What is the NIST Cybersecurity Framework?

What is the NIST Cybersecurity Framework?

Table of contents

  1. What is the purpose of the NIST Cybersecurity Framework?
  2. What is the summary of the NIST Cybersecurity Framework?
  3. What are the benefits of the NIST Cybersecurity Framework?
  4. What is in the NIST Cybersecurity Framework Core?
  5. What are the five Functions of the NIST Cybersecurity Framework?
  6. What are NIST Cybersecurity Framework Profiles?
  7. What are the NIST Cybersecurity Framework Implementation Tiers?
  8. What is the background of the NIST Cybersecurity Framework?
  9. How UpGuard can improve your organization’s cybersecurity by preventing data breaches and data leaks

1. What is the purpose of the NIST Cybersecurity Framework?

2. What is the summary of the NIST Cybersecurity Framework?

  1. The Framework Core: A set of desired cybersecurity activities and outcomes using common language that is easy to understand. It guides organizations in managing and reducing cybersecurity risk while complimenting their existing cybersecurity and risk management methodologies.
  2. The Framework Profile: An organization’s unique alignment of their organizational requirements and objectives, risk appetite and resources against the desired outcomes of the Framework Core. Profiles are primarily used to identify and prioritize opportunities to improve security standards and mitigate risk at an organization.
  3. The Framework Implementation Tiers: Provides context on how an organization views cybersecurity risk management, guides them to consider what the appropriate level of rigor is for them and is often used as a communication tool to discuss risk appetite, mission priority and budget.

3. What are the benefits of the NIST Cybersecurity Framework?

4. What is in the NIST Cybersecurity Framework Core?

  1. Functions: The five high level Functions are Identify, Detect, Protect, Respond and Recover. These five Functions not only apply to cyber risk management but risk management at large.
  2. Categories: There are 23 categories split across the five functions. Categories cover the breadth of cybersecurity objectives (cyber, physical, personnel and business outcomes) while not being overly detailed.
  3. Subcategories: There are 108 subcategories split across the 23 categories. These are outcome-driven statements that provide considerations for creating or improving a cybersecurity program. As the Framework is outcomes driven, it does not mandate how an organization achieves outcomes, as it must make risk-based implementations based on its needs.

5. What are the five Functions of the NIST Cybersecurity Framework?

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

Identify

  1. Asset Management (ID.AM): The data, personnel, devices, systems and facilities that enable the organization to operate are identified and managed consistent with their relative importance to the organization and its risk strategy.
  2. Business Environment (ID.BE): The organization’s mission, objectives, stakeholders and activities are understood, prioritized and used to inform cybersecurity roles, responsibilities and risk management decisions.
  3. Governance (ID.GV): The policies, procedures and processes to manage and monitor the organization’s regulatory, legal, risk, environmental and operational requirements.
  4. Risk Assessment (ID.RA): The organization understands the cybersecurity risk to each function (including mission, image and reputation), organizational assets and individuals.
  5. Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerance and assumptions are established and used to support risk decisions.
  6. Supply Chain Risk Management (ID.SC): The organization’s priorities, constraints, risk tolerance and assumptions are established and used to support risk decisions related to third-party risk and fourth-party risk. The organization has in place a process to identify, assess and manage supply chain risks, e.g. a third-party risk management framework, vendor security questionnaire template and a security ratings tool.

Protect

  1. Access Control (PR.AC): Access to assets and facilities is limited to authorized users, processes or devices, and to authorized activities and transactions.
  2. Awareness and Training (PR.AT): Personnel and partners are provided with cybersecurity awareness training and can perform their information security-related duties and responsibilities consistent with policies, procedures and agreements.
  3. Data Security (PR.DS): Sensitive data is managed consistently in accordance to the organization’s risk strategy to protect its confidentiality, integrity and availability (CIA Triad).
  4. Information Protection Processes and Procedures (PR.IP): Information security policies (that address the purpose, scope, roles, responsibilities, management commitment and coordination among entities), processes and procedures are maintained and used to protect information systems and assets.
  5. Maintenance (PR.MA): Maintenance and repairs of controls and information systems are consistent with policies and procedures.
  6. Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets consistent with policies, procedures and agreements.

Detect

  1. Anomalies and Events (DE.AE):Anomalous activity is detected in a timely manner and the potential impact is understood.
  2. Security Continuous Monitoring (DE.CM): Information systems and assets are continuously monitor to identify security events and verify the effectiveness of protective measures, e.g. vendor security ratings software and data leak detection.
  3. Detection Processes (DE.DP):Detection processes and procedures are maintained and tested.

Respond

  1. Response Planning (RS.RP):Response processes and procedures and practiced, executed and maintained.
  2. Communications (RS.CO): Response activities are coordinated with internal and external stakeholders.
  3. Analysis (RS.AN): Analysis is conducted to ensure adequate response and to support recovery activities.
  4. Mitigation (RS.MI): Activities are performed to prevent the spread of a cyber attack, mitigating its effects and eradicating attack vectors.
  5. Improvements (RS.IM): Response activities are improved by incorporating best practices, lessons learned and other inputs.

Recover

  1. Recovery Planning (RC.RP):Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets.
  2. Improvements (RC.IM):Recovery planning and processes are improved by incorporating best practices, lessons learned and other inputs.
  3. Communications (RC.CO): Restoration activities are coordinated with internal team and third-party vendors.

6. What are NIST Cybersecurity Framework Profiles?

7. What are the NIST Cybersecurity Framework Implementation Tiers?

  1. Tier 1 (Partial)
  2. Tier 2 (Risk Informed)
  3. Tier 3 (Repeatable)
  4. Tier 4 (Adaptable)

8. What is the background of the NIST Cybersecurity Framework?

9. How UpGuard can improve your organization’s cybersecurity by preventing data breaches and data leaks

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store