DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Perforce » Compliance » What is the NIST Cybersecurity Framework?

security APIs What is the NIST Cybersecurity Framework

What is the NIST Cybersecurity Framework?

By: Mitch Ashley on January 11, 2021 1 Comment

Cybersecurity threats are easier to handle when you have a framework to build off of. That’s why NIST developed the Cybersecurity Framework. Learn more.

Recent Posts By Mitch Ashley
  • Fixing Spring4Shell Starts With Software Supply Chain Management
  • Updating and Managing Infrastructure-as-Code (IaC)
  • Log4j: Is There Such a Thing as ‘Too Much’ Open Source?
More from Mitch Ashley
Related Posts
  • What is the NIST Cybersecurity Framework?
  • DevOps Connect: DevSecOps — Building a Modern Cybersecurity Practice
  • SBOMs 101: What You Need to Know
    Related Categories
  • Compliance
  • Perforce
    Related Topics
  • National Institute of Standards and Technology
  • NIST
  • NIST cybersecurity framework
  • perforce
Show more
Show less

What You Need to Know About the NIST Cybersecurity Framework

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework.

CloudNativeDay 2022

The 5 Elements of the NIST Cybersecurity Framework

There are five central elements of the NIST Cybersecurity Framework:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

The 3 Components of the NIST Cybersecurity Framework

In addition to the five main elements of the NIST Cybersecurity Framework, there are also three essential components.

Framework Core: The Framework Core provides you with a set of activities to help you achieve specific cybersecurity outcomes. In order to help you achieve each activity, the Framework Core provides you with examples.

Implementation Tiers: The Implementation Tiers provide you with an outline to increase the sophistication in your cybersecurity risk management.

Framework Profiles: The Framework Profiles outline your cybersecurity activities and provides a look at the potential cybersecurity outcomes needed to meet your cybersecurity goals.

How to Use the NIST Cybersecurity Framework

In order to use the NIST Cybersecurity Framework, you must follow these three steps:

  1. Determine the appropriate implementation tier.
  2. Understand the gap between its current and target profiles.
  3. Put plans in place to implement the activities from the Framework Core to move toward the target profiles.

The CIS Controls for NIST Cybersecurity Framework

The Center for Internet Security (CIS) regularly publishes CIS Critical Security Controls that map to the NIST Cybersecurity Framework. While there are many sections to the CIS Controls, the most relevant is CIS Control 18, Application Software Security. The section recommends the following actions:

  1. Establish secure coding practices.
  2. Ensure software development personnel are trained in secure coding.
  3. Apply static and dynamic code analysis tools.

To read more, please visit: https://www.perforce.com/blog/kw/nist-cybersecurity-static-analysis

Filed Under: Compliance, Perforce Tagged With: National Institute of Standards and Technology, NIST, NIST cybersecurity framework, perforce

Sponsored Content
Featured eBook
The Automated Enterprise

The Automated Enterprise

“The Automated Enterprise” e-book shows the important role IT automation plays in business today. Optimize resources and speed development with Red Hat® management solutions, powered by Red Hat Ansible® Automation. IT automation helps your business better serve your customers, so you can be successful as you: Optimize resources by automating ... Read More
« Klocwork Is the Ideal Static Analysis Tool for DevOps
Top 10 Common Software Vulnerabilities »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

VSM, an Ideal Framework for Continuous Security Dashboards
Wednesday, August 10, 2022 - 11:00 am EDT
LIVE WORKSHOP - Accelerate Software Delivery With Value Stream Mapping
Wednesday, August 10, 2022 - 1:00 pm EDT
10 steps to continuous performance testing in DevOps
Thursday, August 11, 2022 - 3:00 pm EDT

Latest from DevOps.com

GitHub Brings 2FA to JavaScript Package Manager
August 9, 2022 | Mike Vizard
CREST Defines Quality Verification Standard for AppSec Testing
August 9, 2022 | Mike Vizard
IBM Unveils Simulation Tool for Attacking SCM Platforms
August 9, 2022 | Mike Vizard
Tech Workers Struggle With Hybrid IT Complexity
August 9, 2022 | Brandon Shopp
Open Standards Are Key For Realizing Observability
August 9, 2022 | Bill Doerrfeld

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

The State of Open Source Vulnerabilities 2020
The State of Open Source Vulnerabilities 2020

Most Read on DevOps.com

Recession! DevOps Hiring Freeze | Data Centers Suck (Power) ...
August 4, 2022 | Richi Jennings
Developer-led Landscape & 2022 Outlook
August 3, 2022 | Alan Shimel
Palo Alto Networks Extends Checkov Tool for Securing Infrast...
August 3, 2022 | Mike Vizard
Orgs Struggle to Get App Modernization Right
August 4, 2022 | Mike Vizard
GitHub Adds Tools to Simplify Management of Software Develop...
August 4, 2022 | Mike Vizard

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.