\"\"

DevOps.com

Where the world meets DevOps

What is the NIST Cybersecurity Framework?

By on 1 Comment

Cybersecurity threats are easier to handle when you have a framework to build off of. That’s why NIST developed the Cybersecurity Framework. Learn more.

Recent Posts By Mitch Ashley
More from Mitch Ashley
Related Posts
Show more
Show less

What You Need to Know About the NIST Cybersecurity Framework

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework.

The 5 Elements of the NIST Cybersecurity Framework

There are five central elements of the NIST Cybersecurity Framework:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

The 3 Components of the NIST Cybersecurity Framework

In addition to the five main elements of the NIST Cybersecurity Framework, there are also three essential components.

Framework Core: The Framework Core provides you with a set of activities to help you achieve specific cybersecurity outcomes. In order to help you achieve each activity, the Framework Core provides you with examples.

Implementation Tiers: The Implementation Tiers provide you with an outline to increase the sophistication in your cybersecurity risk management.

Framework Profiles: The Framework Profiles outline your cybersecurity activities and provides a look at the potential cybersecurity outcomes needed to meet your cybersecurity goals.

How to Use the NIST Cybersecurity Framework

In order to use the NIST Cybersecurity Framework, you must follow these three steps:

  1. Determine the appropriate implementation tier.
  2. Understand the gap between its current and target profiles.
  3. Put plans in place to implement the activities from the Framework Core to move toward the target profiles.

The CIS Controls for NIST Cybersecurity Framework

The Center for Internet Security (CIS) regularly publishes CIS Critical Security Controls that map to the NIST Cybersecurity Framework. While there are many sections to the CIS Controls, the most relevant is CIS Control 18, Application Software Security. The section recommends the following actions:

  1. Establish secure coding practices.
  2. Ensure software development personnel are trained in secure coding.
  3. Apply static and dynamic code analysis tools.

To read more, please visit: https://www.perforce.com/blog/kw/nist-cybersecurity-static-analysis

Sponsored Content
Featured eBook
DevOps: Mastering the Human Element

DevOps: Mastering the Human Element

While building constructive culture, engaging workers individually and helping staff avoid burnout have always been organizationally demanding, they are intensified by the continuous, always-on notion of DevOps.  When we think of work burnout, we often think of grueling workloads and deadline pressures. But it also has to do with mismatched ... Read More
%d bloggers like this: