What is the NIST Cybersecurity Framework? Definition from SearchSecurity

The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk.
NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure cybersecurity.
Its goal is to encourage organizations to prioritize cybersecurity risks - similar to financial, industrial/personnel safety and operational risks.
Another objective of the framework is to help include cybersecurity risk considerations in day-to-day discussions at organizations.
The framework is both voluntary and performance based, meaning organizations are not required to follow it.
While designed primarily for government and private sector organizations, public companies can also use the NIST Cybersecurity Framework.
The U.S. government and NIST provide several tools to help organizations get started with cybersecurity programs and assessments.
NIST does not use the term comply when it comes to the CSF. If an organization chooses to follow the framework, NIST uses the term leverage - as in an organization will leverage the NIST Cybersecurity Framework.
In February 2013, President Obama, issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity, which called for the development of a voluntary cybersecurity framework that would provide a prioritized, flexible and performance-based approach to aid organizations in managing cybersecurity risks for critical infrastructure services.
While multiple federal agencies were tasked with developing elements related to this executive order, NIST was assigned to develop a cybersecurity framework with input from private industry.
The framework core, as described by NIST, is the set of cybersecurity activities and desired outcomes common across any critical infrastructure sector.
The framework implementation tiers provide context around an organization's cybersecurity risks and processes to put in place to manage risks.
The tiers describe the level at which an organization's cybersecurity risk management practices follow the characteristics defined in the CSF. A tier 1 organization, for example, is one that's ranked as partial, described as having limited awareness.
Tier 2 is risk-informed, tier 3 is repeatable and tier 4 is adaptive, meaning the organization can best react to cybersecurity threats.
The framework profiles describe the current state of an organization's security program, as well as compare the current state to the desired state.
The goal of a profile is to aid organizations in establishing a roadmap for reducing cybersecurity risk.
Identify refers to developing an understanding of how to manage cybersecurity risks to systems, assets, data or other sources.
Detect defines how a cybersecurity event is identified.
Respond defines what actions are taken when a cybersecurity event is detected.
The goal of these functions is to provide a strategic view of the cybersecurity risks in an organization.


This Cyber News was published on www.techtarget.com. Publication date: Mon, 08 Jan 2024 19:43:04 +0000


Cyber News related to What is the NIST Cybersecurity Framework? Definition from SearchSecurity

What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
11 months ago Techtarget.com
CMMC v2.0 vs NIST 800-171: Understanding the Differences - The NIST SP 800-171 lays out the requirements for any non-federal agency that handles controlled unclassified information, or other sensitive federal information. DFARS does not address the CMMC at all but a new clause is currently being drafted for ...
11 months ago Securityboulevard.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
7 months ago Feeds.fortinet.com
Cybersecurity Frameworks: What Do the Experts Have to Say? - Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with ...
5 months ago Tripwire.com
Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
1 year ago Securityboulevard.com
NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats - In a landmark move, the US National Institute of Standards and Technology has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on ...
11 months ago Infosecurity-magazine.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
11 months ago Securityzap.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
5 months ago Techtarget.com
How AI can be hacked with prompt injection: NIST report - As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks ...
9 months ago Securityintelligence.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
10 months ago Legal.thomsonreuters.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
11 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
1 year ago Securityzap.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
11 months ago Securityzap.com
What the cybersecurity workforce can expect in 2024 - For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. ...
11 months ago Securityintelligence.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
10 months ago Securityzap.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
10 months ago Securityzap.com
Gamification in Cybersecurity Education - Gamification has become increasingly prevalent in numerous domains, including cybersecurity education. Gamification presents a promising approach to meet this challenge, making cybersecurity education both effective and enjoyable. One way to ...
11 months ago Securityzap.com
Examining if NISTs Cybersecurity Framework 20 Could Lead to Global Standards - It has been almost seven years since the 1.1 update of NIST's Cybersecurity Framework. Since its launch in 2014, the Framework has become one of the most influential references for cybersecurity best practices and planning. In January, the world got ...
1 year ago Blog.isc2.org
Roundup: Federal action that shaped cybersecurity in 2023 - As 2023 draws to a close, it's time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level. These ...
11 months ago Securityintelligence.com
Beyond Mere Compliance - Too often we continue to see executives whose approach to cybersecurity - compliance rather than protection - is strikingly similar to that of the ill-advised business owner whose minimal fire protection is designed only to meet the building code. ...
11 months ago Cyberdefensemagazine.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
11 months ago Darkreading.com
Key cybersecurity skills gap statistics you should be aware of - As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in ...
11 months ago Helpnetsecurity.com
Cybersecurity Workshops for Students - Cybersecurity workshops for students serve as an effective means to educate and empower the younger generation in protecting their digital assets. With proper planning and organization, cybersecurity workshops enable students to navigate the digital ...
11 months ago Securityzap.com
How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
1 year ago Csoonline.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)