The NIST Cybersecurity Framework serves as a baseline for organizations seeking to achieve the highest standards of information security and privacy. It spans the entire security incident management lifecycle across five phases: identify, protect, detect, respond, and recover.
While compliance with the framework is generally not a legal requirement, it does serve as the basis for many regulatory frameworks that are themselves compulsory in certain industries. It also puts forth proven advice for protecting your supply chains and your clients to the extent it can open up lucrative new revenue opportunities.
Here are five of the most important things you need to know about the NIST security control categories:
What are the NIST security control categories?
There are 23 control categories across the five NIST cybersecurity framework phases. These deal with the entire lifecycle of incident management routines, from identifying what needs to be protected to responding to and recovering from an incident. By comparison, many other cybersecurity frameworks focus primarily on protective measures and detection capabilities.
The main benefit of the NIST Cybersecurity Framework is that it takes a unified approach to the overall process, while still giving organizations flexibility over how they implement the 23 control categories. These control categories provide actionable advice and resources to help organizations achieve favorable outcomes. Examples include Asset Management under the Identify function; and Identity Management and Access Control under the Protect function.
#1. Determine what needs protecting
No two enterprise technology environments look the same, which is why the NIST framework avoids being excessively detailed. The first of the five NIST Cybersecurity Framework phases concerns which processes and assets need to be protected in the first place, as well as which risks face them. This function typically begins with building a comprehensive and up-to-date inventory of all computing assets, such as virtual machines, physical devices, and networking hardware. The next steps involve classifying the sensitivity of the data connected with those assets and developing an appropriate risk-management strategy.
#2. Implement appropriate safeguards
Given the enormous disparity in today’s computing environments, every enterprise will need to take its own approach towards implementing the necessary protective measures. That said, the framework unifies these measures under several control categories, such as Awareness and Training and Identity Management and Access Controls. This function area is intended to safeguard organizations against known threats, such as weak access controls and malicious software.
#3. Deploy ways to detect incidents
Countering known threats and mitigating known risks is only the first part of the battle against cybercrime. The new and unknown threats are generally the most troublesome, which is why every organization needs complete visibility over its technology environment. For example, a managed detection and response (MDR) service can detect potential threats and breaches in policy in real time, allowing you to remediate quickly. Security incident and event management (SIEM) platforms play another key role by enabling complete auditability.
#4. Develop incident response techniques
The NIST Cybersecurity Framework was founded on the understanding that every business leader should share – no matter how robust your protective and detection measures are, it will always just be a matter of time before an incident occurs. While no one wants to think about these worst-case scenarios, having a documented process for containing and mitigating the impact of a cybersecurity event is vital. This function area encompasses response planning, communications, analysis, mitigation, and improvements.
#5. Have a robust disaster recovery plan
The fifth and final phase of the NIST security control categories concerns disaster recovery. It only includes three categories – recovery planning, improvements, and communications. This function area considers how businesses should react in the worst-case scenario, such as a successful attack and the impairment of mission-critical systems and services because of it. For example, the worst effects of a ransomware attack can usually be minimized if there is a proper disaster response and recovery plan in place. This is why the importance of this last phase should not be underestimated.
Charles IT is a compliance expert based in Connecticut. We can help you achieve the highest standards of information security, privacy, and compliance across your business. Get in touch today to learn more!