{
"type": "FeatureCollection",
"name": "5.12_Cybersecurity_(detail)",
"crs": { "type": "name", "properties": { "name": "urn:ogc:def:crs:OGC:1.3:CRS84" } },
"features": [
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 1", "Control_Name": "Access Control", "Control_Family_Code": "AC", "Definition": "Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.", "Compliance_Score": 18, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 1 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 2", "Control_Name": "Awareness and Training ", "Control_Family_Code": "AT", "Definition": "The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.", "Compliance_Score": 23, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 2 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 3", "Control_Name": "Audit and Accountability", "Control_Family_Code": "AU", "Definition": null, "Compliance_Score": 32, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 3 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 4", "Control_Name": "Assessment, Authorization, and Monitoring", "Control_Family_Code": "CA", "Definition": null, "Compliance_Score": 71, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 4 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 5", "Control_Name": "Configuration Management", "Control_Family_Code": "CM", "Definition": null, "Compliance_Score": 77, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 5 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 6", "Control_Name": "Contingency Planning", "Control_Family_Code": "CP", "Definition": null, "Compliance_Score": 76, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 6 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 7", "Control_Name": "Identification and Authentication", "Control_Family_Code": "IA", "Definition": null, "Compliance_Score": 21, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 7 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 8", "Control_Name": "Incident Response", "Control_Family_Code": "IR", "Definition": null, "Compliance_Score": 68, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 8 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 9", "Control_Name": "Maintenance", "Control_Family_Code": "MA", "Definition": "Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.", "Compliance_Score": 48, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 9 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 10", "Control_Name": "Media Protection", "Control_Family_Code": "MP", "Definition": null, "Compliance_Score": 41, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 10 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 11", "Control_Name": "Phyical and Environmental Protection", "Control_Family_Code": "PE", "Definition": null, "Compliance_Score": 66, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 11 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 12", "Control_Name": "Planning", "Control_Family_Code": "PL", "Definition": null, "Compliance_Score": 45, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 12 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 13", "Control_Name": "Program Management", "Control_Family_Code": "PM", "Definition": null, "Compliance_Score": 80, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 13 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 14", "Control_Name": "Personnel Security", "Control_Family_Code": "PS", "Definition": null, "Compliance_Score": 83, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 14 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 15", "Control_Name": "PII Processing and Transperancy", "Control_Family_Code": "PT", "Definition": null, "Compliance_Score": 67, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 15 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 16", "Control_Name": "Risk Assessment", "Control_Family_Code": "RA", "Definition": "The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.", "Compliance_Score": 67, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 16 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 17", "Control_Name": "System and Services Acquisition", "Control_Family_Code": "SA", "Definition": null, "Compliance_Score": 54, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 17 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 18", "Control_Name": "System and Communication Protection", "Control_Family_Code": "SC", "Definition": null, "Compliance_Score": 60, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 18 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 19", "Control_Name": "System and Information Integrity", "Control_Family_Code": "SI", "Definition": null, "Compliance_Score": 67, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 19 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2022, "Date": "2022-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 20", "Control_Name": "Supply Chain Risk Management", "Control_Family_Code": "SR", "Definition": "The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.", "Compliance_Score": 61, "Reporting_Date": "2022-12-31T07:00:00Z", "ObjectId": 20 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 1", "Control_Name": "Access Control", "Control_Family_Code": "AC", "Definition": "Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.", "Compliance_Score": 72, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 21 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 2", "Control_Name": "Awareness and Training ", "Control_Family_Code": "AT", "Definition": "The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.", "Compliance_Score": 82, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 22 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 3", "Control_Name": "Audit and Accountability", "Control_Family_Code": "AU", "Definition": null, "Compliance_Score": 52, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 23 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 4", "Control_Name": "Assessment, Authorization, and Monitoring", "Control_Family_Code": "CA", "Definition": null, "Compliance_Score": 71, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 24 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 5", "Control_Name": "Configuration Management", "Control_Family_Code": "CM", "Definition": null, "Compliance_Score": 74, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 25 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 6", "Control_Name": "Contingency Planning", "Control_Family_Code": "CP", "Definition": null, "Compliance_Score": 73, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 26 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 7", "Control_Name": "Identification and Authentication", "Control_Family_Code": "IA", "Definition": null, "Compliance_Score": 87, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 27 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 8", "Control_Name": "Incident Response", "Control_Family_Code": "IR", "Definition": null, "Compliance_Score": 64, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 28 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 9", "Control_Name": "Maintenance", "Control_Family_Code": "MA", "Definition": "Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.", "Compliance_Score": 46, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 29 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 10", "Control_Name": "Media Protection", "Control_Family_Code": "MP", "Definition": null, "Compliance_Score": 31, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 30 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 11", "Control_Name": "Phyical and Environmental Protection", "Control_Family_Code": "PE", "Definition": null, "Compliance_Score": 58, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 31 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 12", "Control_Name": "Planning", "Control_Family_Code": "PL", "Definition": null, "Compliance_Score": 72, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 32 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 13", "Control_Name": "Program Management", "Control_Family_Code": "PM", "Definition": null, "Compliance_Score": 68, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 33 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 14", "Control_Name": "Personnel Security", "Control_Family_Code": "PS", "Definition": null, "Compliance_Score": 73, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 34 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 15", "Control_Name": "PII Processing and Transperancy", "Control_Family_Code": "PT", "Definition": null, "Compliance_Score": 77, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 35 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 16", "Control_Name": "Risk Assessment", "Control_Family_Code": "RA", "Definition": "The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.", "Compliance_Score": 67, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 36 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 17", "Control_Name": "System and Services Acquisition", "Control_Family_Code": "SA", "Definition": null, "Compliance_Score": 74, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 37 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 18", "Control_Name": "System and Communication Protection", "Control_Family_Code": "SC", "Definition": null, "Compliance_Score": 76, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 38 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 19", "Control_Name": "System and Information Integrity", "Control_Family_Code": "SI", "Definition": null, "Compliance_Score": 60, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 39 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2021, "Date": "2021-12-31T07:00:00Z", "Control_Set": "NIST SP 800-53 (Rev. 5)", "Control": "NIST 20", "Control_Name": "Supply Chain Risk Management", "Control_Family_Code": "SR", "Definition": "The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.", "Compliance_Score": 63, "Reporting_Date": "2021-12-31T07:00:00Z", "ObjectId": 40 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 1", "Control_Name": "Asset Management", "Control_Family_Code": null, "Definition": "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.", "Compliance_Score": 63, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 41 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 2", "Control_Name": "Business Environment", "Control_Family_Code": null, "Definition": "The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.", "Compliance_Score": 92, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 42 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 3", "Control_Name": "Governance", "Control_Family_Code": null, "Definition": "The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.", "Compliance_Score": 73, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 43 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 4", "Control_Name": "Risk Assessment", "Control_Family_Code": null, "Definition": "The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.", "Compliance_Score": 63, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 44 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 5", "Control_Name": "Risk Management Strategy", "Control_Family_Code": null, "Definition": "The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.", "Compliance_Score": 73, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 45 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 6", "Control_Name": "Supply Chain Risk Management", "Control_Family_Code": null, "Definition": "The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.", "Compliance_Score": 46, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 46 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 7", "Control_Name": "Identity Management, Authentication and Access", "Control_Family_Code": null, "Definition": "Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.", "Compliance_Score": 74, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 47 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 8", "Control_Name": "Awareness and Training", "Control_Family_Code": null, "Definition": "The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.", "Compliance_Score": 76, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 48 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 9", "Control_Name": "Data Security", "Control_Family_Code": null, "Definition": "Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.", "Compliance_Score": 56, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 49 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 10", "Control_Name": "Information Protection Processes and Procedures", "Control_Family_Code": null, "Definition": "Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.", "Compliance_Score": 89, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 50 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 11", "Control_Name": "Maintenance", "Control_Family_Code": null, "Definition": "Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.", "Compliance_Score": 45, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 51 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 12", "Control_Name": "Protective Technology", "Control_Family_Code": null, "Definition": "Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.", "Compliance_Score": 44, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 52 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 13", "Control_Name": "Anomalies and Events", "Control_Family_Code": null, "Definition": "Anomalous activity is detected in a timely manner and the potential impact of events is understood.", "Compliance_Score": 50, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 53 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 14", "Control_Name": "Security Continuous Monitoring", "Control_Family_Code": null, "Definition": "The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.", "Compliance_Score": 68, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 54 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 15", "Control_Name": "Detection Processes", "Control_Family_Code": null, "Definition": "Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.", "Compliance_Score": 50, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 55 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 16", "Control_Name": "Response Planning", "Control_Family_Code": null, "Definition": "Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.", "Compliance_Score": 80, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 56 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 17", "Control_Name": "Internal Communications", "Control_Family_Code": null, "Definition": "Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies", "Compliance_Score": 60, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 57 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 18", "Control_Name": "Incident Analysis", "Control_Family_Code": null, "Definition": "Analysis is conducted to ensure adequate response and support recovery activities.", "Compliance_Score": 54, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 58 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 19", "Control_Name": "Mitigation", "Control_Family_Code": null, "Definition": "Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.", "Compliance_Score": 67, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 59 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 20", "Control_Name": "Recovery Plan Improvements", "Control_Family_Code": null, "Definition": "Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.", "Compliance_Score": 50, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 60 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 21", "Control_Name": "Recovery Planning", "Control_Family_Code": null, "Definition": "Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.", "Compliance_Score": 30, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 61 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 22", "Control_Name": "Response Plan Improvements", "Control_Family_Code": null, "Definition": "Recovery planning and processes are improved by incorporating lessons learned into future activities.", "Compliance_Score": 70, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 62 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2020, "Date": "2020-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 23", "Control_Name": "External Communications", "Control_Family_Code": null, "Definition": "Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.", "Compliance_Score": 80, "Reporting_Date": "2020-12-31T07:00:00Z", "ObjectId": 63 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 1", "Control_Name": "Asset Management", "Control_Family_Code": null, "Definition": "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.", "Compliance_Score": 63, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 64 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 2", "Control_Name": "Business Environment", "Control_Family_Code": null, "Definition": "The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.", "Compliance_Score": 92, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 65 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 3", "Control_Name": "Governance", "Control_Family_Code": null, "Definition": "The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.", "Compliance_Score": 73, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 66 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 4", "Control_Name": "Risk Assessment", "Control_Family_Code": null, "Definition": "The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.", "Compliance_Score": 58, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 67 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 5", "Control_Name": "Risk Management Strategy", "Control_Family_Code": null, "Definition": "The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.", "Compliance_Score": 67, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 68 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 6", "Control_Name": "Supply Chain Risk Management", "Control_Family_Code": null, "Definition": "The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.", "Compliance_Score": 34, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 69 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 7", "Control_Name": "Identity Management, Authentication and Access", "Control_Family_Code": null, "Definition": "Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.", "Compliance_Score": 71, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 70 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 8", "Control_Name": "Awareness and Training", "Control_Family_Code": null, "Definition": "The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.", "Compliance_Score": 76, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 71 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 9", "Control_Name": "Data Security", "Control_Family_Code": null, "Definition": "Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.", "Compliance_Score": 56, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 72 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 10", "Control_Name": "Information Protection Processes and Procedures", "Control_Family_Code": null, "Definition": "Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.", "Compliance_Score": 89, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 73 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 11", "Control_Name": "Maintenance", "Control_Family_Code": null, "Definition": "Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.", "Compliance_Score": 45, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 74 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 12", "Control_Name": "Protective Technology", "Control_Family_Code": null, "Definition": "Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.", "Compliance_Score": 44, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 75 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 13", "Control_Name": "Anomalies and Events", "Control_Family_Code": null, "Definition": "Anomalous activity is detected in a timely manner and the potential impact of events is understood.", "Compliance_Score": 50, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 76 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 14", "Control_Name": "Security Continuous Monitoring", "Control_Family_Code": null, "Definition": "The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.", "Compliance_Score": 66, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 77 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 15", "Control_Name": "Detection Processes", "Control_Family_Code": null, "Definition": "Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.", "Compliance_Score": 50, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 78 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 16", "Control_Name": "Response Planning", "Control_Family_Code": null, "Definition": "Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.", "Compliance_Score": 60, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 79 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 17", "Control_Name": "Internal Communications", "Control_Family_Code": null, "Definition": "Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies", "Compliance_Score": 60, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 80 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 18", "Control_Name": "Incident Analysis", "Control_Family_Code": null, "Definition": "Analysis is conducted to ensure adequate response and support recovery activities.", "Compliance_Score": 54, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 81 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 19", "Control_Name": "Mitigation", "Control_Family_Code": null, "Definition": "Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.", "Compliance_Score": 67, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 82 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 20", "Control_Name": "Recovery Plan Improvements", "Control_Family_Code": null, "Definition": "Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.", "Compliance_Score": 50, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 83 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 21", "Control_Name": "Recovery Planning", "Control_Family_Code": null, "Definition": "Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.", "Compliance_Score": 30, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 84 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 22", "Control_Name": "Response Plan Improvements", "Control_Family_Code": null, "Definition": "Recovery planning and processes are improved by incorporating lessons learned into future activities.", "Compliance_Score": 70, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 85 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2019, "Date": "2019-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 23", "Control_Name": "External Communications", "Control_Family_Code": null, "Definition": "Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.", "Compliance_Score": 80, "Reporting_Date": "2019-12-31T07:00:00Z", "ObjectId": 86 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 1", "Control_Name": "Asset Management", "Control_Family_Code": null, "Definition": "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.", "Compliance_Score": 63, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 87 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 2", "Control_Name": "Business Environment", "Control_Family_Code": null, "Definition": "The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.", "Compliance_Score": 92, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 88 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 3", "Control_Name": "Governance", "Control_Family_Code": null, "Definition": "The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.", "Compliance_Score": 60, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 89 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 4", "Control_Name": "Risk Assessment", "Control_Family_Code": null, "Definition": "The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.", "Compliance_Score": 57, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 90 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 5", "Control_Name": "Risk Management Strategy", "Control_Family_Code": null, "Definition": "The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.", "Compliance_Score": 67, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 91 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 7", "Control_Name": "Access Control", "Control_Family_Code": null, "Definition": "Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.", "Compliance_Score": 28, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 92 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 8", "Control_Name": "Awareness and Training", "Control_Family_Code": null, "Definition": "The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.", "Compliance_Score": 80, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 93 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 9", "Control_Name": "Data Security", "Control_Family_Code": null, "Definition": "Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.", "Compliance_Score": 54, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 94 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 10", "Control_Name": "Information Protection", "Control_Family_Code": null, "Definition": "Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.", "Compliance_Score": 68, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 95 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 11", "Control_Name": "Maintenance", "Control_Family_Code": null, "Definition": "Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.", "Compliance_Score": 88, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 96 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 12", "Control_Name": "Protective Technology", "Control_Family_Code": null, "Definition": "Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.", "Compliance_Score": 40, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 97 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 13", "Control_Name": "Anomalies and Events", "Control_Family_Code": null, "Definition": "Anomalous activity is detected in a timely manner and the potential impact of events is understood.", "Compliance_Score": 46, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 98 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 14", "Control_Name": "Security Monitoring", "Control_Family_Code": null, "Definition": "The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.", "Compliance_Score": 56, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 99 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 15", "Control_Name": "Detection Processes", "Control_Family_Code": null, "Definition": "Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.", "Compliance_Score": 55, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 100 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 16", "Control_Name": "Response Planning", "Control_Family_Code": null, "Definition": "Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.", "Compliance_Score": 50, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 101 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 17", "Control_Name": "Internal Communications", "Control_Family_Code": null, "Definition": "Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies", "Compliance_Score": 60, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 102 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 18", "Control_Name": "Incident