US English (US)
FR French

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Create a Ticket

  • Return to HighGround
English (US)
US English (US)
FR French
  • Home
  • Pro Services
  • Helpful Resources

What is the NIST Cyber Security Framework?

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Create a Ticket

  • Dashboard
    CEO CTO CFO
  • Technical Drilldown
    Helpful Resources
  • Compliance Manager
    Compliance Status' Helpful Resources
  • Cyber Trend Data
  • Pro Services
    Rewards Buy or Enquire Helpful Resources
  • Cyber KPI's
    Role-Based KPI's Primary KPI's Getting Started
  • Sign Up & Sign In
    Helpful Resources
  • Integrations
    Referrals Guides for Each Tool Helpful Resources
  • Settings
    Notifications Personal Profile System Settings User Management Subscriptions
+ More

Dashboard

Technical Drilldown

Compliance Manager

Cyber Trend Data

Pro Services

Rewards

Buy or Enquire

Helpful Resources

  Guide to Professional Services from HighGround

  What is Cyber Essentials and why should I get certified?

  What is the Dark Web and why should I monitor it?

  Why should I audit my Office 365 Security?

  Why should I Perform a Cyber Risk Assessment?

  Why you should Plan to Fail

  Why do I have to sign a Vulnerability Assessment Authorisation Form?

  What is the difference between a Vulnerability Assessment and a Penetration Test?

  What is the difference between a Cyber Risk Assessment and a Vulnerability Assessment?

  What is the NIST Cyber Security Framework?

  How to Respond to a Cyber Attack

Cyber KPI's

Sign Up & Sign In

Integrations

Settings

Delete

INFO

The latest version of the framework is available to download here: https://www.nist.gov/cyberframework/framework

Background


The NIST Cyber Security Framework was initially established in 2013 as the result of a US Executive Order introduced to build a successful cyber security framework to protect critical infrastructure. It is now accepted as a general cyber security framework, that can be tailored to organisations in any industry. 

The framework continues to be developed alongside government stakeholders, industry experts and academics. 

The Framework provides a common language and methodology for businesses to;

  1. Appraise their current cybersecurity posture; 
  2. Describe their target state of cybersecurity; 
  3. Identify areas of  continual and reproducible improvement;
  4. Evaluate progress towards their target state; 
  5. Communicate cyber security risk to internal and external stakeholders


The Framework Core


“These five Functions were selected because they represent the five primary pillars for a successful and holistic cybersecurity program.”   - National Institute of Standards and Technology (NIST)

 At its highest level, the core of the framework resides in its ‘Five Functions’:

Diagram 
Description automatically generated

•    Identify the assets and processes that need to be protected

•    Protect your organization, its information, and digital assets, by implementing technical controls designed to prevent attacks  

•    Detect dangerous and anomalous activity, whether this is internal or external. Knowledge is power, and if you know what attention your organization      is attracting, you can better protect and respond against it.  

•    Respond to any suspected or actual cyber-attacks or information security incidents. Quick and thorough action, on-time, every time, is essential.  

•    Recover from cyber and information security incidents quickly and robustly, rebuild stronger and minimize any disruption to business operations.  


At the next level down, these five functions are divided into 23 categories:

These categories were designed to cover the entire breadth of cyber security risk management.  


At the deepest layer of the core -  these categories are further divided into 108 subcategories:

Each subcategory includes corresponding informative references - documentation that can provide further technical guidance and assistance on achieving the goals outline by each subcategory. 

Delete

NOTE

Please note that the framework was not designed with the intention that every single one of the 108 controls (described in the subcategories) should be met. You should consider the full range of controls and choose which to implement based on the unique risks, vulnerabilities and tolerances of your individual organisation. 







Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • How do I use my Pro Services credit?

    Use your Pro Services Credit to save money on purchases

  • Why you should Plan to Fail

  • How to Share on Social Media

    Share your progress in HighGround on Social Media to earn Pro-Services Credit

  • How to submit an Enquiry about Pro Services

    Learn more about our Pro Services

Create Ticket

Reach out to our support team

Open a Ticket

Copyright 2023 – m3 Networks Limited.

Knowledge Base Software by Helpjuice

0
0
Expand