The NIST Framework for Improving Critical Infrastructure Cybersecurity commonly referred to as the NIST Cybersecurity Framework provides private sector organizations with a structure for assessing and improving their ability to prevent, detect and respond to cyber incidents. Version 1.0 was published by the US National Institute of Standards and Technology (NIST) in 2014 and was aimed at operators of critical infrastructure.
The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications, and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments.
The 3 Parts of the Framework
Framework Core
The framework core is a set of cybersecurity activities, desired outcomes and applicable references that are common across critical infrastructure sectors. It consists of five concurrent and continuous Functions: Identity, Protect, Detect, Respond and Recover.
Implementation Tiers
Implementation tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework, over a range from Partial (Tier 1) to Adaptive (Tier 4).
Framework Profile
A framework profile represents the Core Functions’ Categories and Subcategories prioritized by an organization based on business needs and can be used to measure the organization’s progress toward the Target Profile.
An Introduction to the Functions
The five Functions included in the Framework Core are:
Identify
Protect
Detect
Respond
Recover
Identify
Organizations must develop an understanding of their environment to manage cybersecurity risk to systems, assets, data, and capabilities. To comply with this Function, it is essential to have full visibility into your digital and physical assets and their interconnections, defined roles, and responsibilities to understand your current risks and exposure and put policies and procedures into place to manage those risks.
Protect
Organizations must develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event. To comply, your organization must control access to digital and physical assets, provide awareness education and training, put processes into place to secure data, maintain baselines of network configuration and operations to repair system components in a timely manner and deploy protective technology to ensure cyber resilience.
Detect
Organizations must implement appropriate measures to quickly identify cybersecurity events. The adoption of continuous monitoring solutions that detect anomalous activity and other threats to operational continuity is required to comply with this Function. Your organization must have visibility into its networks to anticipate a cyber incident and have all the information at hand to respond to one. Continuous monitoring and threat hunting are very effective ways to analyze and prevent cyber incidents in ICS networks.
Respond
Should a cyber incident occur, organizations must have the ability to contain the impact To comply, your organization must craft a response plan, define communication lines among the appropriate parties, collect and analyze information about the event, perform all required activities to eradicate the incident and incorporate lessons learned into revised response strategies
Recover
Organizations must develop and implement effective activities to restore any capabilities or services that were impaired due to a cybersecurity event. Your organization must have a recovery plan in place, be able to coordinate restoration activities with external parties and incorporate lessons learned into your updated recovery strategy. Defining a prioritized list of action points that can be used to undertake recovery activity is critical for a timely recovery.
NIST is also planning a Cybersecurity Risk Management Conference which will include a major focus on the framework for November 6 through 8, 2018, in Baltimore, Maryland. Detailed information on the conference will soon be available on the Cybersecurity Framework website. The website also includes guidance for those new to the framework, links to framework-related tools and methodologies, and perspectives on the framework from those who use it.
for more cybersecurity information contact us at help@theweborion.com
