Using the NIST Cybersecurity Framework

Many organizations are using the NIST Cybersecurity Framework for developing and maintaining their enterprise-wide security program. The National Institute of Standards and Technology created the Cybersecurity Framework to help organizations better manage and reduce Cybersecurity risk. It is a standard framework that can be used across many businesses – small, medium and large, and also across industries.

The five key pillars or functions of the NIST Cybersecurity framework core are:

• IDENTIFY the resources or assets that support critical functions and develop an understanding of your business context, risks and priorities.
• PROTECT your critical infrastructure by developing and implementing the appropriate safeguards
• DETECT in a timely fashion, any Cybersecurity incidents or events impacting you.
• RESPOND to a detected Cybersecurity event and take appropriate action.
• RECOVER capabilities and services impaired by a Cybersecurity event, implement lessons learned and maintain normal operations with resilience.

By using the NIST Cybersecurity framework, organizations can drill down from these high level functions into categories and sub-categories to ultimately cover the enterprise. The framework also contains guidelines, standards and practices known as informative references.

Using a tried-and-tested framework to develop and maintain your Cybersecurity program is a sensible approach as you can cover all your bases and prepare a strong security program for your company. Though using the NIST Cybersecurity framework is not mandatory, it does help organizations achieve compliance with key security related regulations such as PCI and HIPAA. NIST has recently released a draft version 1.1 that considers quantifying and measuring cyber risk. The NIST Cybersecurity Framework thus enables organizations in creating and nurturing their corporate Cybersecurity culture. Visit the NIST website for valuable resources.

View our video on using the NIST Cybersecurity Framework: