NIST Cybersecurity Framework
The Cybersecurity Framework (CSF) is a set of cybersecurity best practices and recommendations from the National Institute of Standards and Technology (NIST). The CSF makes it easier to understand and manage cybersecurity risks by helping to improve the defenses. Organizations around the world use it to make better risk-based investment decisions to maximize impact and compliment their security programs.
Core Functions
The Framework is organized by five key Functions – Identify, Protect, Detect, Respond, and Recover. These five widely understood terms, when considered together, provide a comprehensive view of the lifecycle for managing cybersecurity risk over time.
IDENTIFY (ID)
Asset Management (ID.AM)
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-1
Physical devices and systems within the organization are inventoried
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiCam/FortiRecorder
Function and Features
Fortinet’s operating system, FortiOS, allows Device detection to monitor your networks and gather information about devices operating on those networks. The Device Inventory widget contains a series of summary charts that provide an overview of the hardware, operating system, status, and interfaces. Physical devices can be inventoried using Video Surveillance System - FortiCam / FortiRecorder. This integrated physical security gives you intelligent insights into what is happening on your premises with remote, real-time visibility—accessible from anywhere.
Asset Management (ID.AM)
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-2
Software platforms and applications within the organization are inventoried
Available Services
- FortiGuard Application Control Service
- Fortiguard Cloud Access Security Broker (CASB) Service
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiNAC
- FortiClient (EMS)
Function and Features
FortiGate next gen firewalls with FortiOS and centralized management solutions offer extensive visibility into application identification. It gives you visibility and control of thousands of applications and also lets you add custom applications as well. Fortinet’s cloud access security broker (CASB) solution provides administrators with usage information for all sanctioned and unsanctioned (shadow IT) cloud applications. FortiClient Security Fabric agent can provide visibility into the status of a device, including applications running and firmware version. With comprehensive and ongoing discovery of devices. FortiNAC provides consolidated visibility, classification, and security posture. It can also be used to monitor and manage all digital assets.
Asset Management (ID.AM)
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-3
Organizational communication and data flows are mapped
Available Services
- FortiGuard Application Control Service
- Fortiguard Cloud Access Security Broker (CASB) Service
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiPolicy
- FortiNAC
Function and Features
Application Control Service, available as part of the NGFW service through the FortiGate next generation firewall offers xtensive visibility into application usage in real time, as well as trends over time through views, visualizations, and reports which lets you fine-tune your policies based on application type via application categories and optimizing bandwidth usage. Built on Zero Trust Communications, FortiPolicy, ML-DRIVEN TRAFFIC ANALYSIS establishes intent between hosts and systems by learning relationships among workloads and apps and improves network visibility by traffic and data mapping.
Asset Management (ID.AM)
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-4
External information systems are catalogued
Asset Management (ID.AM)
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-5
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Available Services
- FortiGuard Application Control Service
- Universal Zero Trust Network Access (ZTNA)
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiClient EMS
Function and Features
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. FortiGuard labs maintain a Internet Service Database (ISDB) which ensures proper classification of service providers. Guard Application Control Service optimizes bandwidth usage on your network by prioritizing, de-prioritizing, or blocking traffic based on application type via application categories. ZTNA tags can be applied to check device posture for things like vulnerabilities, updated AV signatures, location, and machine groups. These checks are done on a continuous basis so that any change is recorded and can be prioritized.In addtion, FortiClient Endpoint classification tags helps to specify an endpoint's importance in the organization.
Asset Management (ID.AM)
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-6
Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Business Environment (ID.BE)
The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.
ID.BE-1
The organization’s role in the supply chain is identified and communicated
Business Environment (ID.BE)
The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.
ID.BE-2
The organization’s place in critical infrastructure and its industry sector is identified and communicated
Business Environment (ID.BE)
The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.
ID.BE-3
Priorities for organizational mission, objectives, and activities are established and communicated
Business Environment (ID.BE)
The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.
ID.BE-4
Dependencies and critical functions for delivery of critical services are established
Business Environment (ID.BE)
The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.
ID.BE-5
Resilience requirements to support delivery of critical services are established
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiSASE
- Application Delivery Controller and GSLB: FortiADC and FortiGSLB
Function and Features
Fortinet's FortiGate NGFW deliver hyperscale security that performs efficiently, with no network impact, to meet escalating business demands. Available in a variety of form factors, including container firewalls, virtual firewalls, and appliances. Ensures highest level of application availability and performance over any WAN transport with no performance impact with the help of SD-WAN ASIC. Furthermore, available as a Service or as a FortiADC feature, FortiGSLB is a DNS-based solution that enables you to deploy redundant resources around the globe with near instant fail-over. FortiGSLB enables you to deploy redundant resources around the globe to maintain the availability of your business critical applications helps to ensure business continuity.
Governance (ID.GV)
The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.
ID.GV-1
Organizational information security policy is established
Governance (ID.GV)
The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.
ID.GV-2
Information security roles & responsibilities are coordinated and aligned with internal roles and external partners
Governance (ID.GV)
The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.
ID.GV-3
Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
Governance (ID.GV)
The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.
ID.GV-4
Governance and risk management processes address cybersecurity risks
Available Services
- FortiGuard CASB Service- Cloud access security broker
Available Products
- FortiCNP
- FortiSASE
Function and Features
Fortinet’s cloud-native Cloud Access Security Broker (CASB) solution provides Visibility, Insight, and Control for SaaS Applications. FortiCASB has predefined policies for common regulatory standards to detect violations along with reports for auditing and tracking. Helps to monitor user behaviors and activities and manage user entitlement with Data loss prevention (DLP) and threat detection tools. FortiCNP provides out-of-the box policies for standards and mandates. FortiCNP can generate reports for auditing teams so they can identify policy violations and take needed remedial actions. In additon, Resource Risk Insights (RRI) analyzes security findings generated by a cloud service provider’s (CSP) native security services and Fortinet cloud solutions. RRI provides context-rich actionable insights so teams can prioritize the highest impact risks.
Risk Assessment (ID.RA)
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
ID.RA-1
Asset vulnerabilities are identified and documented
Available Services
- FortiGuard IPS
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiClient
- FortiEDR
- FortiCNP
- FortiDevSec
- FortiPenTest
- FortiSOAR
Function and Features
The Fortinet Security Fabric provides an intelligent architecture that interconnects discrete security solutions into an integrated whole to detect, monitor, block, and remediate attacks across the entire attack surfaceFortiGuard Next-Generation Firewall (NGFW) helps to manage vulnerabilities and protects against known and zero-day attacks. FortiCNP's Container security - Protects against vulnerabilities in container images and registries throughout the application lifecycle. Integrations with Kubernetes environments continuously monitor risk posture and activity for new and evolving threats. FortiDevSec is an application security testing product which finds and fixes all types of application security issues within your DevOps CI/CD cycle. FortiPenTest provides a cloud-based security testing as a service. It simplifies automated detection of critical vulnerabilities in websites/web applications including those defined by OWASP TOP 10. Using FortiPentest can help identify common vulnerabilities and misconfigurations.
