A quick introduction to NIST Cybersecurity Framework

NIST Cybersecurity Framework, published by the United States National Institute of Standards and Technology, is a set of guidelines and best practices which can be implemented by organisations to reduce their exposure to cybersecurity threats. NIST has been gaining acceptance as a well-respected framework for ensuring organisation cybersecurity. Some estimates puts its industry adoption rate in the USA at above 50% and it’s becoming more popular around the globe as well.

The NIST framework has five main pillars (referred to as functions), which shape the way the organisation prepares itself for and responds to the various cybersecurity threats it faces. The five functions are listed below:

1- Identify: This function is primarily focused on fostering an organisational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The function contains 6 categories which include asset management, business environment, governance, risk assessment, risk management strategy, and supply chain risk management.  

2- Protect: This function deals with the implementation of the appropriate safeguards to ensure critical services can be delivered. The 6 categories in this function include access control, awareness and training, data security, information protection processes, maintenance, and protective technology.  

3- Detect: This function addresses the methods required to identify the occurrence of cybersecurity threats. The 3 categories comprising this function are anomalies and events, security continuous monitoring, and detection processes.

4- Respond: This function describes the activities that must be undertaken in response to detected cybersecurity threats. The 5 categories in this function include response planning, communications, analysis, mitigation, and improvements.  

5- Recover: This function deals with the restoration of services that were impaired due to a cybersecurity incident. The 3 categories in this function include recovery planning, improvements, and communications.

Rezilens offers a NIST-based cyber resilience assessment tool, allowing organisations to easily and effectively assess their level of preparedness for facing the increasingly complex cybersecurity threat landscape. This assessment will help your organisation have a clear understanding of its level of maturity against the NIST framework and take the appropriate remediation steps to align its policies and procedures with the framework’s best practices. See the Services page on our website or contact us at [email protected] to take advantage of our free self-assessment offer!