NIST Cybersecurity Framework

What is NIST Cyber Security Framework?

The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. It provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.

The NIST Cybersecurity Framework is designed for individual businesses and other organizations to use to assess risks they face.

The framework is divided into three parts, “Core”, “Profile” and “Tiers”.

  1. The “Framework Core” – contains an array of activities, outcomes and references about aspects and approaches to cybersecurity.

  2. The “Framework Implementation Tiers” – are used by an organization to clarify for itself and its partners how it views cybersecurity risk and the degree of sophistication of its management approach.

  3. A “Framework Profile” is a list of outcomes that an organization has chosen from the categories and subcategories, based on its needs and risk assessments.

Who Does It Apply To?

While the primary stakeholders of the Framework are U.S. private-sector owners and operators of critical infrastructure, its user base has grown to include communities and organizations across the globe.

Scope of Regulation

It covers entire organization and their data, processes etc. The Framework Core consists of five concurrent and continuous Functions

  • Identify

  • Protect

  • Detect

  • Respond

  • Recover

When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

Core Requirements

  • Identify

    The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

  • Protect

    Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions & data is protected from unauthorized changes/access.

  • Detect

    The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.

  • Respond

    Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.

  • Recover

    Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.

CloudOptics Compliance Controls Monitoring

Applying NIST’s cybersecurity framework is a great way to organise and guide your cloud cybersecurity efforts.

CloudOptics provides a roadmap that indexes service features across this spectrum to facilitate compliance activities on a continuous basis.

Asset Inventory

Assets, software platforms and applications inventoried and maintained.

Identities, credentials & remote access are managed for authorized devices and users.

Access permissions are managed, incorporating the principles of least privilege and separation of duties

Continuous visibility and monitoring of all infrastructure configurations with actionable insights.

Want to see CloudOptics in action?