Risk Assessment (ID.RA)
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
ID.RA-2
Threat and vulnerability information is received from information sharing forums and sources
Available Services
- FortiGuard Outbreak Alert Service
- FortiGuard Labs Threat Intelligence
- Threat Signals
- Zero-day research
Available Products
- FortiAnalyzer
- FortiSOAR
- FortiSIEM
Function and Features
Fortinet security products are armed with the best threat identification and protection information available, including the latest threats, campaigns, bad actors, and trends. FortiGuard Outbreak Detection Service provides critical outbreak reports and event handlers to a FortiAnalyzer device. Administrators can identify, respond and validate their security readiness against widespread outbreaks concerning vulnerabilitites and other threats. FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution.
Risk Assessment (ID.RA)
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
ID.RA-3
Threats, both internal and external, are identified and documented
Available Services
- FortiGuard IPS Security Service
- FortiGuard Antivirus Security Service
- Web and DNS filtering
- Botnet C2 IOCs
- FortiRecon BP
Available Products
- FortiDeceptor
- FortiEDR
- FortiXDR
- FortiSOAR
- FortiNDR
- FortiRecon
- FortiSandbox
- FortiCNP
Function and Features
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges. Threat prevention is accomplished via the capabilities of our FortiGate Next-Generation Firewall, including IPS, malware protection, and URL Filtering, to block known command-and-control traffic. FortiGuard Inline Sandbox Service Zero-day threat protection enables fast, coordinated detection and enforcement across the entire attack surface. Risk is continually assessed, and the Security Fabric automatically adjusts to counter the latest known and unknown threats in real time. Based on deception technology, FortiDeceptor is designed to deceive, expose and eliminate external and internal threats early in the attack kill chain before any significant damage occurs.
Risk Assessment (ID.RA)
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
ID.RA-4
Potential business impacts and likelihoods are identified
Risk Assessment (ID.RA)
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
ID.RA-5
Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
Available Services
- FortiGuard Security and Brand Assessment
Available Products
- FortiRecon
Function and Features
FortiRecon Digital Risk Protection (DRP), a SaaS-based service, combines three powerful modules: External Attack Surface Management, Brand Protection, and Adversary Centric Intelligence. FortiRecon provides a view of what adversaries are seeing, doing, and planning to help you counter attacks at the reconnaissance phase and significantly reduce the risk, time, and cost of later-stage threat mitigation. From exposed systems across the network to asset discovery of shadow IT, new acquisitions, and other missed assets, you’ll know what exposures need immediate attention. Fortinet experts monitor the dark web, Pastebin, forums, markets, OSINT, and more, to get ahead of hard-to-find potential threats.
Risk Assessment (ID.RA)
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
ID.RA-6
Risk responses are identified and prioritized
Risk Management Strategy (ID.RM)
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
ID.RM-1
Risk management processes are established, managed, and agreed to by organizational stakeholders
Risk Management Strategy (ID.RM)
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
ID.RM-2
Organizational risk tolerance is determined and clearly expressed
Risk Management Strategy (ID.RM)
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
ID.RM-3
The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
Supply Chain Risk Management (ID.SC)
The organization’s priorities,constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has establishedand implemented the processes to identify, assess and manage supply chain risks.
ID.SC-1
Cyber supply chain risk management processes are identified, established, assessed, managed,and agreed to by organizational stakeholders
Available Services
- FAZ Outbreak Detection Service
- Attack Surface Security Rating service
Available Products
- FortiGate next-gen firewall (NGFW)
Function and Features
Fortinet offers organizations a range of tools to enhance security and enable integration while reducing complexity. Intelligence and insight provided by FortiGuard Labs can support decisions associated with managing supply chain risks.
PROTECT (PR)
Access Control (PR.AC)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
PR.AC-1
Identities and credentials are managed for authorized devices and users
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiSASE
- FortiAuthenticator
- FortiToken
- FortiTrust
- FortiGuest
Function and Features
FortiAuthenticator protects against unauthorized access to corporate resources by providing centralized authentication services for the Fortinet Security Fabric, including single sign-on services, certificate management, and guest access management. FortiToken further confirms the identity of individual users by adding a second factor to the authentication process through physical or mobile-application tokens. FortiTrust Identity provides all the capabilities that are part of FortitAuthenticator and FortiToken in a SaaS based, subscription offering. FortiToken Cloud offers multi-factor authentication (MFA) as a service. Organizations can use its intuitive dashboard to manage MFA. FortiGuest allows network administrators to quickly and easily provide wired and wireless guest access. It also enables role and policy management, plus reporting throughout the BYOD life-cycle.
Access Control (PR.AC)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
PR.AC-2
Physical access to assets is managed and protected
Available Products
- FortiCam/FortiRecorder
Function and Features
Fortinet offers a secure video surveillance system that helps organizations create safer workspaces to protect employees, safeguard properties, and prevent losses from threats, thefts, and vandalism. Built on the highest security standards and employing innovative AI technologies, Fortinet empowers organizations of any size to unify video surveillance and physical security management with one integrated platform
Access Control (PR.AC)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
PR.AC-3
Remote access is managed
Available Services
- Universal Zero Trust Network Access (ZTNA)
Available Products
- FortiSASE
- FortiClient
- FortiToken
- FortiAuthenticator
- FortiCASB
- FortiPAM
- FortiWEB
Function and Features
ZTNA enables secure and granular access that improves security and the user experience—anywhere, anytime. ZTNA ensures only users and devices that should access an app, can, with the help of multi-factor authentication (MFA). Secondly, FortiSASE provides secure access to SaaS applications with enhanced API and IN-LINE CASB and by enabling ZTNA posture check for application access.ZTNA ensures only users and devices that should access an app, can, with the help of multi-factor authentication (MFA). Plus, all applications are hidden from the internet. No longer are applications exposed to the internet for bad actors to see and try to breach. ZTNA tagging also limits access to privileged resources.FortiPAM, Centrally manages role-based access through administrative policies. Easily change passwords for privileged accounts and ensure they are kept safe.
Access Control (PR.AC)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
PR.AC-4
Access permissions are managed, incorporating the principles of least privilege and separation of duties
Available Services
- Universal Zero Trust Network Access (ZTNA)
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiCASB
- FortiNAC
- FortiPAM
Function and Features
Fortinet’s ZTNA is a free feature in FortiOS and FortiClient, enabling customers with a zero-trust access solution that oversees and protects all digital assets connected to the enterprise network, covering devices from IT, IoT, OT/ICS to IoMT. With granular access control which Grants access to a specific application only for that session plus verifies the user identity, the device identity, device posture, and the user’s right to access an application before granting access to an application.FortiPAM introduces zero-trust principles to privileged accounts and dramatically lower an organization’s overall attack surface by ensuring privileged accounts and privileged credentials are not misused by accident, by threat actors, or by malicious insiders.
