Mandated by Presidents Obama and Trump, NIST Cybersecurity Framework is required for all Federal organizations, and is becoming the baseline security standard for commercial organizations.
What is the Cybersecurity Framework?
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSP) is a policy framework of computer security guidelines for private sector organizations. The CSF allows organizations to assess and improve their ability to prevent, detect and respond to cyber attacks. It provides high-level analysis of cybersecurity outcomes and a procedure to assess and manage those outcomes. Version 1.0 was published by NIST in 2014, originally directed toward operators of critical infrastructure. The CSF is currently used by a wide range of businesses and organizations to assist them in their proactivity of risk management. To that point, it was designed to be an assessment of the business risks they face to guide their use of the framework in a cost-effective way.
The Three Major Parts of the CSF
The Cybersecurity Framework is divided into three parts: Core, Tiers and Profile. The Framework Core contains multitude of activities, outcomes and references that analyze approaches to situations of cybersecurity. The Framework Implementation Tiers are used by an organization to clarify, for itself, how it perceives cybersecurity risk. As well as, the standard of sophistication for its executive approach. Finally, the Framework Profile is a list of outcomes that an organization has elected from, the categories and subcategories, based on its needs and individual risk assessments.
The Framework Profile is also broken into two parts. For example, an organization typically begins using the framework to develop a current profile. This profile describes the organization’s current cybersecurity activities and what outcomes it is hoping to achieve. Once that is determined, the organization can then establish a target profile, or adopt a baseline profile, that is customized to more accurately match its critical infrastructure. After these are set, the organization can then take steps to close the gaps between its current profile and its target profile.
2017 Cybersecurity Framework Update
Early in 2017, NIST issued a draft update to the Cybersecurity Framework. Administering new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity. the updated CSF aims to further develop NIST’s voluntary guidance to organizations on reducing cyber risks.
The CSF update incorporates feedback and integrates comments from organizations throughout the past few years. This update aims to assist users wanting to apply the the CSF to cyber supply chain risk management. It is written with a vocabulary for all organizations working together on a project to clearly understand their cybersecurity needs. Examples of cyber supply chain risk management include: a small business selecting a cloud service provider or a federal agency contracting with a system integrator to build an IT system. For the update, the renamed and revised “Identity Management and Access Control” category, clarifies and expands upon the definitions of the terms “authentication” and “authorization.” NIST also adds and defines the related concept of “identity proofing.”
Cybersecurity Framework Risk Assessment and Gap Assessment
As part of CSF, your organization is required to have a formal risk assessment from a qualified 3rd party firm. Our comprehensive assessments are designed to help you prepare for your CSF audit, and our patented risk management methodology will save your company time and money by creating a customized control framework mapping, designed specifically for your organization.
CyberSecurity Framework Penetration Test
NightLion Security provides the advanced penetration testing services for web applications, databases, and internal infrastructure needed to protect your sensitive cardholder data and comply with CSF.
Download Cybersecurity Framework Controls Download in XLS / CSV format
Check us out at www.securitycheckbox.com