Bahar Ferguson 

Companies large and small are at a heightened risk for data breaches, which could lead to the leak of private customer information, company secrets or other sensitive files. In the cybersecurity space there are two leaders of the cyber response framework: NIST and SANS. In this article we will discuss the National Institute of Standards and Technology (NIST), what it is, who it benefits and its core functions.{mprestriction ids="1,3"}

What is NIST?

The National Institute of Standards and Technology is a government agency responsible for promoting innovation and competitiveness in science, engineering and technology. It helps set the base standards for companies who don’t have something like a Cybersecurity Maturity Model Certification (CMMC) — the Department of Defense’s cybersecurity verification mechanism — to follow and can be used as a “best practice” in the cybersecurity space.

NIST’s main purpose is to establish best practices — or standards — for organizations handling government data. By improving these security standards, it doesn’t just help government agencies, but also private companies, better protect data. The NIST Cybersecurity Framework was created in 2014 to help organizations establish standardized cybersecurity practices. This way, there is a uniform approach that will better protect against data breaches and other types of cyberattacks.

What is NIST Compliance?

NIST compliance is the term used when referring to following one or more NIST publications. NIST standards exist to make sure that cybersecurity efforts between different government agencies or companies working with the federal government are consistent.

In order to do business with the United States federal government, companies need to meet security measures put in place by NIST. Special Publication NIST 800-53 and Special Publication NIST 800-171 are just a few of the standards that businesses supplying products or services to the U.S. might have to fulfill.

NIST 800-171, or “Protecting Controlled Unclassified Inform-ation in Non-Federal Information Systems and Organizations,” was first established in May 2015.

The purpose of this document is to provide direction to non-federal organizations that want to protect sensitive federal information stored in their own systems. It covers what role the organization would play in data breaches, which types of data require protection and the level of security needed.

The latest edition of this document is NIST SP 800-171 Rev2 from February 2020.

Not only does NIST compliance make it easier to comply with other security frameworks, such as the Sarbanes-Oxley Act (SOx) and the Payment Card Industry Data Security Standard (PCI DSS), but it also provides a solid foundation for your organization’s security efforts.

NIST best practices protect your organization’s systems, data and networks from cybersecurity attacks, saving you time and money in the future.

Who is NIST Compliance Intended For?

The NIST Cybersecurity Framework (CSF) is designed to ensure that vital IT infrastructure for private companies is secure. The framework provides guidance, but it is not focused on compliance. Organizations are encouraged to prioritize cybersecurity risks in the same way they would handle financial, industrial, personal and operational security risks.

The framework’s other goal is to make sure that cybersecurity risk is considered during the normal day-to-day conversations among people in all organizations.

NIST CSF was designed to aid companies in securing their most crucial infrastructure. The framework can be used effectively as follows:

• Examine the current cybersecurity measures to determine their risk.

• Identify potential new cy-bersecurity standards and policies.

• Make sure everyone is on the same page by communicating new requirements.

• Develop new policies with corresponding cybersecurity measures.

Any company that wants to do business with the United States government needs to follow NIST guidelines. This includes not just U.S. agencies, but also companies and individuals that the government could potentially hire for project work in the future.

The Core Functions of NIST CFC

The core functions of the framework include industry standards, guidelines and practices that enable communication of cybersecurity activities and outcomes across the industry. By using this framework, executives to implementers will all be following the same best practice when it comes to information security.

NIST’s CSF framework is composed of five functions that are carried out simultaneously and continuously: identification, protection, detection, response and recovery.

Identification. The identification function is the first priority of the framework because it establishes “an organizational understanding to manage cybersecurity risk for systems, assets, data and resources.”

This focus is on how businesses relate to cybersecurity risks, primarily taking resources into account. For example, the main activities associated with this function are:

• Asset management.

• Business environment.

• Governance.

• Risk assessment.

• Risk management strategy.

The identification function is the beginning step for planning future actions related to cybersecurity in your organization. Knowing what you have, what risks are involved with these surroundings and how it affects your business goals is essential for success.

Protection. In general, the NIST framework helps companies communicate their cybersecurity risk management program to others by organizing information and sharing it securely. The company can also address threats and learn from previous activities to continually improve its safeguards. This then helps limit or reduce damage from a possible cybersecurity event.

The two- and multi-factor authentication practices that control access to assets and environments, as well as employee training to reduce the risk of accidents and social engineering violations, are examples of application of the protection function.

Because violations are becoming more frequent, it is now crucial to have the right policies and protocols in place to lower the chances of a violation. The protection function within the framework works as a guidebook, outlining what needs to be done in order to achieve this goal.

Detection. The purpose of the detection function is to put into place activities that will enable the early recognition of a cybersecurity event. Some examples of results achieved through this function include:

Anomalies and Events: The program is designed to quickly detect unusual activities, and everyone on your team will be able to understand the consequences of such events. It prepares your team to collect and analyze data from multiple sources so that they can identify a cybersecurity event when it occurs.

Continuous Security Monit-oring: By monitoring your information systems and environments at regular intervals, you can spot potential cyber threats before they happen. Having a team that monitors your assets 24/7 gives you peace of mind so that you can focus on other aspects of running your business.

Detection Processes: Test your detection procedures and processes regularly to ensure you are always aware of potential cyber events. The sooner you can learn about a violation, the better, but make sure to follow all disclosure requirements. Your program should be able to detect any unauthorized access to your data immediately.

Cybersecurity threats can be critical for businesses, so the detection function of your security framework is vital. By following these best practices and implementing these solutions, you will be able to reduce cybersecurity risk and protect your business interests.

Response. The response function aims to reduce the damage of a potential cybersecurity attack through response planning, analysis and mitigation activities to ensure the cybersecurity program is in a state of continuous improvement.

Having a response plan in place is the first step to adopting the response function. This will help ensure compliance with reporting requirements, and that data is encrypted and securely transmitted to the appropriate location and industry.

Recovery. The recovery function of this framework aids in prompt recovery from regular operations to minimize the repercussions of a cybersecurity event. Outcomes that this function supports include:

Recovery Planning: By regularly testing and practicing recovery procedures, your program will be better equipped to handle an event if or when it occurs.

Improvements: Improved recovery planning and processes happen when events occur, areas for improvement are identified and solutions are put together.

Communication: Creating a coordinated effort between all departments and outside agencies leads to greater organization and successful implementation.

The recovery function is essential to not only the business and security team but also to customers. A company’s fast recovery time is essential to its success.

Conclusion

The NIST CFC cybersecurity framework is designed to help businesses improve their overall security posture and reduce exposure to cyber threats. By implementing these standards into their operations, businesses can take proactive steps to improve their cybersecurity maturity.

Bahar Ferguson is the president of Wasatch I.T., a Utah IT provider for small and medium-sized businesses.{/mprestriction}