Technology is rapidly advancing each day and systems are getting more complex. With this growth and expansion, several cybersecurity risks may arise. Cyber threats are quickly evolving and becoming more difficult for businesses to find, stop, and recover from. This is why many companies rely on existing cybersecurity frameworks that offer a simplified and organized set of instructions to follow for optimum cybersecurity management. In this blog article, we’ll be discussing the NIST cybersecurity framework, its core functions, and how it is used to combat cyber threats. We’ll also look at some of the upgrades in the NIST Cybersecurity Framework 2.0 and how they can help. For now, let’s focus on what is NIST Cybersecurity Framework in the first place.
What Is NIST and the NIST Cybersecurity Framework?
The National Institute of Standards and Technology - or NIST - is a non-regulatory agency of the U.S. Department of Commerce that was founded in 1901. The organization has guided computer security for decades and is used to encourage innovation by advancing measurement science, standards, and technology. Now, what is the NIST Cybersecurity Framework? Essentially, a cyber security NIST framework – also called NIST CSF – is a set of comprehensive guidelines and best practices for businesses to maintain their cybersecurity posture. The framework has been part of the guidelines for executive board members to follow for years.
NIST framework cybersecurity provides a series of standards that is a key roadmap for many private sector companies to effectively detect, respond to, and recover from cyber-attacks. It creates a common language for understanding complex cyber threats and resolving difficult cybersecurity issues. The NIST cyber framework has been mostly aimed at smaller or less-regulated organizations to ensure a more targeted approach where cybersecurity might not be a priority. This is also why the framework is more flexible and cost-effective – allowing businesses to customize and implement their NIST solutions as needed.
One of the main features of the NIST information security Framework is its simplicity and how easy it is to navigate. This is largely due to the five key functions of the framework that neatly expand on critical areas of cybersecurity clearly and concisely. While these functions are there to offer guidance, they are not compliance-based and largely focus on daily cybersecurity issues faced. Let’s review these five core functions of the cybersecurity framework NIST.
The 5 Core Functions of the NIST CSF
The NIST Cybersecurity Framework has five main functions: identify, protect, detect, respond, and recover. These offer a general overview of the major cybersecurity protocols that have to be followed within each business. These five functions are later split into categories and subcategories that contain tangible actions that can be taken. We’ll now explore each category in more detail to see what is the NIST framework made up of:
1. Identify in NIST CSF
Naturally, to protect your network and business, you need to be completely aware of everything within the business. The identification function of the NIST CSF focuses on asset management and risk assessments that help you evaluate each asset within the business and how vulnerable they are to cyber threats. This can help you understand critical resources and how to ensure functional governance, supply chains, and business strategies. Sangfor’s Cyber Command (NDR) platform monitors for malware, residual security events, and future potential compromises using an AI algorithm - consistent with NIST CSF guidelines.
2. Protect in NIST CSF
The protection function is aligned with defensive measures such as physical security, identity protection, and critical asset management. This part of the NIST framework for cybersecurity will focus on access management, cybersecurity training, data security, and more. An ideal example is the AI-powered Sangfor Next-Generation Firewall (NGFW) that can identify malicious files at both the network level and endpoints - providing comprehensive and holistic protection from all threats.
3. Detect in NIST CSF
Detection is a crucial element in any cybersecurity framework. Here, the detect function ensures that threats are found quickly. The actions focused on in this function include anomaly detection, investigations, continuous monitoring, and other detection processes. Detection is often done at the endpoints of the network. This is why Sangfor’s Endpoint Security can be used to identify malicious files at both the network level and endpoints – ensuring integrated protection against malware infections and APT breaches across your entire organization's network. The demonstration of Endpoint Secure in action shows how it reinforces the NIST framework in place.
4. Respond in NIST CSF
Within this function, businesses can learn how to act immediately and effectively to stop an attack in its tracks. Key categories of the response function for the NIST-CSF will include response planning, analysis, communication, mitigation, and improvements. The NIST framework emphasizes proactive planning and continuous improvement to establish a stronger incident response plan.
5. Recover in NIST CSF
What happens after a cyber-attack is also a crucial matter. The recovery function will focus on how to get on your feet and resume operations as usual. This includes communications, recovery planning, and continuous improvements. When using Sangfor’s Cyber Command, an organization can seamlessly adhere to the NIST protocols and ensure a comprehensive security model at all times - emphasized in the demo of Cyber Command being the ideal Network Detections and Response tool.
