The NIST Cybersecurity Framework
NIST is an acronym for the National Institute of Standards and Technology at the U.S. Department of Commerce, and the NIST Cybersecurity Framework is commonly referred to as the CSF. The Framework provides a structure for private enterprises to assess and improve their ability to prevent, detect, and respond to cyber incidents. First formulated in 2014, a recent study reported that 70% of the surveyed organizations see the NIST framework as a widespread best practice for computer security, 50% have noted that to do so requires a significant monetary investment, which is a barrier for adoption.
The Framework uses the organization’s business drivers to guide its cybersecurity activities and considers cybersecurity as part of an organization’s risk management processes. Many organizations that embrace this Framework do so to help manage their cybersecurity risks. According to the 2019 SANS OT/ICS Cybersecurity Survey, the NIST CSF is the number one framework in use today.
The 5 Core Functions:
The five Core Functions provide an organization with a strategic view of its cybersecurity risk management lifecycle, and it should be treated as a critical reference point.
The following are the five Functions and how your organization can comply with them:
1. Identify
Organizations must understand their IT infrastructure and technical environment to manage potential cybersecurity risk to systems, assets, data, and capabilities. To adhere to this core function, it is essential to have full visibility into your complete digital and physical assets, their interconnectivity, and their defined roles and responsibilities. Only after this information is understood and adequately documented can an organization understand its current risks and exposure and establish policies and procedures to manage those risks.
2. Protect
Organizations must develop and implement the appropriate defensive measures to limit or contain the impact of a potential cybersecurity event. To comply, your organization must control access to digital and physical assets, provide awareness education and training, and embed processes into place to secure data. Only then can you maintain a baseline of network configuration and associated operations to promptly repair system components and deploy protective technology to ensure sufficient cyber resilience.
3. Detect
Organizations must implement appropriate measures to identify cybersecurity events instantly. The adoption of continuous monitoring solutions that detect anomalous activity and other operational continuity threats must comply with this Function. Your organization must have visibility and traceability within its networks to anticipate a cyber incident and have all relevant information at hand to respond to one if it occurs. Continuous monitoring and active ‘threat hunting’ are useful measures to analyze and prevent cyber incidents in ICS networks.
4. Respond
Should a cyber incident occur, organizations must have the ability to contain such an impact. To comply, your organization must develop a response plan, define the core communication lines among the key stakeholders, collect and analyze information about the event, perform all required activities to eradicate the incident, and incorporate lessons learned into any or all revised response strategies.
5. Recover
Organizations must develop and implement sound activities to restore any capabilities or services that were impaired due to a cybersecurity event. Your organization must have a recovery plan in position to coordinate restoration activities with external parties and incorporate lessons learned into your updated recovery strategy. Defining a prioritized list of action points that can be adopted to undertake recovery activity is critical for any timely recovery.
Implementing the NIST Cybersecurity Framework can assist your organization in becoming more focused on protecting its critical assets, and the Framework seems to have withstood the test of time as a superior option when compared to security frameworks that have been developed in house.
