NIST CSF: Cybersecurity basics — Foundation of CSF


The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is all about the security of critical Infrastructure. NIST SP 800-30, Rev. 1 defines critical infrastructure as “system and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

Why do we need NIST CSF? Cybersecurity risk can drive up the company’s costs and affect its revenue, as well as possibly losing customers. NIST CSF is necessary for businesses’ overall risk management system.

In this article, we will delve into the foundation of CSF, including NIST Cybersecurity Framework fundamentals, risk management, supply chain and cybersecurity improvement, as well as usage and implementation of the framework. Do you want to know the foundation of CSF? Here’s some help.

What are NIST Cybersecurity Framework fundamentals?

The NIST CSF concentrates on utilizing business drivers to guide cybersecurity operations and consider cyber risks as a part of the company’s risk management program. The framework helps in identifying and prioritizing actions for mitigating cybersecurity risks. There are three parts of this framework:

  1. Framework core
  2. Implementation tiers
  3. Profiles

Framework core

The framework core is a term that refers to various cybersecurity operations, desired results and applicable references that are common for all categories of critical infrastructure. Moreover, the framework core offers guidelines, best practices and industry standards that enable communication of a set of cybersecurity activities and outcomes across the company from the management level to the operational or implementation level. The core incorporates three parts:

  • Functions
  • Categories
  • Subcategories

Functions are further divided into five steps: Identify, Protect, Detect, Respond and Recover. These functions are split into 23 categories and 108 (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: