NIST CSF 2.0 · All Functions · PR Protect · PR.PS Platform Security

PR.PS-03

Hardware is maintained, replaced, and removed commensurate with risk

Implementation examples

Ex1: Replace hardware when it lacks needed security capabilities or when it cannot support software with needed security capabilities
Ex2: Define and implement plans for hardware end-of-life maintenance support and obsolescence
Ex3: Perform hardware disposal in a secure, responsible, and auditable manner

Mapped NIST 800-53 r5 controls (6)

CM-07(09)SA-10(03)SC-03(01)SC-39(01)SC-49 SC-51

Mapped CWE weaknesses (2)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-200→P CWE-455→P

All informative references (42)

CCMv4.0: CCC-04
CCMv4.0: DCS-01
CCMv4.0: DSP-02
CCMv4.0: TVM-03
CCMv4.0: TVM-08
CIS Controls v8.0: 1.2
CIS Controls v8.1: 1.2
CRI Profile v2.0: PR.PS-03
CRI Profile v2.0: PR.PS-03.01
CSF v1.1: PR.MA-1
CSF v1.1: PR.DS-3
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 5.9
NICE Framework: DD-WRL-001
NICE Framework: DD-WRL-002
NICE Framework: IO-WRL-005
NICE Framework: IO-WRL-007
NICE Framework: OG-WRL-013
NICE Framework: PD-WRL-004
PCI DSS: 12.3.4
PCI DSS: 9.4.7
PCI DSS: 9.5.1.1
SCF: MNT-01
SCF: MNT-02
SCF: MNT-03
SCF: MNT-03.1
SCF: PRM-07
SCF: SEA-07.1
SCF: TDA-17
SP 800-53 Rev 5.1.1: CM-07(09)
SP 800-53 Rev 5.1.1: SA-10(03)
SP 800-53 Rev 5.1.1: SC-03(01)
SP 800-53 Rev 5.1.1: SC-39(01)
SP 800-53 Rev 5.1.1: SC-49
SP 800-53 Rev 5.1.1: SC-51
SP 800-53 Rev 5.2.0: CM-07(09)
SP 800-53 Rev 5.2.0: SA-10(03)
SP 800-53 Rev 5.2.0: SC-03(01)
SP 800-53 Rev 5.2.0: SC-39(01)
SP 800-53 Rev 5.2.0: SC-49
SP 800-53 Rev 5.2.0: SC-51
SSDF: PO.5.2

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).