these failures to PR.AC-5 requirements for network integrity and segregation.
Monitoring for Unauthorized Activity
Continuous outside-in monitoring detects new internet exposure as it appears, complementing internal monitoring (DE.CM-1) with external visibility.