← Back to catalog
PM-16

Threat Awareness Program

Program Management (PM)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence.

Discussion

Because of the constantly changing and increasing sophistication of adversaries, especially the advanced persistent threat (APT), it may be more likely that adversaries can successfully breach or compromise organizational systems. One of the best techniques to address this concern is for organizations to share threat information, including threat events (i.e., tactics, techniques, and procedures) that organizations have experienced, mitigations that organizations have found are effective against certain types of threats, and threat intelligence (i.e., indications and warnings about threats). Threat information sharing may be bilateral or multilateral. Bilateral threat sharing includes government-to-commercial and government-to-government cooperatives. Multilateral threat sharing includes organizations taking part in threat-sharing consortia. Threat information may require special agreements and protection, or it may be freely shared.

Implementation guidance

No content available.

CSF 2.0 crosswalk
DE.AE-03Information is correlated from multiple sourcesDetect
DE.AE-06Information on adverse events is provided to authorized staff and toolsDetect
DE.AE-07Cyber threat intelligence and other contextual information are integrated into the analysisDetect
ID.RA-02Cyber threat intelligence is received from information sharing forums and sourcesIdentify
ID.RA-03Internal and external threats to the organization are identified and recordedIdentify
ID.RA-05Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritizationIdentify