Value calculation
The elements of a cybersecurity framework appear in a table. This table has these columns, depending on the framework you are using.
| Column | Description | CIS Controls | NIST | ASD Essential Eight | Cyber Essentials |
|---|---|---|---|---|---|
| Elements | The low-level elements of a cybersecurity framework. These elements make up the groups defined by the cybersecurity framework. For more information, see: | ||||
|
Policy Definition |
A cyber resilience factor that requires user input. Changing this value has an impact on the security posture of your organization. This factor is used to assess if your organization has considered the framework component in its organizational policies. Having robust policies can increase the likelihood that the framework component is addressed. |
||||
|
Activation & Enforcement |
A cyber resilience factor that requires user input. Changing this value has an impact on the security posture of your organization. This factor is used to assess if your organization has implemented and, if applicable, is enforcing the use of an element. Implementing and enforcing security measures for a large percentage of assets can decrease the likelihood of an asset becoming compromised. |
||||
|
Consistent Review & Reporting |
A cyber resilience factor that requires user input. Changing this value has an impact on the security posture of your organization. This factor is used to assess if your organization regularly reviews the implemented element to evaluate its effectiveness in protecting the assets of your organization. Regular review can increase the likelihood that potential issues are identified early. |
||||
| Evidence Quality | A cyber resilience factor that requires user input. Changing this value has an impact on the security posture of your organization. This factor is used to assess the effectiveness of the evidence that your organization used to test the element. For more information, see Essential Eight Assessment Process Guide. | ||||
| Implementation Effectiveness | A cyber resilience factor that requires user input. Changing this value has an impact on the security posture of your organization. This factor is used to assess the effectiveness of your organization's implementation of the element. For more information, see Essential Eight Assessment Process Guide. | ||||
|
Impact |
The impact of unsaved changes to the cyber resilience factors of an element on the Cyber Resilience Index. When changes are applied, the Cyber Resilience Index is recalculated and the Impact values reset to 0.
Note: This column is hidden by default. For more information, see Update framework elements.
|
||||
|
Current Value |
The current value of an element based on cyber resilience factors. The current value is based on user input.
Note: This column is hidden by default. For more information, see Update framework elements.
|
||||
|
Maximum Value |
The maximum value of an element.
Note: This column is hidden by default. For more information, see Update framework elements.
|