Contact us

NIST

A cybersecurity framework that consists of standards, guidelines, and best practices to manage cybersecurity risks.

The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce. NIST cybersecurity framework consists of standards, guidelines, and best practices to manage cybersecurity risks and improve the standard of critical infrastructure.

NIST cybersecurity framework explained

The framework has three sections, each emphasises the important link between business objectives and cybersecurity activities.

The three components are:

  • The Core – comprises four elements; functions, categories, sub-categories and informative references
  • The Implementation Tiers – Describe the maturity of the organisation’s cybersecurity posture
  • The Profiles - The alignment of the functions, categories, and sub-categories with the business requirements, risk tolerance, and resources

The framework’s core consists of concurrent and continuous, basic cybersecurity functions:

  • Identify – In order to develop the strategy an organisation must identify their systems, people, assets, data and capabilities
  • Protect – Develop and implement appropriate controls
  • Detect – Develop and implement a strategy for breach detection
  • Respond – Develop and implement a suitable Incident response plan
  • Recover – Develop and implement a disaster recovery plan

The framework tiers are:

  1. Partial – Ad hoc and reactive risk management. Cybersecurity activities are not aligned to organisational risk objectives/business requirements.
  2. Risk-Informed – Risk management activity is approved by management but there may not be a company-wide policy. Cybersecurity activities are informed by organisational risk objectives/business requirements.
  3. Repeatable – Risk management practices are formally approved and detailed in a policy. Cybersecurity activities are regularly updated based on changes to the organisations risk objectives/business requirements. Changes in the threat landscape and the state of technology are considered.
  4. Adaptive – Through a process of continuous improvement, the organisation actively adapts to a changing threat and technology landscape and responds in a timely and effective manner to evolving, sophisticated threats.

A profile enables organisations to establish a roadmap for reducing cybersecurity risk that is well aligned with the business objectives, considers legal/regulatory requirements and industry best practices, and reflects risk management priorities. Profiles support business requirements and aid in communicating risk within and between organisations.

Connect with us

Get in touch with our security experts

Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.

Placeholder for Portrait of engineer beard wearing poloPortrait of engineer beard wearing polo
Updates

Latest news and blog posts

Placeholder for Adobe Stock 369977292Adobe Stock 369977292
Juniper Networks

Network security

Juniper's Four-Time Leadership in Gartner Magic Quadrant

Juniper Networks' repeated leadership in Gartner's Magic Quadrant highlights its innovative edge and excellence in wired, wireless, and indoor location technologies.

3 min. read
Placeholder for Industrial company NIS2Industrial company NIS2

NIS2

NIS2 requires industrial companies to make major efforts to secure their OT environments: Where to start?

Thousands of industrial companies will be affected by the implementation of NIS2, with issues varying widely from one entity to another. We present you 12 steps to achieve compliance.

Arnaud Masson
Placeholder for ARMARM

Arnaud Masson

4 min. read
Placeholder for Two men looking at a laptopTwo men looking at a laptop

Cloud security Endpoint security

The importance of Secure Web Gateway (SWG)

This article introduces Secure Web Gateways (SWG), covering key features, deployment options, scalability, organizational benefits, and integration.

2 min. read
See all updates