DevOps.com

Where the world meets DevOps

What is the NIST Cybersecurity Framework?

By on 1 Comment

Cybersecurity threats are easier to handle when you have a framework to build off of. That’s why NIST developed the Cybersecurity Framework. Learn more.

Recent Posts By DevOps.com
More from DevOps.com
Related Posts
Show more
Show less

What You Need to Know About the NIST Cybersecurity Framework

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework.

The 5 Elements of the NIST Cybersecurity Framework

There are five central elements of the NIST Cybersecurity Framework:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

The 3 Components of the NIST Cybersecurity Framework

In addition to the five main elements of the NIST Cybersecurity Framework, there are also three essential components.

Framework Core: The Framework Core provides you with a set of activities to help you achieve specific cybersecurity outcomes. In order to help you achieve each activity, the Framework Core provides you with examples.

Implementation Tiers: The Implementation Tiers provide you with an outline to increase the sophistication in your cybersecurity risk management.

Framework Profiles: The Framework Profiles outline your cybersecurity activities and provides a look at the potential cybersecurity outcomes needed to meet your cybersecurity goals.

How to Use the NIST Cybersecurity Framework

In order to use the NIST Cybersecurity Framework, you must follow these three steps:

  1. Determine the appropriate implementation tier.
  2. Understand the gap between its current and target profiles.
  3. Put plans in place to implement the activities from the Framework Core to move toward the target profiles.

The CIS Controls for NIST Cybersecurity Framework

The Center for Internet Security (CIS) regularly publishes CIS Critical Security Controls that map to the NIST Cybersecurity Framework. While there are many sections to the CIS Controls, the most relevant is CIS Control 18, Application Software Security. The section recommends the following actions:

  1. Establish secure coding practices.
  2. Ensure software development personnel are trained in secure coding.
  3. Apply static and dynamic code analysis tools.

To read more, please visit: https://www.perforce.com/blog/kw/nist-cybersecurity-static-analysis

Sponsored Content
Featured eBook
The Automated Enterprise

The Automated Enterprise

“The Automated Enterprise” e-book shows the important role IT automation plays in business today. Optimize resources and speed development with Red Hat® management solutions, powered by Red Hat Ansible® Automation. IT automation helps your business better serve your customers, so you can be successful as you: Optimize resources by automating ... Read More
%d bloggers like this: