Headed to RSA in San Francisco? May 6-9 | Join us!

A Quick NIST Cybersecurity Framework Summary

Running an organization today means not only performing expected business requirements and generating revenue, but also defending yourself against an endless onslaught of cybersecurity threats. The NIST Cybersecurity Framework is designed to help you grow your organization while defending yourself from cyberattacks.

What is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework is a framework to support businesses and combat cybersecurity threats. Created from an executive order in 2013, the National Institute of Standards and Technology (NIST) worked with over 3,000 people from diverse backgrounds including academia, industry, and government to create a voluntary framework to address threats and support businesses as a way of protecting the economy and boosting national security.

Originally designed for U.S. private-sector owners and operators of critical infrastructure, the NIST Cybersecurity Framework has since evolved to include global communities and organizations as its stakeholders.

As of 2015, 30% of U.S. organizations use the NIST Cybersecurity Framework, and a Gartner report predicts that 50% will use it by 2020. Companies large and small have adopted the framework into the cybersecurity policies, including JP Morgan Chase, Boeing, Intel, Microsoft, Bank of England and Ontario Energy Board.

How the NIST Cybersecurity Framework Works

The Cybersecurity Framework acts as a guide for organizations to follow. Because all organizations face different challenges, the NIST stresses that the framework should be customized to meet particular risks or industry needs.

At the heart of the Cybersecurity Framework are three components:

  • The Framework Core: Using easily understood language and guidance, the Framework Core lists cybersecurity activities and outcomes to help organizations mitigate risk while complementing existing policies and procedures.
  • Implementation Tiers: The Implementation Tiers give organizations the information needed to determine how aggressively they should be pursuing their cybersecurity initiatives. It’s often used to initiate organizational conversations regarding budget, mission priority, and risk appetite.
  • Profiles: The Framework Profiles provide a unique comparison of an organization’s objectives, requirements, risk appetite, and resources against the desired outcome of the Framework Core. By contrasting the two, organizations can use the Profiles to identify and prioritize opportunities for improving cybersecurity.

Benefits of the NIST Cybersecurity Framework

While not required, more organizations are adopting the cost-effective NIST Cybersecurity Framework with every passing year. By using the framework, organizations can better understand and mitigate the risks facing them every day by maximizing the amount of money spent on cybersecurity. By doing this, organizations can see what activities are most important to critical service delivery and ensure that they’re allocating proper resources to protect themselves. Organizations that have used the framework have reported stronger protections and enhanced cybersecurity policies.

A Solution for Any Organization

The NIST Cybersecurity Framework is easy to personalize, allowing it to provide scalable solutions for organizations of any size and industry. Because of its detailed creation and its ability to be easily personalized, the NIST Cybersecurity Framework provides scalable solutions for organizations of any size and industry. As it continues to face wide-scale adoption and recognition, the NIST Cybersecurity Framework will only continue to improve cybersecurity policies and procedures for organizations in the decade to come.