NIST CSF 2.0 Mapping
NIST Cybersecurity Framework 2.0 · February 2024
The NIST Cybersecurity Framework is the most widely adopted security framework in North America. This mapping shows how Flowtriq addresses CSF 2.0 functions and categories relevant to DDoS detection, response, and recovery.
5
Functions Covered
8
Categories Addressed
7
Full Coverage
Control Mapping
| Function | Category | How Flowtriq Addresses It | Coverage |
|---|---|---|---|
| IDENTIFY | ID.AM Asset Management |
Per-node inventory with automatic interface detection, service port discovery, and server identification. Each monitored server is registered with hardware details, OS information, and network configuration in the Flowtriq dashboard. | Partial |
| PROTECT | PR.PT Protective Technology |
Automated firewall rules (iptables, nftables), XDP/eBPF kernel-level filtering for line-rate packet dropping, BGP FlowSpec for surgical traffic filtering at the router level, and RTBH for last-resort blackholing. Service port rules protect legitimate services during attacks. | Full |
| DETECT | DE.AE Adverse Events |
Per-second anomaly detection using adaptive baselines (EWMA algorithm). Attacks detected when traffic exceeds baseline by configurable multiplier (default 3.0x). L7 application-layer detection for HTTP floods and DNS amplification. Attack classification across 8+ families with confidence scoring. | Full |
| DETECT | DE.CM Continuous Monitoring |
24/7 per-packet monitoring with 10-second metric reporting intervals. Real-time dashboard with traffic visualizations. Agent heartbeat checks detect offline nodes within 30 seconds. Health endpoint for external monitoring integration. | Full |
| RESPOND | RS.AN Analysis |
PCAP forensics with automatic pre-attack capture buffer. Attack classification with protocol breakdown, source IP distribution, and payload analysis. Timeline reconstruction with second-by-second PPS/BPS data. IOC pattern matching against known attack tool signatures. | Full |
| RESPOND | RS.MI Mitigation |
Layered auto-mitigation: iptables/nftables firewall rules, XDP/eBPF kernel-level drop filters, BGP FlowSpec for router-level filtering, RTBH for upstream blackholing. Configurable block cooldowns with automatic unblock when attacks end. Service port awareness keeps legitimate traffic flowing. | Full |
| RESPOND | RS.CO Communications |
12+ native alert channels: Slack, Discord, PagerDuty, OpsGenie, email, SMS, Telegram, Microsoft Teams, Google Chat, webhooks, and custom HTTP endpoints. Alert routing with severity-based filtering. API access for SIEM and SOAR integration. | Full |
| RECOVER | RC.RP Recovery Planning |
Auto-unban with configurable cooldown periods. Baseline recalibration after traffic pattern changes. Post-incident reporting with attack timeline, mitigation actions taken, and forensic evidence. Maintenance window support to suppress false positives during planned changes. | Full |
Scope note: This mapping covers NIST CSF 2.0 categories relevant to network-layer DDoS detection and response. Additional CSF categories (e.g., GV.* Governance, PR.AA Access Control, PR.AT Awareness Training) are important for a complete cybersecurity program but fall outside the scope of a DDoS detection platform.
Map your NIST CSF compliance
Deploy Flowtriq and address 8 NIST CSF 2.0 categories for DDoS detection and response.
Start Free Trial