The National Institute of Standards and Technology Cybersecurity Framework (NIST NSF): Overview


You can’t examine any newspaper, business magazine or cable news coverage without seeing the impact that high-profile data breaches and cyberattacks are having on businesses across all industries. From the Target and Yahoo! data breaches to Deloitte and the worldwide hysteria caused by the WannaCry ransomware, security professionals and IT leaders are scrambling for guidance to secure their networks and systems. 

Whether you are in a similar position or are seeking to learn more about one of the most comprehensive security frameworks, the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is one of the best resources to begin with.

Chartered under the United States Department of Commerce, NIST’s mission is to promote innovation and competitiveness across all industries. It releases frameworks to encourage sharing best practices across a range of domains, with the CSF being just one of several. 

The NIST Cybersecurity Framework was first published in 2014 in response to a February 2013 Executive Order and was written for executives, auditors, board members and security professionals in mind, developed collaboratively by government, academia, the private sector and cybersecurity professionals.

In practice, the CSF focuses on building “cyber resiliency” within organizations, helping them to be proactive and prepared for cyberthreats instead of only being in a reactive stance. And on May 11, 2017, Executive Order 13800 required all federal government agencies to use the CSF and all those that do business with them. 

The Executive Order also introduced a new version of the CSF and includes a new methodology to “protect individual privacy and civil liberties” during the implementation of cybersecurity protocols. These changes are likely to increase the number of organizations using the CSF from the estimated 30 percent identified in 2015.

Cybersecurity framework overview

Unlike other frameworks, the CSF was not (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: