The NIST Cybersecurity Framework (NIST CSF), provides organizations with a structure that can be used to assess and improve their organization’s ability to prevent, detect and respond to cyber incidents.
The NIST CSF is organized into five core Functions, which are also known as the Framework Core. Each function is essential to creating a strong security posture and successful management of cybersecurity risk. The Framework Core consists of five Functions: Identity, Protect, Detect, Respond and Recover.
- Identify: This section focuses on developing organizational understanding to manage cybersecurity risks to systems, assets, data, and capabilities. This involves managing assets and recognizing critical roles and responsibilities throughout the organization.
- Protect: In this section, the focus is on developing and implementing the appropriate safeguards to ensure delivery of critical infrastructure services and limit any potential damage that a cybersecurity event may have. This involves controlling access to assets, providing training and education to employees, and deploying protective technology.
- Detect: Next up is Detect potential threats. This section focuses on developing and implementing the network monitoring activities that help to identify the occurrence of a security event.Respond. In this section, the focus is on developing and implementing the appropriate response activities when a potential security event is detected. Response plans should be developed and include communication procedures as well as methods to collect and analyze information about the event.
- Recover: Finally, the last section focuses on developing and implementing the appropriate activities for business continuity and recovery efforts.
Each of these 5 Core Functions are broken down into categories, which help the user identify areas that need improvement. Some of the categories include: Asset Management, Risk Assessment, Risk Management Strategy, Access Control, etc.
In order to conduct a NIST CSF assessment, the assessor would review each Core Function and its corresponding categories and provide examples of how the organization meets those requirements. Once that is completed, the assessor would then provide a Maturity Rating.
The choices of ratings include:
As an auditor, I get a lot of questions about how to improve their organization’s NIST CSF scores. For example, in order to get a higher score of Repeatable, the organization must have a fully documented process in place. Documenting processes can be challenging for some organizations, but it is certainly worth it. For Adaptive, which is the highest score, the organization must have processes, procedures, and technologies that are continually refined to keep pace with changes to the technology risk.
One of the best things about the NIST CSF is its ability to help an organization improve its cybersecurity preparedness over time. It is an excellent tool for gaining a better understanding of an organization’s strengths and weaknesses. An organization can track their progress over time by assessing their current state and set targets for where they’d like to be.
If you are interested in completing a NIST CSF Assessment for your organization or need help developing a roadmap for one that has already been done, Intrinium can help.