Whitepaper: Proactively Managing Risks Using the NIST Cybersecurity Framework
The risks that come with cybersecurity are often overwhelming for many organizations, and building a robust mitigation program is a complex undertaking.
There are a number of cybersecurity standards and frameworks available that provide business leaders and IT professionals with a set of measures, best practices, and tactics to foster effective cyber protection and address cybersecurity vulnerabilities. Some examples include the National Institute of Standards Technology (NIST), the International Organization for Standardization (ISO), and the Information Technology Library (ITIL.) In this whitepaper, we explore the NIST Framework, discuss its key elements, and highlight several best practices.
NIST is an agency within the Department of Commerce— it published its first Cybersecurity Framework in 2014. The framework guides organizations on how to reduce their cybersecurity risk.
Previously, the Department of Defense (DoD) determined that it needed better security controls on contractors operating networks within its environment. NIST collaborated with the DoD to develop a risk-management framework (RMF), adopted in 2010. This management framework identified a series of conditions required to operate on a federal government network or system, specifically those dealing with classified information or national security. That risk-management framework was the blueprint for NIST’s cybersecurity framework, and this whitepaper delves into the framework’s key elements and examines what lies ahead for NIST.