Physical Enforcement Across All Five CSF Functions
The NIST Cybersecurity Framework organises security into five functions: Identify, Protect, Detect, Respond, and Recover. Firevault Control provides physical enforcement capabilities that strengthen every function.
NIST CSF
The NIST CSF is a framework for organising security capabilities. Physical enforcement is what makes those capabilities genuinely effective against determined adversaries.
5/5
CSF functions with physical enforcement
23
CSF categories addressed by Control
100%
Physical protection for critical assets
Full
Automated CSF maturity evidence
Advancing CSF maturity requires stronger controls.
Protect Function Gaps
Most organisations achieve basic Protect function maturity but struggle to demonstrate that protective controls are continuously effective against sophisticated threats.
Respond Function Speed
Incident response depends on the ability to contain threats quickly. Software-based containment takes time and may be undermined by the same compromise it is trying to contain.
Recover Function Assurance
Recovery capabilities are only as good as the integrity of backup systems. Network-connected backups can be compromised alongside production systems.
The Scenario
Scenario: CSF Maturity Assessment with Physical Controls
An organisation assesses its CSF maturity and finds it is at Tier 2 (Risk Informed) across most functions. The Protect function relies on firewalls and access controls that have been bypassed in penetration tests. The Respond function takes hours to contain incidents because containment requires coordinated firewall changes. The Recover function uses network-connected backups that would be compromised in a real ransomware attack. With Firevault Control, the organisation advances to Tier 4 (Adaptive) for Protect, Respond, and Recover functions. Physical zone boundaries cannot be bypassed. Incident containment operates in seconds through physical path severance. Control-plane recovery is guaranteed through verified configuration baselines.
"We were stuck at Tier 2 maturity for three years. Every improvement we made was incremental. Physical enforcement moved us to Tier 4 for our most critical functions because it fundamentally changed the assurance model."
Where NIST CSF functions meet Control modules.
NIST CSF 2.0 organises cybersecurity outcomes into six functions. Firevault Control delivers the physical enforcement and recovery posture the Protect and Recover functions depend on.
Reference: NIST Cybersecurity Framework 2.0, functions Govern, Identify, Protect, Detect, Respond, Recover.
Govern and Identify
-
GV.OC-3
Legal, regulatory and contractual requirements
Continuous signed evidence demonstrates the boundary holds.
ValidateArchive -
ID.AM-3
Communication and data flows mapped
Zone and conduit inventory is enforced as physical fact.
IsolateFirebreak
Protect
-
PR.AA-3
Identities and credentials
Privileged reach is named, scoped and time-bound.
LockRelay -
PR.AA-5
Access permissions and authorisations
Boundary-altering actions require explicit approval.
Execute -
PR.IR-1
Network communications integrity
Inter-zone paths exist only when authorised. Default is severed.
FirebreakIsolate -
PR.PS-6
Data backups created and protected
Recovery copies live in an offline vault, off the live network.
ArchiveTransfer
Detect
-
DE.CM-1
Network monitored
Continuous attestation of conduit and vault state surfaces drift before incident.
Validate
Respond and Recover
-
RS.MI-1
Incidents contained
Firebreak severs governed conduits on alert. The blast radius is bounded.
Firebreak -
RC.RP-3
Recovery actions integrity verified
Restoration is an evidenced Execute event with quorum approval.
ExecuteValidate
Modules & symbols
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Identify: Asset Boundary Mapping
Control modules define and enforce physical boundaries around critical assets, providing clear asset identification and boundary documentation.
Protect: Physical Access Control
Physical zone separation and multi-party authorisation provide protective controls that cannot be circumvented through software techniques.
Detect: Boundary State Monitoring
Continuous monitoring of physical boundary states provides detection capabilities for any unauthorised path activation.
Respond: Seconds-Fast Containment
Physical path severance provides incident containment in seconds, dramatically reducing the window of exposure during active threats.
Recover: Verified Safe-State Restoration
Verified baselines of control-plane configuration enable restoration regardless of the scope of network compromise.
Maturity Evidence
Continuous logging and automated CSF mapping documentation supports maturity assessments and demonstrates advancement over time.
Demo to Live
Adoption Guide
CSF Maturity Assessment
Assess your current CSF maturity tier across all functions and identify where physical enforcement would provide the greatest maturity advancement.
Target Profile Alignment
Map your Target Profile to Control modules to design a deployment that advances maturity for your priority CSF categories.
Function Validation
Deploy Control for your highest-priority function and validate maturity advancement through a controlled assessment.
Full CSF Deployment
Organisation-wide deployment with physical enforcement across all functions, continuous maturity evidence, and automated CSF reporting.
CSF Maturity Assessment
Assess your current CSF maturity tier across all functions and identify where physical enforcement would provide the greatest maturity advancement.
Target Profile Alignment
Map your Target Profile to Control modules to design a deployment that advances maturity for your priority CSF categories.
Function Validation
Deploy Control for your highest-priority function and validate maturity advancement through a controlled assessment.
Full CSF Deployment
Organisation-wide deployment with physical enforcement across all functions, continuous maturity evidence, and automated CSF reporting.
Explore More
ISO 27001 Framework
Information security management and Annex A controls.
Learn more about ISO 27001 FrameworkMITRE ATT&CK Mapping
Map Control modules to ATT&CK techniques and mitigations.
Learn more about MITRE ATT&CK MappingCyber Essentials
UK baseline certification with physical isolation evidence.
Learn more about Cyber EssentialsQuestions