A brief on NIST Cybersecurity Framework

We often get asked about NIST. What is it? How does it affect our business? Let’s take a brief view of NIST and explore some further reading.

NIST stands for National Institute of Standards and Technology, which is a non-regulatory agency of the US Federal Government founded in 1901. However, in the IT world, NIST is generally shorthand for compliance standards relating to cybersecurity frameworks. This is very often, specifically NIST 800-53.

“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure
and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while
promoting safety, security, business confidentiality, privacy, and civil liberties.”

Executive Order 13636
February 12, 2013

And thus, the NIST Cybersecurity Framework (CSF) was born. Consisting of three major components—the implementation tier, framework core, and profiles—and five core components—identify, protect, detect, respond, and recover—NIST is broken down categorically by function, category, and subcategory. Confused yet? Don’t worry, it gets easier.

Essentially, each core component forms a function identified by a two letter code. For example, Identify uses the code ID. The Identify function is, itself, then broken into categories which, again, have two letter designations. “Business Environment” is BE. This is then broken down into numbered subcategories. The subcategory dealing with supply chains is 1. So, in this case, the shorthand name would be ID.BE-1. There are a total of 108 subcategories in the various functions.

Tiers are a bit easier to understand. These are essentially levels 1-4: Partial (1), Risk-Informed (2), Repeatable (3), Adaptive (4). These are a way to measure efficacy of a cybersecurity defense. It should be noted that not all businesses are going to want or need to invest to get to the Adaptive level for everything: some items may not apply or simply may be out of a realistic budget reach.

Profiles use business objectives, threat environment, and requirements and controls to assess current vs. target organizational cybersecurity posture.

While you liekly already know if your business is required to meet NIST compliance standards, a NIST audit can be a valuable way for any business to get a good baseline on their local and online security. An IT professional is desirable to help organizations determine where they currently sit in their ability to prevent and respond to cybersecurity threats.

Having trouble with your NIST compliance? Just curious about your own business’s IT security? Or you’d simply like to explore this further? Contact us!

Further reading:

The official documents from NIST: https://nvd.nist.gov/800-53
Direct link to the official PDF: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
NIST Online Learning Resources: https://www.nist.gov/cyberframework/online-learning/components-framework
NIST 800-53 on Wikipedia: https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

A brief on NIST Cybersecurity Framework

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666