The National Institute of Standards and Technology developed the Framework for Improving Critical Infrastructure Cybersecurity, later dubbed the NIST Cybersecurity Framework (CSF), from a presidential executive order to support critical functions of our society in monitoring and remediating cybersecurity risks. Use of the Framework has since expanded – adopted by businesses of all sizes across the spectrum of industries. As voluntary guidance, the CSF is meant to be customized to fit the organization and as a result, does not have controls baked into it as other standards do. Instead, the CSF helps security practitioners open a dialogue with stakeholders across the organization about the need for cybersecurity and investment in securing the business. Using the five functions of the Framework Core – Identify, Detect, Respond, and Recover – technical and non-technical stakeholders understand where their strengths and weaknesses lie in their organization’s cybersecurity and where to invest time and effort. Implementation of the Cybersecurity Framework begins with the benchmarking assessment – which for most merits an assessment tool.
Now that you’ve decided to work with…
