12. NIST Cybersecurity Framework
NIST Cybersecurity Framework
NIST Cybersecurity Framework - Overview
ND545 C1 L2 08 NIST Cybersecurity Framework Video
NIST CSF
The NIST Cybersecurity Framework helps to simplify the process of maturing an organization’s cybersecurity program. By following NIST CSF, businesses experience fewer breaches and compliance issues. NIST CSF consists of standards, guidelines, and practices to promote the protection of critical infrastructure.
The NIST CSF Tiers
The Framework Tiers describe how mature an organization is when it comes to cybersecurity technology, management, and operational practices. The more mature, the more efficient, effective, and secure. There are four tiers. A company new to NIST would start at Tier 1, while a mature program would be a level 3 or 4.
NIST CSF Core
The CSF Core is a set of cybersecurity activities organized into high-level functions and categories. Using non-technical and straightforward language, it provides a translation layer among multi-disciplinary teams. The Core includes five high-level functions: Identity, Protect, Detect, Respond, and Recover. The categories fit within the functions and provide greater direction on implementing the function.
NIST CSF Profile
The NIST CSF organizational Profile forms the company’s unique alignment of business objectives, threats, risks, and requirements. By comparing the current profile with a target profile, the company can identify the area to improve the cybersecurity.
The NIST CSF Tiers, Core, and Profile provide direction on implementing a compliant security program that manages its cybersecurity risks to acceptable levels.
NIST Cybersecurity Framework Core
ND545 C1 L2 09 CSF Core
NIST CSF Core - Functions
The NIST CSF five Functions or steps are Identify, Protect, Detect, Respond, and Recover.
- Identify valuable company assets and data.
- Protect valuable company assets and data from threats.
- Detect when a cyber incident occurs.
- Respond quickly and efficiently to a cyber incident.
- Recover from an incident and get back to business
NIST CSF Core - Categories
The next layer of the CSF Core is Categories, which are a set of cybersecurity activities and outcomes organized into 23 Categories. Each category has a unique identifier based on the function and category name. It’s what you need to do or prove you do for a cybersecurity program. It uses simplistic and non-technical language to provide easy communication between multi-disciplinary teams.
Further research
- NIST CSF, "An Introduction to the Components of the Framework" - https://www.nist.gov/cyberframework/online-learning/components-framework
- NIST CSF Five Functions - https://www.nist.gov/cyberframework/online-learning/five-functions