Navigating the NIST Cybersecurity Framework
As the security landscape evolves, matures and becomes more complex, organizations need a trusted framework they can easily adopt and integrate into their existing security ecosystem. With all the tools available in the market today for improving your company’s cybersecurity, it’s easier than ever to get started with security protocols.
There’s a caveat, though: those tools don’t provide everything you need to develop a comprehensive strategy. The analysis paralysis is real—it’s so tough to know where to start when adopting a trusted cybersecurity framework that best fits your organization’s needs.
Huntress Sales Engineer II Todd Painter and industry expert Wes Spencer teamed up in April 2022 to discuss deNISTifying (see what we did there?) cybersecurity by leveraging the effective NIST cybersecurity framework. We’ll cover some of the topics and information they discussed during the live webinar.
The NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) has developed a series of documents known as the Framework for Improving Critical Infrastructure Cybersecurity. By following the NIST cybersecurity framework, you’ll ensure that your money is spent on the right areas to build an effective defense strategy.
The Five NIST Pillars
Five functional pillars comprise the NIST cybersecurity framework: Identify, Protect, Detect, Respond and Recover.
- Identify: Identifying your assets is the first step in adopting this framework, as it helps you build a solid foundation. After all, how can you protect your assets if you don’t know what’s in your (or your partner’s) environment? Often, people think the term “assets” only refers to devices, but it also refers to your users, data, application and vendors. When identifying your asset inventory, you’ll also need to determine your governance, risk and compliance (GRC) status and scan for vulnerabilities and risks.
- Protect: Defending your assets against potential threats is perhaps the most critical aspect of cybersecurity. The key is to determine how much protection is necessary to contain or limit the effects of a cybersecurity incident. You’ll start by reviewing management, authentication and access control followed by awareness and training, data security, information protection, maintenance and protective technology. While focusing primarily on technical controls here, don’t discount the importance of physical security!
- Detect: Detection is much more than just alerting to cyberattacks. Following the recommendations in this NIST pillar will allow you to detect all cybersecurity events including newly installed software or apps, failed login attempts and new devices or users. Through establishing strong detection capabilities, you’ll look at anomalies and events, continuous security monitoring and detection processes.
- Respond: This pillar addresses your ability to contain the impact of a cyberattack, with categories including response planning, communication, analysis, mitigation and improvement. Ensure your team can respond to alerts from detection tools and that each person knows their roles and responsibilities in case of an incident. Reviewing all incidents retroactively and incorporating lessons learned is the final step in an ongoing incident response plan.
- Recover: The final framework pillar covers your recovery planning, improvements and communications. Your business needs will help determine your data priorities, so if and when an incident occurs, you can begin restoring data right away. Don’t forget to test your backups and practice ahead of time by using tabletop exercises to help you prepare for a cyberattack!
Want to dive deeper into the NIST cybersecurity framework? We break it down even further in our blog Breaking Down the NIST Cybersecurity Framework.
A total of 23 categories are spread across these five functions, covering cyber, physical and personnel and focusing on business outcomes. These categories then branch into 108 subcategories, which can be overwhelming to navigate. If you don’t know where to start, don’t stress—look to CIS Controls v8.
CIS Controls v8 Complement
Although the NIST cybersecurity framework was created by the US Federal Government, it’s quickly become the industry standard for cybersecurity best practices.
For this reason, the National Cyber Security Alliance (NCSA) created the Cybersecurity Framework Profile to help organizations select the right cybersecurity framework for their business. The NCSA has also created a rating system for the cybersecurity frameworks that meet this profile—the NCSA Cybersecurity Framework v8 Complement (or simply “CIS Controls”).
CIS Controls are comparable to the NIST cybersecurity framework, but they focus on the specific needs of the business sector and the business’s cybersecurity maturity to determine where that organization falls in the cybersecurity journey.
Our favorite part about CIS Controls is that it feels like a how-to manual. Broken down into three Implementation Groups (IGs) that are easier to digest, each IG contains a set of controls that need to be integrated to achieve optimal cybersecurity effectiveness. Even if you only cover IG1, you’ll have protection from the top five attack types—malware, ransomware, web application hacking, insider privilege and misuse as well as targeted intrusions.
To learn more about the NIST cybersecurity framework, check out the comprehensive online guide. And be sure to watch the full DeNISTifying Cybersecurity: Leveraging A Proven Framework to Evolve Your Stack webinar on-demand!