Access Control (PR.AC)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
PR.AC-5
Network integrity is protected, incorporating network segregation where appropriate
Available Products
- FortiGate next-gen firewall (NGFW) FortiPolicy
- FortiNAC
- FortiSASE
Function and Features
FortiGate next-gen firewall (NGFW) delivers hyperscale security that prevents lateral spread, manage internal risks, and enforce security for any segmentation whether VXLAN-based, network, endpoint, or application. Customers can achieve dynamic trust and port-level segmentation with Fortinet Security Fabric integration. Fortinet Security Fabric segmentation and micro-segmentation capabilities delivers intent-based networking and control of east-west traffic to enforce Zero trust networks.
Access Control (PR.AC)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
PR.AC-6
Identities are proofed and bound to credentials, and asserted in interactions when appropriate
Available Services
- Universal Zero Trust Network Access (ZTNA)
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
Function and Features
FortiGate next-gen firewall (NGFW) with rule-based access policy, enables least-privileged access to network resources for connected devices and perform re-authentication, re-authorization, and ongoing monitoring. ZTNA integration on FortiSASE enables zero-trust everywhere for all users and devices.
Access Control (PR.AC)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
PR.AC-7
Users, devices, and other as sets are authenticated (e.g., single-factor, multi-factor) com mensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)
Available Services
- IAM solutions: FortiAuthenticator
- FortiToken
- FortiTrust Identity
- FortiToken Cloud
- FortiGuest
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiCASB
- FortiClient
- FortiNAC
Function and Features
ZTNA is a capability within Zero Trust Access (ZTA) that controls access to applications. It extends the principles of ZTA to verify users and devices before every application session. ZTNA confirms that they meet the organization’s policy to access that application. FortiTrust Identity (FTI) is cloud-based and natively integrated with the Fortinet Security Fabric to deliver a rich set of security controls and centralized management of user authentications, including multi-factor authentication. Fortinet SS0 (FSSO) includes modern authentication protocols federating identity for SSO (SAML, oAuth, OIDC, and API support)
Awareness and Training (PR.AT)
The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.
PR.AT-1
All users are informed and trained
Available Services
- FortiGuard: Security Awareness Training
- FortiPhish
Function and Features
Aligned to the National Institute of Standards and Technology framework (NIST 800-50 and NIST 800-16), the Fortinet Security Awareness and Training service addresses security awareness, data privacy, internet security, password protection, and physical security training obligationsTrain employees to recognize and report on security threats whether in an email, online, or in a physical setting using FortiGuard Security Awareness Training. FortiPhish is a cloud-delivered phishing simulation service User awareness of the risk posed by malicious emails and social engineering efforts is best developed through regular testing against real-world simulated phishing threats.
Awareness and Training (PR.AT)
The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.
PR.AT-2
Privileged users understand roles & responsibilities
Available Services
- FortiGuard: Security Awareness Training
- FortiPhish
Function and Features
The Fortinet Security Awareness and Training service is a SaaS-based offering that delivers timely and current awareness training on today’s cybersecurity threats. It helps IT, security, and compliance leaders build a cyber-aware culture where employees recognize and avoid falling victim to cyberattacks which creates a security-compliant culture where employees are trained to become more cognizant and knowledgeable of potential security threats.FortiPhish provides rich analytics to help administrators assess the susceptibility of users to phishing and related social engineering attacks, identifying users who may need support to improve behavior in the organization’s anti-phishing efforts.Fortinet products supports robust Role-Based solutions which provides organizations with field level role based access control to manage sensitive data in accordance with policies and guidelines.
Awareness and Training (PR.AT)
The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.
PR.AT-3
Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities
Awareness and Training (PR.AT)
The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.
PR.AT-4
Senior executives understand roles & responsibilities
Awareness and Training (PR.AT)
The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.
PR.AT-5
Physical and information security personnel understand roles & responsibilities
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-1
Data-at-rest is protected
Available Services
- Universal Zero Trust Network Access (ZTNA)
- Fortinet Security Fabric
- FortiGate DLP
- FortiGuard CASB Service
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiCASB
Function and Features
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. FortiGate reduces complexity with automated visibility into applications, users, and network, and provides security ratings to adopt security best practices.Defend against data breaches with a highly customizable suite of data loss prevention (DLP) tools with CASB serivce and Data at rest can be scanned with CASB engine.
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-2
Data-in-transit is protected
Available Services
- Universal Zero Trust Network Access (ZTNA)
- Fortinet Security Fabric
- FortiGate DLP
- FortiGuard CASB Service
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiCASB
Function and Features
The FortiGate data leak prevention (DLP) system prevents sensitive data from leaving or entering your network. You can customize the default sensor or create your own by adding individual filters based on file type, file size, a regular expression, an advanced rule, or a compound rule.ZTNA enables TLS-encrypted tunnels automatically, from the endpoint to the access proxy, ensuring traffic is hidden from prying eyes all the time. CASB engine protects data in motion and data at rest within cloud applications.
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-3
Assets are formally managed throughout removal, transfers, and disposition
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-4
Adequate capacity to ensure availability is maintained
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiCASB
- FortiCNP
- Application Delivery Controller and GSLB: FortiADC and FortiGSLB
Function and Features
Fortinet's products delivers hyperscale security that performs efficiently, with no network impact to meet escalating business demands and scale based on actual workload resources.
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-5
Protections against data leaks are implemented
Available Services
- FortiGuard Web Security: DNS URL filtering Botnet C2
- FortiGate DLP
- FortiGuard CASB Service
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiSASE
- FortiProxy
- FortiCASB
Function and Features
Fortinet employs a number of techniques across each stage of the attack lifecycle to help prevent data from being exfiltrated from your protected network. In addition to blocking known malware and command-and-control destinations by DNS or URL, we also inspect and can stop traffic that violates data and regulatory compliance policies, credential theft due to phishing attempts, or attempts to hide threats using encryption.
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-6
Integrity checking mechanisms are used to verify software, firmware, and information integrity
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiCASB
Function and Features
MD5 support of files downloaded from support.fortinet.com plus Fortinet Security Fabric connectors provide integration with multiple SDN, cloud, and partner technology platforms to automate the process of managing dynamic security updates without manual intervention.
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-7
The development and testing environment(s) are separate from the production environment
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiNAC
Function and Features
Fortinet supports this requirements to keep development and testing environments separate using our Next-Generation Firewall to segment traffic between zones in order to restrict or completely deny traffic as required.
