What is the NIST Cybersecurity Framework?

Is your organization ready to respond to any cyber-attacks or threats that might unfortunately come its way. The National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce has developed the NIST Cybersecurity Framework, which is widely considered the gold standard when it comes to best practices of a cybersecurity program. The tool is designed to work across organizations of all sizes and across any industry, which has led to its widespread adoption among security professionals.

In this article, we’re breaking down the key components of the NIST Cybersecurity Framework and the process of how you can implement it at your place of business. Read on to learn more about why you need to know about this critical cybersecurity tool! 

What is the NIST Cybersecurity Framework?

Cybersecurity measures often go unnoticed, but are absolutely essential to all aspects of daily life, including the critical physical and online infrastructure some take for granted. Recognizing this, former President Barack Obama issued Executive Order 13636, which called on the NIST to work with stakeholders to develop a voluntary framework for reducing cyber risk. 

The resulting NIST Framework prioritizes flexible, repeatable and cost-effective approaches and led to the creation of the Department of Homeland Security’s Critical Infrastructure Cyber Community C³ Voluntary Program to assist with implementation. 

While the original executive order called for the framework to be designed for critical infrastructure such as utilities, transportation, financial services, communications, healthcare and agriculture, it is widely used in both the public and private sector. The framework consists of three parts: the core, which encompasess five main functions, implementation tiers and the framework profile. 

The 5 Core Functions of the NIST Cybersecurity Framework

The framework core is a set of cybersecurity activities and outcomes that are common across critical infrastructure and other sectors. These five functions are meant to be performed on a continuous and concurrent basis. 

Identify

This step is focused on laying the groundwork for an effective cybersecurity program. At this stage, the cybersecurity specialists asks themselves, “what processes and assets need protection?” In order to complete this step, they must understand the business context in which critical functions take place and the related cybersecurity risk. Activities within this group might include:

• Identifying important physical and software assets, in order to establish an asset management program
• Identifying current cybersecurity policies, as well as any legal and regulatory requirements. 
• Identifying any asset vulnerabilities, internal and external threats and current risk response mitigation strategies
• Beginning to establish an updated risk management strategy, including identifying risk tolerance

Protect

This function establishes the appropriate safeguards to ensure minimal disruption to the delivery of any critical services given a potential cybersecurity event. It is the most proactive of the core functions, with a focus on ensuring the protection of enterprise assets. Activities within this group might include:

• Implementing identity management and access control across the organization
• Training staff on updated security guidelines and best practices
• Establishing data security protection consistent with risk strategy and implementing processes to manage the protection of information systems and assets

Detect

Despite an organization’s best efforts, it’s only a matter of time until a cybersecurity incident, which is where this function comes in. Here, the cybersecurity team will define the appropriate activities to identify the occurrence of a cybersecurity incident in a timely manner. This includes ensuring anomalies and events are detected with their potential impact understood by the broader team and the implementation of continuous and effective monitoring capabilities. 

Respond

This function focuses on the activities to take if and when a cybersecurity incident is detected. The main purpose of this step is to support the ability to contain the impact of the incident such that critical business activities can occur as normally as possible. Activities within this group might include:

• Develop response planning processes to be executed during and after an incident
• Managing communication with internal and external stakeholders
• Analyzing incidences and supporting recovery activities, such as forensic analysis and impact reporting
• Implementing improvements based upon learnings from previous detection and response activities

Recover

As implied by the name, the recover function is focused on restoring any capabilities or services that were previously impaired due to a cybersecurity incident. In this step, it’s critical to minimize impact in a timely manner and return to normal operations, with the support of the entire team. Activities are similar to the respond function and might include:

• Ensuring recovery planning processes are implemented correctly company-wide 
• Implementing improvements based on reviews of existing mitigation strategies
• Coordinating internal and external communications during and after cybersecurity incidents

How to Implement the NIST Cybersecurity Framework

After learning about the five core functions of the NIST Cybersecurity Framework, professionals move into the Implementation and Profiles stage of the process. 

The implementation stage involves the cybersecurity team taking complete inventory of all current activities and tools used by the organization. Each one should be labeled within the five functions For example, a company’s firewall would go in the protect category. Keep in mind, it’s possible that some multi-purpose tools could fall within several functions.

Next, tools and processes are classified into four maturity tiers, which connotes their ability to reduce cybersecurity risks. The tiers are:

• Tier 1: Partial – A nonexistent or unsystematic risk management systems
• Tier 2: Risk Informed – Partial or unfinished risk management processes
• Tier 3: Repeatable – Formal and structured policies and procedures; a robust risk management program
• Tier 4: Adaptive – Responsive risk management programs, the best in the industry 

The point of this process is for cybersecurity professionals to be able to clearly see where gaps exist in the organization’s capabilities, or where existing programs might not be meeting expectations. Using all this information, they create a profile, which depicts an organization’s cybersecurity status at a moment in time. Following the implementation of NIST guidelines, new and continuous profiles can be created as a means of tracking progress.

NIST offers an Excel Spreadsheet and PDF guide that takes cybersecurity specialists through the implementation and profile process. While these documents can look daunting, if used correctly, they’ll create a comprehensive understanding of an organization’s cybersecurity preparedness and a solid roadmap for improvement. 

Why the NIST Cybersecurity Framework is Important to Know

The NIST cybersecurity framework is a totally voluntary process for private and public organizations, but can be an immensely helpful tool for a number of reasons. Overall, it’s easy to understand and use and meant to be adaptable, so organizations can prioritize the activities most important to their needs. Because it is risk-based, it forces companies to consider which assets are most important, and takes steps to protect them first.

Given this information, budding cybersecurity specialists can expect to encounter NIST throughout their career, making it a great idea to learn about this tool as early as possible. The framework helps organizations measure the ROI of cybersecurity investments and provides a common language that can be used to easily and effectively communicate details to all stakeholders, like IT, business and executive management teams. 

Learn More About Information Security and Cybersecurity Careers

We hope this article has equipped you to dive into the NIST Cybersecurity framework. A great way to enhance your knowledge of frameworks and the field in general is by attending a cybersecurity bootcamp. These programs offer a cost-effective way to gain necessary “on-the-job” skills and encounter real-world scenarios in an educational setting. 

Be sure to browse our complete listings of cybersecurity bootcamps or take a look at our additional resource pages!

• Learn everything you need to know about becoming a professional in the field, in roles like Cybersecurity Specialist, Cloud Architect, Database Administrator, Network Engineer, and Systems Architect
• Check out the most in-demand technology jobs for 2022 and the highest paying tech jobs
• Compare the CISSP, CISM and CEH certifications and learn about what the CompTIA Security+ Certification entails. 
• Discover more about white hat hacking and black hat hacking and the most common type of cyber attacks
• Is the CompTIA Security+ Certification worth it? Learn everything you need to know here
• Become prepared for the job search with tips on creating the perfect technical resume and acing your technical interview