Mandated by Presidents Obama and Trump alongside the National Institute of Standards Technology (NIST), The Cybersecurity Framework is required for all Federal organizations and is becoming the baseline security standard for commercial organizations at all levels.
Background & Basics: What Is the Cybersecurity Framework?
The NIST Cybersecurity Framework is a policy framework of computer security guidelines for private sector organizations. The Cybersecurity Framework allows organizations to assess and improve their ability to prevent, detect and respond to cyber attacks.
The policy provides high-level analysis tools for cybersecurity outcomes and a procedure to best examine and manage those outcomes. Version 1.0 of the Cybersecurity Framework was published by NIST in 2014, originally directed toward operators of critical infrastructure.
The Cybersecurity Framework is currently used by a wide range of business organizations to assist them in proactivity, risk management, and overall cybersecurity strategy. The Framework was designed to help business leaders better examine the risks they face to guide the use of cybersecurity tools in a cost-effective way.
Breaking Down the Cybersecurity Framework: Core, Tiers, and Profile
The Framework was initially designed for federal organizations that are part of the nation’s critical infrastructure. However, NIST strongly encourages other business organizations to review and consider the Framework as a helpful tool for managing cyber risks. The Framework was developed strategically, for use by organizations that span enterprise conglomerates to the smallest of SMBs.
The Cybersecurity Framework is divided into three parts: Core, Tiers, and Profile
The Framework Core includes a multitude of activities, outcomes, and references that analyze approaches cybersecurity events and help business leaders make more strategic decisions and implementations regarding tech security.
The Framework Implementation Tiers are included to help organizations clarify perceptions of specific internal and external cyber security risks. Additionally, the tiers offer standards of sophistication for developing cybersecurity strategies.
The Framework Profile is a list of outcomes that allows an organization to select specific cybersecurity categories and subcategories, based on its unique security needs and individual risk assessments.
The Framework Profile is also broken into two parts:
Constantly Evolving: The 2017 Cybersecurity Framework Update
NIST’s Cybersecurity Framework was initially developed and released in 2014 under the Obama administration. Early this year, however, NIST issued a draft update to the Cybersecurity Framework. The update included new details on managing cyber supply chain risks, clarifying key terms, and introducing strategic measurement methods for cybersecurity.
The updated Cybersecurity Framework aims to optimize NIST guidance and help organizations continually reduce cyber risks. The Cybersecurity Framework update incorporates user-feedback and integrates comments from countless user organizations from the past few years.
The 2017 update specifically optimizes tools for cyber supply chain risk management.
For example, a small business selecting a cloud service provider may want guidance to make a strategic decision. With the Cybersecurity Framework update, the renamed and revised “Identity Management and Access Control” category, clarifies and expands upon the definitions of the terms “authentication” and “authorization.”
NIST also added and defines the related concept of “identity proofing.” All of these tools are designed specifically to help businesses make smarter cybersecurity decisions, across their service base, based on industry best-practices.
Reaping the Benefits: How Can Organizations Access and Best Use the Cybersecurity Framework
So, how can a business like yours take advantage of this strategic and nationwide Cybersecurity Framework? It’s simple. You can access the complete and updated Framework and all its supporting documentation here: www.nist.gov/cyberframework.
You might also be wondering some of the key requirements of the Cybersecurity Framework that help organizations stay vigilant, strategic and protected. Check out some of the central requirements of the Framework below:
As part of the Cybersecurity Framework, organizations are required to have a formal risk assessment completed, from a qualified 3rd party firm to ensure nothing has been overlooked.
The Framework also requires organizations undergo regular advanced penetration testing services for all web applications, databases and internal infrastructures needed to protect sensitive cardholder data.
The Cybersecurity Framework outlines the critical importance of communicating cybersecurity standards and policies to all external service providers in the service supply chain.
No matter what business you’re in, the Cybersecurity Framework from NIST serves as an organized and effective backdrop for improving your organization’s approach to cybersecurity. The cybercrime climate is only going to get worse, and having a framework of industry best-practices that can be used and applied nationwide is a huge asset for business leaders in all industries.
Having trouble getting through the 41-page Cybersecurity Framework? Does the policy talk leave your head spinning? Don’t miss out on taking advantage of the Cybersecurity Framework because you’re feeling overwhelmed.
Reach out to a team of local IT experts. They can help your team break down the Framework and determine the best steps for implementation. The Cybersecurity Framework is quickly becoming the national standard – don’t fall behind the pack.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”
Javier Gomez, CEO
71% of SMBs are outsourcing their IT needs to a managed service provider.
More than 90% of businesses are either evaluating, adopting or embracing the cloud.
70% of SMBs reported suffering a security breach during the previous 12 months – and companies with fewer than 500 employees were the most vulnerable, with a 75% breach rate.
The average price of a data breach now stands at about $4 million.
Billions of devices will be connected to the Internet of Things by 2025, exponentially increasing demand for MSPs to back up growing companies.
$500 billion will be spent in the greater cloud market by 2020.
93% of businesses file for bankruptcy after losing data for 10 or more days.