Data Security (PR.DS)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-8
Integrity checking mechanisms are used to verify hardware integrity
Function and Features
Fortinet is committed to the independent testing and certification of its products and services. ICSA, AV-Comparatives, Virus Bulletin, and other independent testing organizations have consistently validated the effectiveness of Fortinet solutions. Fortinet earned ICSA’s prestigious Excellence in Information Security Testing (EIST) award for 15 years of participation in 2017 and has been recognized by ICSA for outstanding achievement in information security certification testing 10 years in a row
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-1
A baseline configuration of information technology/industrial control systems is created and maintained
Available Services
- FortiGuard IoT Service
- FortiGuard Industrial Control Service
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiNAC
Function and Features
Based on Security Best Practices and Standards, the capabilities of the Security Fabric can be further leveraged through the Security Rating Feature. This feature provides a mechanism to continually assess the Security Fabric, validate that configurations are working effectively, and provide awareness of risks and vulnerabilities which may impact daily business operations.
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-10
Response and recovery plans are tested
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-11
Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
Available Products
- Next-Generation Firewall (NGFW) FortiNAC
- FortiSASE
Function and Features
With guest and contractor management capabilities, FortiNAC can see and control all devices, making it a perfect solution for onboarding and managing BYOD. Individual accounts could be provisioned, deprovisioned in accordance to HR practices.
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-12
A vulnerability management plan is developed and implemented
Available Services
- Endpoint Vulnerability Protection Service FortiGuard IPS service
- FortiGuard Anti-Virus service
Available Products
- FortiGate next-gen firewall (NGFW) FortiWEB
- FortiADC
- FortiClient
- FortiXDR
- FortiEDR
- FortiSASE
Function and Features
Fortinet provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface within an organization and helping meet regulatory compliance.
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-2
A System Development Life Cycle to manage systems is implemented
Available Products
- FortiDevSec
- FortiDAST
Function and Features
Evaluating the security risks associated with applications and assessing the security weaknesses allows you to mitigate the potential risk to your organization with appropriate remedial measures. FortiDevSec is a cloud-based automated application security tool that performs intensive and comprehensive scans for an accurate vulnerability assessment of your application. It integrates continuous application security testing into major DevOps Continuous Integration (CI)/Continuous Deployment (CD) environments, embedding itself into the process of developing and deploying applications to evaluate and detect security gaps that you can mitigate/remediate in the course of the Software Development Lifecycle (SDLC). FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-3
Configuration change control processes are in place
Available Products
- FortiGate next-gen firewall (NGFW) FortiCASB
- FortiManager
- FortiManager Cloud
- FortiSASE
Function and Features
Fortinet supports configuration and change management processes and best practices across the security Fabric. FortiManager enables centralized management with automation-driven network configuration, visibility, and security policy management. Provides central management of 100,000+ devices such as firewalls, switches, and access points. Features Zero Touch Provisioning for deployment at scale.
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-4
Backups of information are conducted, maintained, and tested periodically
Available Products
- FortiManager
- FortiManager Cloud
Function and Features
When a FortiManager device is added to the Security Fabric, it automatically synchronizes with any connected downstream devices. Automated device configuration backups and revision control make daily administrative tasks easy. Track changes in the enhanced Event Log view for review of configuration updates for auditing and compliance
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-5
Policy and regulations regarding the physical operating environment for organizational assets are met
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-6
Data is destroyed according to policy
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-7
Protection processes are continuously improved
Available Services
- FortiGuard Labs Threat Intelligence
Available Products
- FortiSOAR
- FortiNDR
- FortiXDR
- FortiEDR
- FortiSIEM
- FortiSoCaaS
Function and Features
FortiGuard Labs threat intelligence products and services work with technology partners and customers to automate identification of known threats. Protections against all previously unknown advanced persistent threats and zero-day attacks are automatically distributed to all customers FortiXDR and FortiSOAR, pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents. Using FortiSOAR helps enterprises adapt and optimize their security processes.
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-8
Effectiveness of protection technologies is shared with appropriate parties
Available Services
- FortiGuard Labs Threat Intelligence
Available Products
- FortiSOAR
- FortiNDR
- FortiXDR
- FortiEDR
- FortiSIEM
- FortiSoCaaS
Information Protection Processes and Procedures (PR.IP)
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-9
Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
Available Services
- FortiGuard: Response Readiness
- Security Awareness
Available Products
- FortiSOAR
- FortiAnalyzer
- FortiSOCaaS
Maintenance (PR.MA)
Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.
PR.MA-1
Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools
Maintenance (PR.MA)
Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.
PR.MA-2
Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access
Available Products
- FortiAnalyzer
- FortiManager
- FortiGate next-gen firewall (NGFW) FortiCASB
- FortiSASE
Function and Features
FortiManager enables centralized management with automation-driven network configuration, visibility, and security policy management. It provides Accelerated zero-touch provisioning with best-practice templates and device blueprints for deployment at scale of SD-WAN and SD-Branch. FortiAnalyzer provides benefits of logging at scale of all network devices and finding any anomaly eliminating any blind spots. FortiManager separates customer data and manages domains with ADOMs for compliance and operational efficiency.
Protective Technology (PR.PT)
Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
PR.PT-1
Audit/log records are determined, documented, implemented, and reviewed in accordance with policy
Available Products
- FortiAnalyzer
- FortiSIEM
- FortiXDR
- FortiManager
Function and Features
FortiAnalyzer provides security fabric analytics and automation to provide better detection and response against cyber risks. Provides hundreds of pre-built reports and templates which are regulation-specific to make proving compliance easy. FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improve breach detection, and even prevent breaches. FortiManager centralizes secure network management of the Fortinet Security Fabric, ensuring consistent security policies across the infrastructure.
Protective Technology (PR.PT)
Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
PR.PT-2
Removable media is protected and its use restricted according to policy
Available Products
- FortiXDR
- FortiClient
- FortiEDR
Function and Features
FortiXDR can protect against removable media by restricting execution of files from such devices wether it be 0day malware or known malware further, we can set up policy to diable USB ports on the endpoints using FortiClient EMS.
Protective Technology (PR.PT)
Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
PR.PT-3
Access to systems and assets is controlled, incorporating the principle of least functionality
Available Services
- ZTNA solutions
Available Products
- FortiGate next-gen firewall (NGFW) FortiCASB
- FortiSASE
- FortClient
- FortiAuthenticator
Function and Features
FortiClient, FortiClient EMS, FortiOS ZTNA Application Gateways and FortiAuthenticator work together to enable Zero Trust for your organization. Universal ZTNA capabilities are automatically enabled on any device or service running FortiOS 7.0 and higher. This includes hardware appliances, virtual machines in clouds, and the FortiSASE service. Fortinet ZTNA solutions grant access on a per-session basis to individual applications only after devices and users are verified. This policy is also applied when users are on the network, enabling the same zero-trust model no matter the user's location.