Here is the Whiteboard video on Sangfor’s Cyber Command that explains these concepts in details with examples:
While each CSF NIST core function can be neatly categorized, it’s important to note that each function can act independently from the others based on your specific business needs and vulnerabilities. The NIST framework cybersecurity plan is curated with flexibility that understands what your needs are within context. Now, let’s explore how businesses can make use of the NIST cybersecurity framework.
How Can Businesses Use the NIST Cybersecurity Framework?
The NIST Cybersecurity Framework is designed to help businesses protect their critical infrastructure while offering tangible guidelines and practices that can be implemented as required. Businesses can use the cyber security framework NIST in several ways to elevate and enhance their current cybersecurity position. These include:
- Assessing the current cybersecurity measures in place by creating a profile.
- Identifying new and innovative cybersecurity protocols to follow as technology advances.
- Communicating cybersecurity requirements effectively across the business.
- Assessing network threats as they appear. Sangfor’s Cyber Command platform effectively helps with this when correlating with the Hyper-Converged Infrastructure platform.
- Ensuring that the right NIST cybersecurity framework training and cybersecurity awareness is implemented.
- Creating new cybersecurity protocols and programs.
- Providing a checklist of tasks to complete for optimal cybersecurity.
- Integrating NIST CSF protocols into existing security processes as needed.
- Ensuring a solid foundation for a cyber security risk management framework and security.
- Providing analysis and feedback to strengthen weaker areas.
Additionally, using a managed cloud platform like Sangfor’s Managed Cloud Services will take the burden off your shoulders and ensure that your business runs efficiently and within all the constraints of the NIST cybersecurity framework - giving you elastic computing and security in one seamless service
The NIST CSF also uses a series of tiers to assess a company’s current risk management, threat environment, and compliance standards. This information is used to see where the business stands concerning its cybersecurity posture. The tier system goes as follows:
Tier 1 – Partial
This is a starting point for most businesses where risk management isn’t properly implemented and cybersecurity is not formalized.
Tier 2 – Risk-Informed
There is a level of risk management here, however, these protocols are not standardized across the company.
Tier 3 – Repeatable
At this point, a formal and organized cybersecurity strategy is in place with refined policies and protocols.
Tier 4 – Adaptive
At the final tier, the company shows extensive cybersecurity awareness and implements thorough risk management strategies that are informed by threat intelligence.
While the NIST recommends that companies at Tier 1 advance to Tier 2, the organization also noted that each tier cannot be compared to maturity level. Companies should only move up the tier list once they can afford to and it effectively reduces specific cybersecurity risks. The above tiers can then be used to create your NIST Cybersecurity Framework Profile. The framework profile is a roadmap of where your business is and where it wants to be in the future. We’ll now go into more detail about that and examples of NIST cybersecurity framework profiles to work upward from.
Examples of NIST Cybersecurity Framework Profiles
A framework profile allows you to get a clear picture of your company’s current cybersecurity posture in relation to risk management, business requirements, and resources used. The CSF profile will give your business a current profile and target profile that will respectively detail the current cybersecurity posture figures and the desired figures.
Comparing your current profile and target profile will give your business an actionable improvement plan. Your company’s framework profile will offer guidelines that are aligned with organizational and sector goals, consider legal or regulatory requirements and industry best practices, and reflect risk management priorities. Below are a few examples of NIST Cybersecurity Framework Profiles
- NIST IR 8183 - Cybersecurity Framework Manufacturing Profile
- NIST IR 8183r1 - Cybersecurity Framework Version 1.1 Manufacturing Profile Rev. 1
- NIST IR 8310 (Draft) - Cybersecurity Framework Election Infrastructure Profile
- NIST IR 8323 Revision 1 - Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of PNT Services
- NIST IR 8374 - Ransomware Risk Management: A Cybersecurity Framework Profile
- NIST IR 8406 - Cybersecurity Framework Profile for Liquefied Natural Gas
- NIST IR 8441 (Draft) - Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)
- NIST IR 8467 (Draft) - Cybersecurity Framework Profile for Genomic Data
- NIST IR 8473 - Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure
- NIST TN 2051 - Cybersecurity Framework Smart Grid Profile
- How to Use the Cybersecurity Framework Profile for Connected Vehicle Environments – U.S. Transportation
- Cybersecurity Framework Profile Excel for Connected Vehicle Environments – U.S. Transportation
- Maritime Cybersecurity Framework Profiles – U.S. Coast Guard
- Maritime Bulk Liquids Transfer Cybersecurity Framework Profile - US Coast Guard, Offshore Operations Profile, Passenger Vessel Profile
- Cybersecurity Framework Profile for Communications Sector (Broadcast, cable, satellite, wireless, and wireline segment) – Federal Communications Commission’s The Communications Security, Reliability, and Interoperability Council (CSRIC) IV
The Discussion Draft: The NIST Cybersecurity Framework 2.0 Core with Implementation Examples also contains more framework profile examples. These can all serve as guidelines and simplified instructions for creating your framework profile for your business. Now that we have a grasp of what NIST frameworks can do for us, let’s take a quick look at the history behind the framework itself.
