{"id":5030,"date":"2018-07-02T19:00:38","date_gmt":"2018-07-02T19:00:38","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=83746"},"modified":"2018-07-02T19:00:38","modified_gmt":"2018-07-02T19:00:38","slug":"assessing-microsoft-365-security-solutions-using-the-nist-cybersecurity-framework","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/assessing-microsoft-365-security-solutions-using-the-nist-cybersecurity-framework\/","title":{"rendered":"Assessing Microsoft 365 security solutions using the NIST Cybersecurity Framework"},"content":{"rendered":"

\"\"<\/p>\n

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, you\u2019ll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog\u00a0New FastTrack benefit: Deployment support for Co-management on Windows 10 devices<\/a>.<\/em><\/p>\n

Microsoft 365 security solutions align to many cybersecurity protection standards. One widely-adopted standard is the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). Developed for the US government, NIST CSF is now also used by governments and enterprises worldwide as a best practice for managing cybersecurity risk. Mapping your Microsoft 365 security solutions to NIST CSF can also help you achieve compliance with many certifications and regulations, such as FedRAMP, and others.<\/p>\n

Microsoft 365 security solutions are designed to help you empower your users to do their best work securely, from anywhere and with the tools they love. Our security philosophy is built on four pillars: identity and access management, threat protection, information protection, and security management. Microsoft 365 E5 (see Figure 1.) includes products for each pillar that work together to keep your organization safe.\u00a0\u00a0<\/span><\/span><\/p>\n

\"\"<\/p>\n

Figure 1.\u00a0The Microsoft 365 security solutions<\/em><\/p>\n

At the heart of NIST CSF is the Cybersecurity Framework Core \u2013 a set of \u201cFunctions\u201d and related outcomes for improving cybersecurity (see Figure 2). In this blog, we\u2019ll show you examples of how you can assess Microsoft 365 security capabilities using the four Function areas in the core: Identify, Protect, Detect and Respond.* We\u2019ll also provide practical tips on how you can use Microsoft 365 Security to help achieve key outcomes within each function.<\/p>\n

\"\"<\/p>\n

Figure 2.<\/em>\u00a0The NIST Cybersecurity Framework Core<\/em><\/p>\n

Identify<\/h2>\n

\u201cDevelop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.\u201d<\/h3>\n

The purpose of this function is to gain a better understanding of your IT environment and identify exactly which assets are at risk of attack. From there, you can start to align these assets and associated risks to your overall business goals (including regulatory and industry requirements) and prioritize which assets require attention.<\/p>\n

For example, the Asset management<\/strong> category is about identifying and managing the data, personnel, devices, and systems that enable an organization to achieve its business purpose in a way that is consistent with their relative importance to business objectives and the organization\u2019s risk strategy.<\/p>\n

Microsoft 365 security solutions help identify and manage key assets such as user identity, company data, PCs and mobile devices, and cloud apps used by company employees. First, provisioning user identities in Microsoft Azure Active Directory (AD) provides fundamental asset and user identity management that includes application access<\/a>, single sign-on<\/a>, and device management<\/a>. Through Azure AD Connect<\/a>, you can integrate your on-premises directories with Azure Active Directory. (See Figure 3.) This capability allows for a common secure identity for users of Microsoft Office 365, Azure, and thousands of other Software as a Service (SaaS) applications pre-integrated into Azure AD.<\/p>\n

\"\"<\/p>\n

Figure 3.<\/em>\u00a0Through Azure AD Connect, you can integrate your on-premises directories with Azure Active Directory<\/em><\/p>\n

Deployment Tip:\u00a0<\/strong>Start by managing identities in the cloud with Azure AD<\/a> to get the benefit of single sign-on for all your employees. Azure AD Connect will help you integrate your on-premises directories with Azure Active Directory.<\/p>\n

Protect<\/h2>\n

\u201cDevelop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.\u201d<\/h3>\n

The Protect function focuses on policies and procedures to protect data from a potential cybersecurity attack.<\/p>\n

Microsoft 365 security solutions support NIST CSF related categories in this function. \u00a0For example, the Identity management and access control<\/strong> category is about managing access to assets by limiting authorization to devices, activities, and transactions. Your first safeguard against threats or attackers is to maintain strict, reliable, and appropriate access control. Azure Active Directory Conditional Access<\/a> evaluates a set of configurable conditions, including user, device, application, and risk (see Figure 4.) Based on these conditions, you can then set the right level of access control. For access control on your networks.<\/p>\n

\"\"<\/p>\n

Figure 4.<\/em> Azure AD Conditional Access<\/em> evaluates a set of configurable conditions, including user, device, application, and risk<\/em><\/p>\n

Deployment Tip:<\/strong>\u00a0Manage access control by configuring conditional access policies<\/a> in Azure AD. Use conditional access to apply conditions that grant access depending on a range of factors or conditions, such as location, device compliance, and employee need.\u00a0<\/p>\n

Detect<\/h2>\n

\u201cDevelop and implement the appropriate activities to identify the occurrence of a cybersecurity event.\u201d<\/h3>\n

The Detect function covers systems and procedures that help you monitor your environment and detect a security breach as quickly as possible.<\/p>\n

Microsoft 365 security solutions provide you with solutions that detect and protect against Anomalies and events<\/strong> in real time.\u00a0 Microsoft 365 security solutions offer advanced threat protection (see Figure 5.), security and audit log management, and application whitelisting to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements. Microsoft 365 has capabilities to detect attacks across these three key attack vectors:<\/p>\n