Inside the NIST Framework to Improve Cybersecurity
Technology-Neutral NIST Framework Provides a Mechanism for Enterprises to:
1. Describe their current cybersecurity posture, 2. Describe their cybersecurity goals, 3. Identify and prioritize opportunities for improvement in continuous and repeatable processes, 4. Assess progress toward cybersecurity goals, 5. Communicate about cybersecurity risk
Part 1: The Framework Core
NIST’s Framework has three parts: the Framework Core, the Framework Implementation Tiers and the Framework Profiles. Framework Core is a set of cybersecurity activities, desired outcomes, and references common to critical infrastructure sectors.
Part 2: The Framework Implementation Tiers
Framework Implementation Tiers describe how much an organization’s cybersecurity risk management practices reflect the characteristics defined in the framework. Tiers include informal, agile responses that are informed about risk.
Part 3: Framework Profiles
A Framework Profile represents outcomes based on business needs. It is an alignment of standards, guidelines, and practices with the Framework Core in a particular scenario. Enterprises can compare a current profile with a target profile to prioritize and measure progress toward the target profile.
Framework Core Activities
The Core presents cybersecurity outcomes that could be helpful to managing cybersecurity risk. There are five functions: Identify, Protect, Detect, Respond, Recover
Identify Risks to the Enterprise
The Identify Function helps organizations understand how to manage cybersecurity risk to their systems, assets, data and capabilities. Categories within this function include asset management, business environment, governance, risk assessment and risk management strategy.
Develop and Implement Safeguards
The Protect Function supports the ability to limit or contain the impact of a cybersecurity event. Examples of outcomes include access control; awareness and training; data security; information protection processes and procedures; maintenance; and protective technology.
Detecting a Cybersecurity Event
The Detect Function helps enterprises discover cybersecurity breaches quickly. Examples of outcomes include anomalies and events, security continuous monitoring, and detection processes.
Responding and Containing a Breach’s Impact
The Respond Function supports the ability to contain the impact of a cybersecurity event by preparing: a response plan; communication; analysis, mitigation, and improvements.
Recovery and Resilience
The Recover Function helps restore any capabilities impaired due to a cyber-attack. It supports timely recovery to normal operations. Examples of outcomes include recovery planning, improvements and communications.