The History of NIST CSF
On the 12th of February 2013, President Obama issued Executive Order 13636. This order was called “Improving Critical Infrastructure Cybersecurity” and is what kicked off NIST’s involvement in U.S. private sector cybersecurity. According to NIST, the Executive Order introduced efforts on the sharing of cybersecurity threat information and on building a set of current and successful approaches for reducing risks to critical infrastructure. The organization was then tasked with creating a ‘cybersecurity framework.’
NIST was chosen for this project as it was a non-regulatory federal agency that acted as an unbiased source of scientific data and practices - including cybersecurity practices. In 2014, NIST released version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity. This framework was released as voluntary guidance that was based on existing standards, guidelines, and practices. It was the result of extensive collaboration and was aimed at critical infrastructure organizations to better manage and reduce cybersecurity risk.
While the original intention was to use the NIST framework for improving critical infrastructure cybersecurity for sectors like healthcare, utilities, and manufacturers, it soon became recognized and adopted by various global organizations as well. Today, the NIST Cybersecurity Framework is the most widely used in the world. However, these frameworks were meant to adapt with time and that is what led us to the NIST Cybersecurity Framework 2.0 being released this year. Let’s explore some of the updates that came along with this latest version.
NIST Cybersecurity Framework 2.0 Released Recently: What’s New?
In late February of 2024, NIST updated its landmark guidance document for reducing cybersecurity risk. According to the agency’s release, the new NIST 2.0 edition is designed for all audiences, industry sectors, and organization types, from the smallest schools and nonprofits to the largest agencies and corporations – regardless of their degree of cybersecurity sophistication. The framework is now explicitly aiming for accessibility across all sectors and not just critical infrastructure.
The National Institute of Standards and Technology agency expanded the core guidance of the CSF 2.0 and created resources that are custom to each user for optimum cybersecurity solutions. These resources are tailored and ensure that every organization has the right tools to build on their cybersecurity. Laurie E. Locascio, the Under Secretary of Commerce for Standards and Technology and NIST Director, stated that “CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve.”
While much of the previous CSF version is preserved, the CSF 2.0 version includes guidelines on cyber governance and risk management, artificial intelligence, supply chains and third-party risk management, zero-trust architecture, and IoT security. This updated version of the NIST cybersecurity framework anticipates users with varying needs and levels of experience in cybersecurity.
The new ‘Govern’ core function elevates cybersecurity risk management by assigning roles, responsibilities, and authorities to align an organization's cybersecurity risk posture with existing enterprise risk management. The emphasis on governance coincides with instances in which federal regulators have held executive leadership accountable for cybersecurity failures. NIST has stated that the CSF 2.0 governance component emphasizes that “cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation.”
The CSF 2.0 also has a Reference Tool that allows users to browse, search, and export data from the CSF core guidance in different formats – readable by both humans and machines. Additionally, the framework now provides a searchable catalog of informative references to indicate how the company’s current actions map onto the CSF. Users can then cross-reference the CSF’s guidance to more than 50 other cybersecurity documents - including others from NIST.
Businesses can also make use of the Cybersecurity and Privacy Reference Tool (CPRT) which holds an interrelated, browsable, and downloadable set of NIST guidance documents. This contextualizes NIST resources with other popular resources and offers ways to communicate these ideas to both technical experts and the C-suite – ensuring that all levels of an organization stay coordinated. NIST also assured us that it plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users – emphasizing that feedback from the community will be crucial.
Final Thoughts on the NIST Cybersecurity Framework
As we move forward, businesses of every size need to implement CSF protocols to ensure that they stay regulated, compliant, and informed. The NIST CSF plays a major role in the proactive practices and the updates from the NIST CSF 2.0 only prove how much accessibility and comprehensive security measures matter in the long run. More companies need to invest in advanced cybersecurity solutions that can maintain an acceptable cybersecurity posture.
Sangfor Technologies offers superior cybersecurity and cloud computing technologies that will ensure that the CSF guidelines are fulfilled at all times. Give your company the best cybersecurity solutions to uphold your cybersecurity framework. For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.
