Home » Security Bloggers Network » NIST CSF: Implementing NIST CSF

NIST CSF: Implementing NIST CSF

Introduction

The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide voluntary guidance for organizational cybersecurity defenses and risk management. This framework combines industry standards with best practices and is renowned for its inherent flexibility and open-endedness to account for different organizational needs. 

The implementation of NIST CSF is just as flexible, which begs a question. How do you get around the challenges associated with implementing the framework?

But don’t worry: by following the best practices explored below, implementing the framework in your organization can be more successful. This article will detail the challenges associated with implementing the framework and will present best practices that will help organizations deal with these challenges and better reap the benefits that NIST CSF offers.

What is the NIST CSF framework core?

The framework core is a set of recommended activities designed to achieve certain cybersecurity outcomes and serves as guidance, not a checklist. The framework core is composed of functions that work together to achieve the outcomes mentioned above. These elements are:

• Identify
• Protect
• Detect
• Respond
• Recover

The challenges of implementing NIST CSF

One of the biggest challenges in implementing NIST CSF is the very nature of the framework itself — which is that the framework is that the scope of the implementation is voluntary. This means that organizations can technically opt to implement only some of the framework, or even half-heartedly in the worst-case scenario.

Another challenge of implementing NIST CSF is that the framework itself is not one-size-fits-all. This means that what would work regarding implementation for one organization may not work for others.

A relatively recent survey has determined that some of the key challenges organizations face regarding implementation are automation and staffing challenges. The survey revealed that over 50% (Read more...)