Skip to content
Get A Demo
Free SIEM
    October 12, 2022

    Complete Guide to the NIST Cybersecurity Framework

    In 2013, Barack Obama mandated the establishment of the NIST Cybersecurity Framework via an Executive Order. By 2014, the US National Institute of Standards and Technology (NIST) brought it to life, crafting cybersecurity standards tailored to shield critical computing infrastructure

    Commonly contracted to CSF (for Cyber-Security Framework), it is now the de facto standard. Its function is to create a five-step process to Identify, Protect, Detect, Respond, and Recover from data breaches and other cybersecurity risks.

    NIST Adoption

    Consequent to its success, the CSF has been adopted by many governments and federal agencies, not in a battle against each other, but in the ongoing fight against criminal elements who have no regard for a nation’s sovereignty, and seek to cause harm.

    Its wide adoption has seen it translated into many languages including Russian, Spanish, Italian, French, and Japanese.

    Companies recognize the immense value of the NIST Cybersecurity Framework, particularly if they are considered primary targets for hackers. Microsoft jumped on the bandwagon, right along with Intel; financial institutions like JP Morgan Chase and the Bank of England came on board; they were joined by infrastructure organizations such as the Ontario Energy Board and Nippon T&T Corporation.

    What Are The 5 Pillars Of The NIST Cybersecurity Framework?

    You should be aware, however, that you cannot comply with a framework. The core of the NIST CSF is a massive spreadsheet composed of 20 pages. Its purpose is to help your company comply with your cybersecurity requirements. The CSF was created to help you help yourself.

    The NIST framework provides an outline of five areas to build and improve on your information security program.

    1. IDENTIFY.

    It’s essential to know what you have before you can start protecting it.

    • Understand your legal, regulatory, compliance and moral obligations.
    • Identify software and hardware assets by performing an inventory so they can be managed, and determine if there are vulnerabilities in those assets.
    • Identify your role in infrastructure or the supply chain; and, identify how you will cope with a supply chain breakdown.
    • Implement a risk management strategy and perform a risk assessment, which should include identifying your risk tolerance.
    1. PROTECT.

    This function outlines safeguards you can use to protect your organization from cyberattacks.

    • Provide staff with awareness training and phishing simulations.
    • Match response to risk factors.
    • Create information protection strategies and identity and access management strategies, as well as a password policy that encourages the use of complex and strong passwords and multi-factor authentication.
    • Use protective technologies (e.g., USB single-use code generator key fobs, etc.) to control access to sensitive data.
    1. DETECTION
    • Utilize a detection and response platform that provides notifications so you can immediately recognize suspicious behavior that lead to cyberattacks.
    • Use pseudo attacks to assure the system is identifying and responding correctly.
    • Record anomalies and events so they can be studied.
    1. RESPONSE
    • Manage communications during the threat and make sure the correct response is implemented to an identified threat.
    • Use the NASA strategy of “Don’t do anything until you understand the problem because you’ll likely make it worse.”
    • Follow policies (isolating systems) to minimize the spread; then make sure that forensic analysis takes place after the event to improve responses.
    1. RECOVERY

    Recovery can include numerous strategies such as a complete wipe of the system and restoring from the most recent backups.

    • If you’re using multi-site servers (Cloud or Private), once a system is clean you can import a copy from elsewhere, putting you right back in business in just hours.
    • Other essential elements include study of the cybersecurity event and building on what was learned. Most painful is reporting to the media, especially if customers were affected, sincerely apologizing, and explaining consequences, how they can check to see if they were affected, and your mitigation strategies to prevent such things in the future. Response planning can make this process smoother, however.

    Challenges of NIST Standards

    The simple fact of the matter is that protection is not always successful. These criminal hackers have the time, resources, and the money to overcome your best-laid security plans. Keeping them out is truly impossible, but making that access as difficult as possible is essential.

    Once they do manipulate their way in, detection and response are essential. Failure to do so brings on analogies involving bulls and china shops, not to mention litigation, lawsuits, and liability, on top of the loss of community respect. You cannot take this lightly.

    Many companies — especially small to mid-sized businesses — don’t know how to proceed with implementing the recommendations of the CSF to keep themselves safe. Unfortunately, most IT departments lack the experience to interpret and set up the CSF effectively, as well as successfully get stakeholders on board. It is, admittedly, a very complex process with thousands of variables. In most cases, it would be unfair to expect your IT department to add all this additional labor onto their current workload and still be effective in all their other duties. You’re going to need some outside support.

    Get Started With Blumira’s Free SIEM

    This is why there are expert intermediaries like Blumira that understand all the subtleties, convolutions, back checks, interrelationships, and strategies that make it work.

    Blumira can help you implement threat detection and response and to do it cost effectively. Blumira is a SIEM with threat detection and response that alerts your team about critical cyber threats in real-time and provides actionable response capabilities with automation that reduce the overhead associated with traditional SIEM products.

    With Blumira’s free edition, secure your Microsoft 365 environment in seconds with coverage for unlimited data and users. With our free edition, you can:

    • Use guided security playbooks to easily respond to threats
    • View summary dashboard and reports
    • Set up in seconds using our new feature, Cloud Collectors

    Free Trial
    For more coverage and support, you can easily upgrade to a paid version that fits your needs.

    Matthew Warner

    Matthew Warner is Chief Technology Officer (CTO) and co-founder of Blumira. Matt brings nearly two decades of IT and cybersecurity experience to his leadership position, and a genuine passion for cybersecurity education. Prior to founding Blumira, he was Director of Security Services at NetWorks Group, a managed...

    More from the blog

    View All Posts