NIST Cyber Security Framework

The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) organizes basic cybersecurity activities at their highest level.

The National Institute of Standards and Framework’s Cybersecurity Framework (CSF) was published in February 2014 in response to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for a standardized security framework for critical infrastructure in the United States.

The NIST CSF is recognized by many as a resource to help improve the security operations and governance for public and private organizations. While the NIST CSF is a terrific guideline for transforming the organizational security posture and risk management from a reactive to proactive approach, it can be a difficult framework to actually dive into and implement.

If you’re struggling to get through the NIST Cybersecurity Framework, a quick overview and summary of the framework can help you accelerate your security transformation.

  • Identify: Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

    • Categories: Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, Supply Chain Risk Management.

  • Protect: Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

    • Categories: Identity Management, Authentication and Access Control, Awareness & Training, Data Security, Info Protection & Procedures, Maintenance, Protective Technology.

  • Detect: Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

    • Categories: Anomalies & Events, Security Continuous Monitoring, Detection Process.

  • Respond: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

    • Categories: Response Planning, Communications, Analysis, Mitigation, Improvements.

  • Recover: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

For more info on NIST Cyber Security, please visit: https://www.nist.gov/cyberframework