NIST Cybersecurity Framework

NIST Cybersecurity Framework.

The NIST Cybersecurity Framework helps to define a security ecosystem that, when fully implemented, creates an adaptive security posture that can deal with many new threats. The framework is based on three key outcomes and defines the following: ​

  • The main goal of the security ecosystem. This makes sure that the goals of the security ecosystem match the needs of the business and that it is flexible enough to deal with new threats as the business changes.
  • The status of the security controls as they are put into place is shown by the implementation tiers.
  • The profile describes the overall structure of the security ecosystem as an improvement programme, including the current state and the expected future state in relation to the business goal.

NIST Cybersecurity Framework Controls:

  • Identify
    • Asset management
    • Business environment
    • Governance
    • Risk assessment
    • Risk assessment strategy
    • Access control
    • Awareness and training
    • Data security
    • Information protection process and procedures
    • Maintenance
    • Protective technology
    • Anomalies and events
    • Security continuous monitoring
    • Detection process
    • Response planning
    • Communications
    • Analysis
    • Mitigation
    • Improvements
    • Recovery planning
    • Improvements
    • Communications