Protective Technology (PR.PT)
Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
PR.PT-4
Communications and control networks are protected
Available Products
- FortiGate next-gen firewall (NGFW) FortiCASB
- FortiSASE
- FortClient
- FortiWEB
- FortiADC
- FortiManager
- FortiMail
- FortiVoice
Function and Features
Fortinet products protect assets with rich macro- and micro-segmentation capabilities such as separates customer data and management domains with ADOMs for compliance and operational efficiency.
Protective Technology (PR.PT)
Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
PR.PT-5
Mechanisms (e.g., failsafe, load balancing, hot swap) are imple mented to achieve resilience requirements in normal and adverse situations
Available Products
- Application Delivery Controller and GSLB: FortiADC and FortiGSLB
- FortiManager
Function and Features
FortiADC is an advanced application delivery controller that optimizes application performance and availability while securing the application both with its own native security tools and by integrating application delivery into the Fortinet Security Fabric. Available as a Service or as a FortiADC feature, FortiGSLB is a DNS-based solution that enables you to deploy redundant resources around the globe with near instant fail-over when one resource experiences unexpected traffic spikes or downtime. FortiGSLB provides comprehensive DNS services including Domain Name System Security Extensions, and rate limiting.
DETECT (DE)
Anomalies and Events (DE.AE)
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
DE.AE-1
A baseline of network operations and expected data flows for users and systems is established and managed
Available Products
- FortiGate next-gen firewall (NGFW) FortiSASE
- FortiXDR
- FortiNDR
- FortiSIEM
Function and Features
FortiNDR uses state-of-the-art ML algorithm for profiling network traffic, baselining, and detecting anomalies. Network Detection and Response (NDR) uses artificial intelligence and other analytics to identify suspicious network activity outside of the norm, which may be an indicator of a cyber attack in progress. FortiXDR uses a Deep Learning engine to dynamically replicate a range of investigation processes with the aid of microservices that replicate the actions of expert analysts and by building and comparing UEBA and Other Baselines automatically. FortiSIEM UEBA behavioral anomaly detection is a low-overhead but high-fidelity way to gain visibility of end-to-end activity, from endpoints, to on-premises servers and network activity, to cloud applications.
Anomalies and Events (DE.AE)
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
DE.AE-2
Detected events are analyzed to understand attack targets and methods
Available Products
- FortiAnalyzer
- FortiXDR
- FortiSIEM
Function and Features
FortiAnalyzer provides security fabric analytics and automation to provide better detection and response against cyber risks. Integrated with the Fortinet Security Fabric, advanced threat detection capabilities, centralized security analytics, end-to-end security posture awareness and control, helps security teams identify and mitigate threats before a breach can occur.FortiSIEM enables unified data collection and analytics from diverse information sources including logs, performance metrics, security alerts, and configuration changes. Helps organizations by analyzing event data in real time, allowing for early discovery of data breaches and targeted attacks. FortiSIEM UEBA leverages machine learning and statistical methodologies to baseline normal behavior and incorporate real-time, actionable insights into anomalous user behavior regarding business-critical data. By combining telemetry that is pulled from endpoint sensors, network device flows, server and applications logs, and cloud APIs
Anomalies and Events (DE.AE)
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
DE.AE-3
Event data are aggregated and correlated from multiple sources and sensors
Available Products
- FortiSIEM
- FortiXDR
- FortiAnalyzer
Function and Features
FortiSIEM enables unified data collection and analytics from diverse information sources including logs, performance metrics, security alerts, and configuration changes. By combining telemetry that is pulled from endpoint sensors, network device flows, server and applications logs, and cloud APIs, FortiSIEM is able to build comprehensive profiles of users, peer groups, endpoints, applications, files, and networks.
Anomalies and Events (DE.AE)
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
DE.AE-4
Impact of events is determined
Anomalies and Events (DE.AE)
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
DE.AE-5
Incident alert thresholds are established
Available Products
- FortiXDR
- FortSIEM
- FortiNDR
- FortiSOAR
Function and Features
FortiSOAR enables full life cycle Incident Management with ability to Ability to trigger a remediation script when a specified incident occurs. It also supports• Policy-based incident notification framework• Highly flexible — any set of keys and metrics can be “baselined” • Built-in and customizable triggers on statistical anomalies.• Incident reports can be structured to provide the highest priority to critical business services and applications
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-1
The network is monitored to detect potential cybersecurity events
Available Services
- FortiGuard IPS service
- FortiGuard Inline Sandbox
- FortiGuard Anti-Virus service
- FortiGuard Outbreak Detection Service
- FortiSOCaaS
Available Products
- FortiGate next-gen firewall (NGFW) FortiNDR
- FortiSASE
- FortiAnalyzer
- FortiXDR
- FortiEDR
- FortiSIEM
Function and Features
Our broad portfolio includes converged networking and security offerings across endpoints, networks, and clouds. It enables high-performing connectivity and coordinated real-time threat detection and policy enforcement across the entire digital attack surface and lifecycle. Advanced AI automatically deliver near-real-time, user-to-application coordinated protection across the Fabric.The AI/ML-powered FortiGuard IPS Service provides near-real-time intelligence with thousands of intrusion prevention rules to detect and block known and suspicious threats. Natively integrated across the Fortinet Security Fabric, the FortiGuard IPS Service delivers rich IPS capabilities like deep packet inspection (DPI) to detect and block malicious traffic entering any network. IPS service address initial access stages of the kill chain and MITRE ATT&CK® framework. AI-based detection on 0-day Malware to protect organizations from rapidly evolving and more targeted threats across a broad digital attack surface. The combination of service and product provides a comprehensive, coordinated, integrated, and scalable approach to advanced detection and protection from file-based zero-day threats.
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-2
The physical environment is monitored to detect potential cybersecurity events
Available Products
- FortiCam/FortiRecorder
Function and Features
Get complete visual coverage inside and out with FortiCameras. With options for indoor and outdoor, vandal-proof, weatherproof, low-light night vision, fixed and motorized zoom lenses, and two-way audio, there’s a FortiCam for every environment.FortiCentral manages FortiCameras to be your eyes into Fortinet video analytics solutions including facial recognition and object detection. Fortinet’s free and comprehensive VMS gives you centralized control and optimized visibility all in one single place to monitor physical environments.
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-3
Personnel activity is monitored to detect potential cybersecurity events
Available Services
- FortiGate DLP
- FortiGuard CASB Service
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiDeceptor
- FortiCASB
- FortiClient
- FortiNDR
- FortiSASE
- FortiXDR
- FortiEDR
- FortiPAM
- FortiSIEM
Function and Features
Our broad portfolio includes converged networking and security offerings across endpoints, networks, and clouds. It enables high-performing connectivity and coordinated real-time threat detection and policy enforcement across the entire digital attack surface and lifecycle.FortiNDR enables full-lifecycle network protection, detection, and response. It leverages AI, ML, behavioral, and human analysis to analyze network traffic so security teams can spot attacker behavior and remediate the threat.Based on deception technology, FortiDeceptor complements an organization’s existing breach protection strategy. As a pro-active security solution, it is designed to deceive, expose and eliminate external and internal threats early in the attack kill chain before any significant damage occurs. FortiDeceptor Anti-Reconnaissance and Anti-Exploit Service (ARAE) correlates attacker activities to detect any later movement in the netowork segments.FortiXDR helps with Cross-product incident identification, the correlated telemetry collected across the Security Fabric to identify potential cybersecurity incidents. Fortinet continually trains a neural network-based decision engine to replicate the steps an expert SOC analyst would take to investigate and classify potential incidents with the aid of microservices.
