NIST Cybersecurity Framework Implementation Project
You have recently been asked to lead a project that will bring your organization into compliance with NIST Cybersecurity Framework. You have never worked with NIST Cybersecurity Framework, so you need help.
Register with the Bernard Institute for Cybersecurity Excellence. We can get your NIST Cybersecurity Framework skills up-to-date and answer any questions you have.
NIST CSF at a Glance
The NIST Cybersecurity Framework (CSF) is based on existing standards, guidelines, and practices for organizations to manage better and reduce cybersecurity risks. Public and private organizations of all sectors and sizes worldwide widely use it. The CSF is a living document; it will be refined, improved, and evolved to keep pace with increasing cybersecurity risks, technology, threat, and policy trends, integrate lessons learned, and establish best practices as standard practice. NIST intends to use a public-private dialogue to guide the effort to update the CSF.
The Framework offers a flexible way to address cybersecurity, including cybersecurity’s effect on physical, cyber, and people dimensions. It applies to organizations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyber-physical systems (CPS), or connected devices, more generally, including the Internet of Things (IoT). The Framework can assist organizations in addressing cybersecurity as it affects the privacy of customers, employees, and other parties. The Framework’s outcomes also serve as workforce development and evolution activities targets.
Building from those standards, guidelines, and practices, the Framework provides a common taxonomy and mechanism for organizations to:
1) Describe their current cybersecurity posture.
2) Describe their target state for cybersecurity.
3) Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process.
4) Assess progress toward the target state.
5) Communicate among internal and external stakeholders about cybersecurity risk.