Analysis", "Control_Family_Code": null, "Definition": "Analysis is conducted to ensure adequate response and support recovery activities.", "Compliance_Score": 56, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 103 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 19", "Control_Name": "Mitigation", "Control_Family_Code": null, "Definition": "Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.", "Compliance_Score": 54, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 104 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 20", "Control_Name": "Recovery Plan Improvements", "Control_Family_Code": null, "Definition": "Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.", "Compliance_Score": 67, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 105 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 21", "Control_Name": "Recovery Planning", "Control_Family_Code": null, "Definition": "Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.", "Compliance_Score": 30, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 106 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 22", "Control_Name": "Response Plan Improvements", "Control_Family_Code": null, "Definition": "Recovery planning and processes are improved by incorporating lessons learned into future activities.", "Compliance_Score": 60, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 107 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2018, "Date": "2018-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 23", "Control_Name": "External Communications", "Control_Family_Code": null, "Definition": "Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.", "Compliance_Score": 80, "Reporting_Date": "2018-09-30T07:00:00Z", "ObjectId": 108 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 1", "Control_Name": "Asset Management", "Control_Family_Code": null, "Definition": "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.", "Compliance_Score": 70, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 109 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 2", "Control_Name": "Business Environment", "Control_Family_Code": null, "Definition": "The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.", "Compliance_Score": 60, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 110 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 3", "Control_Name": "Governance", "Control_Family_Code": null, "Definition": "The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.", "Compliance_Score": 55, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 111 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 4", "Control_Name": "Risk Assessment", "Control_Family_Code": null, "Definition": "The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.", "Compliance_Score": 57, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 112 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 5", "Control_Name": "Risk Management Strategy", "Control_Family_Code": null, "Definition": "The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.", "Compliance_Score": 20, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 113 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 7", "Control_Name": "Access Control", "Control_Family_Code": null, "Definition": "Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.", "Compliance_Score": 76, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 114 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 8", "Control_Name": "Awareness and Training", "Control_Family_Code": null, "Definition": "The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.", "Compliance_Score": 72, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 115 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 9", "Control_Name": "Data Security", "Control_Family_Code": null, "Definition": "Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.", "Compliance_Score": 63, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 116 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 10", "Control_Name": "Information Protection", "Control_Family_Code": null, "Definition": "Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.", "Compliance_Score": 67, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 117 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 11", "Control_Name": "Maintenance", "Control_Family_Code": null, "Definition": "Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.", "Compliance_Score": 90, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 118 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 12", "Control_Name": "Protective Technology", "Control_Family_Code": null, "Definition": "Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.", "Compliance_Score": 50, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 119 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 13", "Control_Name": "Anomalies and Events", "Control_Family_Code": null, "Definition": "Anomalous activity is detected in a timely manner and the potential impact of events is understood.", "Compliance_Score": 52, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 120 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 14", "Control_Name": "Security Monitoring", "Control_Family_Code": null, "Definition": "The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.", "Compliance_Score": 35, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 121 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 15", "Control_Name": "Detection Processes", "Control_Family_Code": null, "Definition": "Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.", "Compliance_Score": 44, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 122 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 16", "Control_Name": "Response Planning", "Control_Family_Code": null, "Definition": "Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.", "Compliance_Score": 100, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 123 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 17", "Control_Name": "Internal Communications", "Control_Family_Code": null, "Definition": "Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies", "Compliance_Score": 68, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 124 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 18", "Control_Name": "Incident Analysis", "Control_Family_Code": null, "Definition": "Analysis is conducted to ensure adequate response and support recovery activities.", "Compliance_Score": 75, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 125 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 19", "Control_Name": "Mitigation", "Control_Family_Code": null, "Definition": "Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.", "Compliance_Score": 80, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 126 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 20", "Control_Name": "Recovery Plan Improvements", "Control_Family_Code": null, "Definition": "Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.", "Compliance_Score": 80, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 127 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 21", "Control_Name": "Recovery Planning", "Control_Family_Code": null, "Definition": "Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.", "Compliance_Score": 100, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 128 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 22", "Control_Name": "Response Plan Improvements", "Control_Family_Code": null, "Definition": "Recovery planning and processes are improved by incorporating lessons learned into future activities.", "Compliance_Score": 90, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 129 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2017, "Date": "2017-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 23", "Control_Name": "External Communications", "Control_Family_Code": null, "Definition": "Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.", "Compliance_Score": 93, "Reporting_Date": "2017-09-30T07:00:00Z", "ObjectId": 130 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 1", "Control_Name": "Asset Management", "Control_Family_Code": null, "Definition": "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.", "Compliance_Score": 40, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 131 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 2", "Control_Name": "Business Environment", "Control_Family_Code": null, "Definition": "The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.", "Compliance_Score": 100, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 132 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 3", "Control_Name": "Governance", "Control_Family_Code": null, "Definition": "The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 133 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 4", "Control_Name": "Risk Assessment", "Control_Family_Code": null, "Definition": "The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.", "Compliance_Score": 40, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 134 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 5", "Control_Name": "Risk Management Strategy", "Control_Family_Code": null, "Definition": "The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.", "Compliance_Score": 20, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 135 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 7", "Control_Name": "Access Control", "Control_Family_Code": null, "Definition": "Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 136 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 8", "Control_Name": "Awareness and Training", "Control_Family_Code": null, "Definition": "The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.", "Compliance_Score": 60, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 137 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 9", "Control_Name": "Data Security", "Control_Family_Code": null, "Definition": "Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 138 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 10", "Control_Name": "Information Protection", "Control_Family_Code": null, "Definition": "Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.", "Compliance_Score": 100, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 139 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 11", "Control_Name": "Maintenance", "Control_Family_Code": null, "Definition": "Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.", "Compliance_Score": 20, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 140 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 12", "Control_Name": "Protective Technology", "Control_Family_Code": null, "Definition": "Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.", "Compliance_Score": 40, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 141 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 13", "Control_Name": "Anomalies and Events", "Control_Family_Code": null, "Definition": "Anomalous activity is detected in a timely manner and the potential impact of events is understood.", "Compliance_Score": 60, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 142 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 14", "Control_Name": "Security Monitoring", "Control_Family_Code": null, "Definition": "The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 143 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 15", "Control_Name": "Detection Processes", "Control_Family_Code": null, "Definition": "Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.", "Compliance_Score": 60, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 144 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 16", "Control_Name": "Response Planning", "Control_Family_Code": null, "Definition": "Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.", "Compliance_Score": 20, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 145 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 17", "Control_Name": "Internal Communications", "Control_Family_Code": null, "Definition": "Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies", "Compliance_Score": 40, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 146 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 18", "Control_Name": "Incident Analysis", "Control_Family_Code": null, "Definition": "Analysis is conducted to ensure adequate response and support recovery activities.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 147 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 19", "Control_Name": "Mitigation", "Control_Family_Code": null, "Definition": "Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 148 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 20", "Control_Name": "Recovery Plan Improvements", "Control_Family_Code": null, "Definition": "Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.", "Compliance_Score": 60, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 149 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 21", "Control_Name": "Recovery Planning", "Control_Family_Code": null, "Definition": "Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.", "Compliance_Score": 100, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 150 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 22", "Control_Name": "Response Plan Improvements", "Control_Family_Code": null, "Definition": "Recovery planning and processes are improved by incorporating lessons learned into future activities.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 151 }, "geometry": null },
{ "type": "Feature", "properties": { "Year": 2016, "Date": "2016-12-31T07:00:00Z", "Control_Set": "NIST CSF", "Control": "NIST 23", "Control_Name": "External Communications", "Control_Family_Code": null, "Definition": "Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.", "Compliance_Score": 80, "Reporting_Date": "2016-03-31T07:00:00Z", "ObjectId": 152 }, "geometry": null }
]
}