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-4
Malicious code is detected
Available Services
- FortiGuard Inline Sandbox
- FortiGuard Anti-Virus service
- FortiGuard IPS service
Available Products
- FortiGate next-gen firewall (NGFW)
- FortiSandbox
- FortiClient
- FortiNDR
- FortiSASE
- FortiXDR
- FortiEDR
Function and Features
Full-spectrum protection against unknown and newly discovered threats in near real time natively integrated across the Fortinet Security Fabric. This enables fast, coordinated detection and enforcement across the entire attack surface. Risk is continually assessed and the Security Fabric automatically adjusts to counter the latest known and unknown threats in real time. It is able to close security gaps with context-aware, consistent security policies for users and applications in hybrid deployments across the network, endpoints, and clouds.FortiGuard Inline Sandbox: This innovation transforms a traditional detection sandbox capability into real-time in-network prevention to stop both known and unknown malware, with minimal impact on operations. The result is better ransomware protection when compared to solutions that allow suspicious files into the network and then must chase down malware once it's been identified. The FortiGuard Sandbox Service and related sandbox portfolio are integrated accross the Fabric solutions.FortiGuard AntiVirus (AV): FortiGuard Antivirus delivers automated updates that protect against the latest polymorphic attacks, viruses, spyware, and other content-level threats. Based on patented Content Pattern Recognition Language (CPRL), the anti-malware engine is designed to prevent known and previously unknown malware variants.
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-5
Unauthorized mobile code is detected
Available Services
- FortiGuard Inline Sandbox
- FortiGuard Anti-Virus service
- FortiGuard IPS service
Available Products
- FortiGate next-gen firewall (NGFW) FortiClient
- FortiNDR
- FortiSASE
- FortiXDR
- FortiEDR
- FortiSandbox
Function and Features
FortiGuard Sandbox provides AI-based detection on 0-day Malware to protect organizations from rapidly evolving and more targeted threats including ransomware, crypto-malware, and others across a broad digital attack surface.Sandboxing solutions from Fortinet detect and analyze zero-day malware and other advanced file-based threats. The combination of service and product provides a comprehensive, coordinated, integrated, and scalable approach to advanced detection and protection from file-based zero-day threats.
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-6
External service provider activity is monitored to detect potential cybersecurity events
Available Services
- FortiGuard IPS service
- FortiGuard Anti-Virus service
Available Products
- FortiGate next-gen firewall (NGFW) FortiClient
- FortiNDR
- FortiSASE
- FortiXDR
- FortiEDR
- FortiSIEM
- FortiAnalyzer
- FortiRecon
Function and Features
The FortiGuard labs collect the IOC indicators and combine them into a package on a daily basis for delivery to Fortinet products via the FDN (Fortiguard distribution network). The Indicators of Compromise (IOC) service is available for FortiAnalyzer, FortiGate Cloud, and FortiSIEM.FortiRecon, supported by threat experts from FortiGuard Labs, now delivers enhanced proactive threat intelligence into critical risks associated with supply chain vendors and partners, including external exposed assets, leaked data, and ransomware attack intelligence.
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-7
Monitoring for unauthorized personnel, connections, devices, and software is performed
Available Products
- FortiGate next-gen firewall (NGFW) FortiClient
- FortiXDR
- FortiEDR
- FortiSIEM
- FortiDeceptor
Function and Features
FortiSIEM Agent-based UEBA telemetry allows for the collection of high fidelity user-based activity that includes User, Process, Device, Resource, and Behavior. Using an agent-based approach allows for the collection of telemetry when the endpoint is on and off the corporate network, providing a more complete view of user activity. UEBA telemetry allows for the identification of unknown bad activities that can be alerted and acted upon.When an attacker engages with deception assets, for example, fake files on an endpoint, or if malware tries to encrypt fake file, FortiDeceptor can neutralize the attack by automatically isolating any compromised endpoint. This prevents the attack from spreading and stops communication with a C&C server. This can be done using FortiDeceptor’s built-in, automated attack quarantine capabilities or by sending an alert to SIEM/SOAR for an orchestrated response.
Security Continuous Monitoring (DE.CM)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
DE.CM-8
Vulnerability scans are performed
Available Services
- FortiGuard Endpoint Vulnerability Protection Service
- FortiGuard CASB Service
Available Products
- FortiClient
- FortiSASE
- FortiDevSec
- FortiCNP
Function and Features
Security rating checks analyze the Security Fabric deployment to identify potential vulnerabilities and highlight best practices to improve the network configuration, deploy new hardware and software, and increase visibility and control of the network.Fortinet provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface within an organization and helping meet regulatory compliance. FortiGuard CASB service leverages predefined reports for standards including SOX, GDPR, PCI DSS, HIPAA, NIST, and ISO 27001.FortiDevSec offers comprehensive SaaS-based continuous application testing solution enables developers to detect and remediate security vulnerabilities within the DevOps continuous integration/continuous delivery/deployment (CI/CD) lifecycle.FortiCNP protects against vulnerabilities in container images and registries throughout the application lifecycle.
Detection Processes (DE.DP)
Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
DE.DP-1
Roles and responsibilities for detection are well defined to ensure accountability
Available Products
- FortiSOAR
Function and Features
FortiSOAR playbooks helps in creation of smart automated workflows which supports operations in regional and global SOC environments. Case investigations could be asigned to a role and can be used to track history and updates on it. A built-in advanced visual dashboard enables customers to easily create dashboards specific to a role within security operations. FortiSOAR provides reports for Incident Closure, Incident Summary, Weekly Alert and Incident Progress, IOC Summary, and many others which can help in esuring accountibility plus ensures SOC teams have the best tools to optimize their time and resources.
Detection Processes (DE.DP)
Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
DE.DP-2
Detection activities comply with all applicable requirements
Detection Processes (DE.DP)
Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
DE.DP-3
Detection processes are tested
Detection Processes (DE.DP)
Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
DE.DP-4
Event detection information is communicated to appropriate parties
Available Products
- FortiSOAR
- FortiSIEM
- FortiXDR
- FortiAnalyzer
Function and Features
Automated threat detection, triage and threat prioritization triggers real-time alerts to security teams. Alerts are delivered as attack detection, including underlying events and historical context that led to the detection, possible triggers, root causes, business impacts. Staff and analyst efficiency are improved because they receive the right information and detection in reduced time using a patented and distributed correlation engine to detect incidents. FortiGuard
Detection Processes (DE.DP)
Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
DE.DP-5
Detection processes are continuously improved
Available Services
- FortiGuard Inline Sandbox
- FortiGuard Anti-Virus service
- FortiGuard IPS service
Available Products
- FortiNDR
- FortiXDR
- FortiSOAR
- FortiSIEM
- FortiSandbox
Function and Features
FortiGuard Threat Intelligence and Indicators of Compromise (IOC) and Threat Intelligence (TI) feeds from commercial, open source, and custom data sources integrate easily into the security TI framework. This grand unification of diverse sources of data enables organizations to rapidly identify root causes of threats, and take the steps necessary to remediate and prevent them in the future. Steps can often be automated with new Threat Mitigation Libraries for many Fortinet products.
RESPOND (RS)
Response Planning (RS.RP)
Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.
RS.RP-1
Response plan is executed during or after an event
Available Services
- FortiGuard Incident Response Services
Available Products
- FortiSOAR
Function and Features
FortiSOAR offers a dedicated crisis management framework, Role-Based, Streamlined Incident Management, Visual Playbook Builder, Crisis Management with Incident War Room, Threat Intel Management, Dashboards and Reporting to measure, track, and analyze investigations and SOC performance granularly with quantifiable metrics. All the features are designed for SOC teams to efficiently respond to the ever-increasing influx of alerts, repetitive manual processes, and shortage of resources. Customizable security operations platform provides automated playbooks and incident triaging, and real-time remediation for enterprises to identify, defend, and counter attacks. This results in faster responses, streamlined containment, and reduced mitigation times, from hours to seconds.FortiGuard Incident Response Services can also deliver critical services before/during/after a security incident. Our experts arm your team with fast detection, investigation, containment, and return to safe operation.
Communications (RS.CO)
Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
RS.CO-1
Personnel know their roles and order of operations when a response is needed
Available Services
- FortiGuard SOC Incident Readiness Services
- Security Awareness Training Service
Available Products
- FortiSOAR
Function and Features
Our incident readiness exercises are designed from the ground up by our FortiGuard Labs team. Based on hands -on experience with real-world attacks, they are highly effective.Our team will work with yours to prioritize activities based on risks, desired goals, and maturity level to build a sustainable plan customized for your organization. We offer IR readiness, playbook development, and tabletop exercises.Practice will enable your organization to respond faster and more effectively to attacks, while providing a structural framework for prioritizing cybersecurity actions and investments. Real world Table top exercise helps to be better prepared with prescriptive actions and an incident response action plan to train personnel and prioritize cybersecurity actions and education.
Communications (RS.CO)
Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
RS.CO-2
Events are reported consistent with established criteria
Available Products
- FortiSOAR
Function and Features
FortiSOAR’s Enterprise Role-Based Incident Management solution provides organizations with robust field level role based access control to manage sensitive data in accordance with SOC policies and guidelines. The FortiSOAR mobile app adds a new dimension to the incident management and allows users to take actions like monitoring alert queue, triggering important playbooks, and providing critical approvals on the go.
Communications (RS.CO)
Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
RS.CO-3
Information is shared consistent with response plans
Available Products
- FortiSOAR
Function and Features
FortiSOAR seamlessly integrates with other vendors and technologies and offers a built-in connector builder wizard to build new connectors easily or edit the ones already there, providing unparalleled visibility and control across your network through Security Orchestration, Automation, and Response (SOAR).
Communications (RS.CO)
Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
RS.CO-4
Coordination with stakeholders occurs consistent with response plans
Available Products
- FortiSOAR
Function and Features
FortiSOAR offers a dedicated crisis management framework, the Incident War Room, which can be used for streamlining and collaborative P1 incident investigations. Any critical incident can be a trigger to start a war room around it and quickly gather in team members across the board. It has built-in access control to ensure who gets to see what, task management for assigning, monitoring, and organizing the investigation, dedicated collaboration facility that can work in sync with external collaboration tools like MS teams, Slack, Zoom, and much more. Purpose-built for crisis management, it takes care of other important elements like Announcements board and a dedicated Reporting section.
Communications (RS.CO)
Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
RS.CO-5
Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness
Available Services
- The Cyber Threat Alliance
- Fortinet Threat Intelligence Platform- FortiGuard Labs
Function and Features
Fortinet security products are armed with the best threat identification and protection information available, including the latest threats, campaigns, bad actors, and trends. This threat research allows our customers to take proactive measures to better secure their organizations.Fortinet enables real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. Some highlights are below;•Co-founded the Cyber Threat Alliance (CTA).•Co-founder of the World Economic Forum’s Center for Cybersecurity.•Member of the computer incident response organization.•Contributor to the development of STIX/TAXII protocols, as well as the MISP platform. •Receives and processes over 200 individual sources of threat intelligence from partners
Analysis (RS.AN)
Analysis is conducted to ensure adequate response and support recovery activities.
RS.AN-1
Notifications from detection systems are investigated
Available Products
- FortiSOAR
Function and Features
FortiSOAR’s Enterprise Role-Based Incident Management solution provides organizations with robust field level role based access control to manage sensitive data in accordance with SOC policies and guidelines. Analysts can easily manage alerts and incidents in a customizable filter grid view with automated filtering, to keep analysts focused on real threats. Execute dynamic actions and playbooks on alerts and incidents and analyze correlated threat data in an intuitive user interface. Analysts can easily navigate FortiSOAR through the application’s rich user experience and execute actions like viewing and reassigning records, providing approvals, triggering important playbooks, and monitoring alert queues.
Analysis (RS.AN)
Analysis is conducted to ensure adequate response and support recovery activities.
RS.AN-2
The impact of the incident is understood
Analysis (RS.AN)
Analysis is conducted to ensure adequate response and support recovery activities.
RS.AN-3
Forensics are performed
Available Services
- FortiClient Forecsics Service
Available Products
- FortiClient
- FortiSOAR
- FortiXDR
Function and Features
FortiSOAR delivers Enhanced Threat Intelligence Management Support leveraging its deep integration with FortiGuard offering unrestricted lookup of indicator reputations, threat categories, and Threat Encyclopedia access. Ingestion of structured and unstructured feeds is supported with the ability to import indicators from CSV/STIX files and exporting indicators in STIX format. Analysts can also manage indicators more easily with TLP (Traffic Light Protocol) for indicator sharing, indicator expiry, and exclusion lists. FortiSOAR also includes multiple out-of box playbooks for sharing indicators with standard SIEM and UEBA products.FortiClient Forensic Service provides analysis to help endpoint customers respond to and recover from cyber incidents. For each engagement, forensic analysts from Fortinet’s FortiGuard Labs will assist in the collection, examination, and presentation of digital evidence, including a final, detailed report. FortiClient subscriptions that include Forensic Services entitle the customer to call on these forensic experts whenever an event happens, offloading internal teams and accelerating investigations by analysts deeply familiar with the tools of endpoint security.
Analysis (RS.AN)
Analysis is conducted to ensure adequate response and support recovery activities.
RS.AN-4
Incidents are categorized consistent with response plans
Available Products
- FortiSOAR
Function and Features
Fortinet provides a straightforward remediation framework that enables each organization to predefine, in a granular way, the appropriate steps to be taken based on classification, individual/group, and other considerations. FortiSOAR and FortiXDR helps you manage all aspects of the incident lifecycle:• Enterprise-grade customizable incident management enables SOC analysts to efficiently investigate alerts and better understand, review, and manage incidents• Threat Intel Management framework to manage a myriad of threat feeds, to create, consume, and share actionable threat intelligence to improve threat detection, and to automate incident investigations.
Mitigation (RS.MI)
Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.
RS.MI-1
Incidents are contained
Available Services
- FortiGuard Incident Response
Available Products
- FortiSOAR
- FortiXDR
- FortiEDR
Function and Features
In the event of a security incident, FortiEDR and FortiXDR can protect data on compromised devices and defuse threats in real time to prevent data exfiltration, and ransomware attacks. Further, automated capabilities will roll back any malicious changes. detects other file-less attacks to stop breaches in real time. It also reduces the attack surface and remotely remediates affected endpoints.FortiSOAR's Enterprise-grade customizable incident management enables SOC analysts to efficiently investigate alerts and better understand, review, and manage incidents.
Mitigation (RS.MI)
Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.
RS.MI-2
Incidents are mitigated
Available Services
- FortiGuard Incident Response
Available Products
- FortiXDR
- FortiSOAR
- FortiEDR
- FortiAnalyzer
Function and Features
FortiSOAR optimizes SOC team productivity by seamlessly integrating with over 350+ security platforms and 3000+ actions. This solution results in faster responses, streamlined containment, and reduced mitigation times, from hours to seconds.FortiGuard Incident Response Services deliver critical services before/during/after a security incident. Our experts arm your team with fast detection, investigation, containment, and return to safe operation.As part of the Fortinet Security Fabric, FortiAnalyzer provides security analytics and automation to provides better detection and response against cyber risks. FortiOS, Fabric Automation stitches automates the activities between the different components in the Security Fabric, decreasing the response times to security events. Events from any source in the Security Fabric can be monitored, and action responses can be set up to any destination.
Mitigation (RS.MI)
Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.
RS.MI-3
Newly identified vulnerabilities are mitigated or documented as accepted risks
Available Products
- Next-Generation Firewall (NGFW)
- FortiClient
- FortiSASE
- FortiXDR
Function and Features
The FortiGuard IPS Service provides rich IPS capabilities like deep packet inspection (DPI) and virtual patching to detect and block malicious traffic entering your network. It automatically creates and shares a new prevention control to your Next-Generation Firewalls, without human intervention. Fortinet FortiGuard Antivirus delivers automated updates that protect against the latest polymorphic attacks, viruses, spyware, and other content-level threats. the anti-malware engine is designed to prevent known and previously unknown malware variants.
Improvements (RS.IM)
Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.
RS.IM-1
Response plans incorporate lessons learned
Available Services
- FortiGuard Response Readiness
Available Products
- FortiSOAR
Function and Features
FortiSOAR’s ML-powered Recommendation Engine predicts various fields such as severity, asset, user, based on previously identified cases, aiding the SOC analyst in grouping and linking them together to identify duplicates and campaigns involving similar alerts, common threats, and entities.
Improvements (RS.IM)
Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.
RS.IM-2
Response strategies are updated
Available Services
- FortiGuard Response Readiness
Available Products
- FortiSOAR
Function and Features
The FortiSOAR Incident Response Content Pack enables Analysts and Users to experience the power of FortiSOAR’s incident response. Built with a modular architecture, the Incident Response Content Pack is the implementation of best practices to configure and implement an efficient Security Orchestration, Automation, and Response solution.
RECOVER (RC)
Recovery Planning (RC.RP)
Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.
RC.RP-1
Recovery plan is executed during or after an event
Available Services
- FortiGuard Response Readiness
Available Products
- FortiSOAR
- FortiXDR
Function and Features
FortiSOAR’s Enterprise Role-Based Incident Management solution provides analysts with rich threat intel and they can execute actions like viewing and reassigning records, providing approvals, triggering important playbooks, and monitoring alert queues.
Improvements (RC.IM)
Recovery planning and processes are improved by incorporating lessons learned into future activities.
RC.IM-1
Recovery plans incorporate lessons learned
Available Services
- FortiGuard SOC Incident Readiness Services
Function and Features
Our incident readiness exercises are designed from the ground up by our FortiGuard Labs team. Based on hands -on experience with real-world attacks, they are highly effective.Our team will work with yours to prioritize activities based on risks, desired goals, and maturity level to build a sustainable plan customized for your organization. We offer IR readiness, playbook development, and tabletop exercises.
Improvements (RC.IM)
Recovery planning and processes are improved by incorporating lessons learned into future activities.
RC.IM-2
Recovery strategies are updated
Available Services
- FortiGuard Incident Response Services
Function and Features
FortiGuard Incident Response Services deliver critical services before/during/after a security incident. Our experts arm your team with fast detection, investigation, containment, and return to safe operation. To remediate a security event, we make some key determinations including: To contain, eradicate, and repair
Communications (RC.CO)
Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.
RC.CO-1
Public relations are managed
Communications (RC.CO)
Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.
RC.CO-2
Reputation after an event is repaired
Available Services
- FortiRecon BP
Available Products
- FortiRecon
Function and Features
FortiRecon is a Digital Risk Protection Service (DRPS) product that provides an outside-the-network view to the risks posed to your enterprise. With inbuilt, Brand Protection feature- It helps to detect web-based typo-squatting, defacements, and phishing impersonations, as well as rogue mobile apps, credential leaks, and brand impersonation in social media.
Communications (RC.CO)
Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.
RC.CO-3
Recovery activities are communicated to internal stakeholders and executive and management teams
Available Services
- Fortinet Security Awareness
- and Training Service
Function and Features
Comprehensive SaaS-based Solution with content incorporating threat intelligence insights from FortiGuard Labs, the service arms employees with the latest knowledge, guidance, and tips to make smarter choices when confronted by cyber attacks and other risks to your organization. Helps to ensure courseware and communications are timely and informed by developments observed across the threat landscape.
Additional Resources
NIST CSF Framework
https://www.nist.gov/cyberframework/cybersecurity-framework-components-
NIST CSF Quick Start Guide
https://www.nist.gov/cyberframework/csf-11-quick-start-guide The Five Functions PPT
https://www.nist.gov/document/thefivefunctionspptxBenefits and uses of the framework
https://www.nist.gov/cyberframework/uses-and-benefits-framework