What is the NIST Cyber Security Framework? (And why it matters)
Business leaders and managers should pay close attention to technical standards in various areas of their business, whether the standards cover manufacturing quality control, HR best practices, or internal operations, to name just a few. A technical standard is usually a formal document that establishes uniform engineering or technical criteria, methods, processes, and practices. At its most basic level, a standard is a checklist of must-have capabilities, resources, and procedures. Standards help with setting benchmarks, conducting risk assessments, and improving processes and quality control over time.
What is the NIST Cyber Security Framework?
Standards matter, especially in the area of cyber security. Protek Support believes in, and closely aligns with the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) for all of our operations and client engagements. There are a few different reasons Protek recommends the NIST CSF.
Federal and Broadly Supported
First, NIST is an agency of the federal government. NIST is effectively the federal government’s science and technology department. One of the main things NIST does is to identify the best practices that both government and industry should utilize in a particular area. Since NIST is part of federal government, there will be longevity and continuity with the standard.
A few years back, NIST published the Cyber Security Framework. It is a very thorough and broadly adopted standard. It is now in its 11th version. The NIST CSF defines five of what they call “functions,” and then each function has categories. There are total of 23 categories and then each category has sub-categories. There are currently over 100 subcategories. The result is a highly detailed 55-page document, or 500 row spreadsheet, covering every imaginable dimension to an organization’s cyber security.
Tiered Security Offerings
We design our security offerings on the foundation of the NIST CSF. It guides our approach to service design, allowing us to offer our clients a basic, advanced or compliant approach to cyber security, based on the client’s unique corporate and industry needs. The NIST CSF first allows us to set a security baseline, which is a basic set of cyber security capabilities that are non-negotiable or table-stake items. These are security capabilities we make available to all of our clients and that align closely with the foundation of the NIST CSF. Our Advanced Security Tier includes more advanced features, such as Mobile Device Management, Bitlocker management, email encryption, and security awareness training. When your business requires government compliance, the Compliance service tier includes elements such as cyber security policy management and disaster recovery planning.
Designed to Fit Your Needs
Not every organization needs or has the budget to comply with every element of the NIST CSF. Nevertheless, the NIST CSF provides a useful framework to help us discuss risk management issues with our clients and decide upon the right level of cyber security investment, based on each client’s unique needs and industry requirements.
Protek encourages new and existing clients to engage in our risk assessment process, to determine the right level of cyber security investment. Reach out to Michelle Lawson today for a