NIST CSF 2.0 Mapping (Static Site)
Purpose
Map Riksdagsmonitor security controls to NIST Cybersecurity Framework 2.0 functions.
Core Functions
IDENTIFY (ID)
ID.AM - Asset Management
-
Repository: Hack23/riksdagsmonitor
-
Domain: riksdagsmonitor.com
-
Hosting: GitHub Pages CDN
-
Content: 14 HTML files, CSS, images
ID.RA - Risk Assessment
-
Annual threat modeling (STRIDE)
-
Dependency vulnerability scanning
-
Security header audits
ID.GV - Governance
-
ISMS policies (Hack23 ISMS-PUBLIC)
-
Secure Development Policy
-
Access control procedures
PROTECT (PR)
PR.AC - Access Control
-
GitHub MFA required
-
Branch protection enabled
-
Required PR reviews
PR.DS - Data Security
-
HTTPS-only (TLS 1.3)
-
No cookies/tracking
-
Public data classification
PR.IP - Protective Technology
-
Security headers (CSP, HSTS, X-Frame-Options)
-
Dependabot scanning
-
Secret scanning enabled
DETECT (DE)
DE.CM - Monitoring
-
GitHub audit logs
-
Dependabot alerts
-
CodeQL scanning
DE.AE - Adverse Events
-
Security advisory monitoring
-
Failed workflow notifications
-
Deployment monitoring
RESPOND (RS)
RS.AN - Analysis
-
Incident classification (CRITICAL/HIGH/MEDIUM/LOW)
-
Root cause analysis
-
Security advisory review
RS.MI - Mitigation
-
Rollback via git revert
-
PR closure for vulnerabilities
-
Emergency deployment procedures
RECOVER (RC)
RC.RP - Recovery Planning
-
Git version history (complete backup)
-
Repository mirroring
-
Deployment rollback
RC.CO - Communications
-
Security contact: security@hack23.com
-
Status updates via GitHub
-
Post-incident reports
Implementation Checklist
-
✅ Asset inventory (ID.AM)
-
✅ Access controls (PR.AC)
-
✅ Monitoring enabled (DE.CM)
-
✅ Incident procedures (RS)
-
✅ Recovery plan (RC)
References
-
NIST CSF 2.0: https://www.nist.gov/cyberframework
-
SECURITY_ARCHITECTURE.md: Security controls