What is the NIST Cybersecurity Framework?

Cybersecurity threats are easier to handle when you have a framework to build off of. That’s why NIST developed the Cybersecurity Framework. Learn more.

Recent Posts By Mitch Ashley

• Fixing Spring4Shell Starts With Software Supply Chain Management
• Updating and Managing Infrastructure-as-Code (IaC)
• Log4j: Is There Such a Thing as ‘Too Much’ Open Source?

More from Mitch Ashley

Related Posts

• What is the NIST Cybersecurity Framework?
• DevOps Connect: DevSecOps — Building a Modern Cybersecurity Practice
• SBOMs 101: What You Need to Know

Related Categories
• Compliance
• Perforce

Related Topics
• National Institute of Standards and Technology
• NIST
• NIST cybersecurity framework
• perforce

Show more

Show less

What You Need to Know About the NIST Cybersecurity Framework

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework.

The 5 Elements of the NIST Cybersecurity Framework

There are five central elements of the NIST Cybersecurity Framework:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

The 3 Components of the NIST Cybersecurity Framework

In addition to the five main elements of the NIST Cybersecurity Framework, there are also three essential components.

Framework Core: The Framework Core provides you with a set of activities to help you achieve specific cybersecurity outcomes. In order to help you achieve each activity, the Framework Core provides you with examples.

Implementation Tiers: The Implementation Tiers provide you with an outline to increase the sophistication in your cybersecurity risk management.

Framework Profiles: The Framework Profiles outline your cybersecurity activities and provides a look at the potential cybersecurity outcomes needed to meet your cybersecurity goals.

How to Use the NIST Cybersecurity Framework

In order to use the NIST Cybersecurity Framework, you must follow these three steps:

1. Determine the appropriate implementation tier.
2. Understand the gap between its current and target profiles.
3. Put plans in place to implement the activities from the Framework Core to move toward the target profiles.

The CIS Controls for NIST Cybersecurity Framework

The Center for Internet Security (CIS) regularly publishes CIS Critical Security Controls that map to the NIST Cybersecurity Framework. While there are many sections to the CIS Controls, the most relevant is CIS Control 18, Application Software Security. The section recommends the following actions:

1. Establish secure coding practices.
2. Ensure software development personnel are trained in secure coding.
3. Apply static and dynamic code analysis tools.

To read more, please visit: https://www.perforce.com/blog/kw/nist-cybersecurity-static-analysis