What is the NIST CSF Framework?
The NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology, integrates industry standards and bast practices to help organizations manage their cybersecurity risks. It is widely used across schools, government organizations, and businesses across the globe. Sedara uses the NIST CSF as a basis for testing the posture of an organization’s security.
Why Use a Cybersecurity Framework?
The NIST CSF helps organizations understand their cybersecurity risks, then reduce these risks with a customized program and measurements. The framework also helps organizations develop a shared understanding of the language and steps needed to improve their cybersecurity programs.
What are the major sections of the NIST CSF?
There are five sections of the framework: Identify, Protect, Detect, Respond, and Recover. The sections are intended to address security posture in manageable steps, followed in order and repeated in a cycle.
What Do Organizations Struggle With Most When Implementing the NIST CSF?
In our experience, many organizations struggle with identification. You can’t protect what you don’t know you have! The identification section of the framework includes finding security problems within hardware and software assets – and without an inventory and controls covering these assets, it can be impossible to identify security problems.
When developing a security program with an organization, Sedara typically starts with the “Identify” phase, beginning with asset management. Once assets are collected and identified, the organization can move on to strategies for responding to incidents.
How does Sedara use this Framework to Improve my Organization’s Security?
Sedara leverages the NIST CSF to collect data from customers and prioritize their security problems to protect their assets most effectively. This can help customers implement plans to respond and recover when incidents do occur. Currently, Sedara uses NIST CSF version 1.1. Version 2.0 is forthcoming.
If Sedara can help you improve your organization’s security posture, please contact us!
Subscribe to Sedara Declassified to get timely updates on new and evolving threats–and what to do about them–just like our clients do.