Cybersecurity threats are easier to handle when you have a framework to build off of. That’s why NIST developed the Cybersecurity Framework. Learn more.
What You Need to Know About the NIST Cybersecurity Framework
The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework.
The 5 Elements of the NIST Cybersecurity Framework
There are five central elements of the NIST Cybersecurity Framework:
- Identify
- Protect
- Detect
- Respond
- Recover
The 3 Components of the NIST Cybersecurity Framework
In addition to the five main elements of the NIST Cybersecurity Framework, there are also three essential components.
Framework Core: The Framework Core provides you with a set of activities to help you achieve specific cybersecurity outcomes. In order to help you achieve each activity, the Framework Core provides you with examples.
Implementation Tiers: The Implementation Tiers provide you with an outline to increase the sophistication in your cybersecurity risk management.
Framework Profiles: The Framework Profiles outline your cybersecurity activities and provides a look at the potential cybersecurity outcomes needed to meet your cybersecurity goals.
How to Use the NIST Cybersecurity Framework
In order to use the NIST Cybersecurity Framework, you must follow these three steps:
- Determine the appropriate implementation tier.
- Understand the gap between its current and target profiles.
- Put plans in place to implement the activities from the Framework Core to move toward the target profiles.
The CIS Controls for NIST Cybersecurity Framework
The Center for Internet Security (CIS) regularly publishes CIS Critical Security Controls that map to the NIST Cybersecurity Framework. While there are many sections to the CIS Controls, the most relevant is CIS Control 18, Application Software Security. The section recommends the following actions:
- Establish secure coding practices.
- Ensure software development personnel are trained in secure coding.
- Apply static and dynamic code analysis tools.
To read more, please visit: https://www.perforce.com/blog/kw/nist-cybersecurity-static-analysis