Follow

NIST Cybersecurity Framework

Level:
Intended audience:
Solution Store:

Intermediate
Anyone managing Cybersecurity
Click here to access the templates

Introduction

In February 2013, executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity directed the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.

Created through collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

Click image to enlarge

Read more about why you should implement the NIST Cybersecurity framework here.

Key Benefits

Here are the key benefits of the RequirementONE Compliance Solution.

Improved Cybersecurity

Through being neutral, broadly applicable, vetted by industry, and engaging to stakeholders, the Framework can reduce time and expense of starting an information security program and also reduce risk within current programs by identifying areas for improvement.

Collaboration

The Framework creates a common language for the discussion of cybersecurity issues that can facilitate internal and external collaboration.

Future standard?

The Framework may become the standard for cybersecurity. Organizations that adopt the Framework at the highest possible risk-tolerance level may be better positioned to comply with future cybersecurity and privacy regulations.

Mapping Controls and Policies

Individual controls and policies may apply to numerous frameworks. These can be maintained as an interlinked set of procedures to avoid duplication of effort.

A Single Point of Truth

Each compliance element is stored as a record and can be updated, commented, controlled and audited individually. Data is accessible to all stakeholders with no version control issues.

Dependency Linking

All links and interfaces can be defined and maintained showing dependencies between various policies.

Reporting

Track the progress of compliance projects. In-line analytics highlight gaps in compliance, traceability of changes and status of compliance efforts.

Auditing

Internal and External audit teams benefit from a specialized interface with full visibility to review and evaluate procedures.

Typical Use Cases

Here is a typical, but not exhaustive, list of roles and associated use cases that would interact with this solution.

Role Use Case
End users
  • Consume the latest policies
Compliance team
  • Use the framework as a guide to implement the relevant controls and policies
Internal/ external auditor
  • Audit one or more areas
Executive
  • Roadmap to achieve or improve cybersecurity

Templates

These apps and templates are used for the solution.

App Template
Specification

 

Getting started

  1. Select an existing, or create a new project
  2. Click on the Solution Store, and select the NIST Cybersecurity Framework template(s)
  3. Once you have the templates, add your custom data.

Additional notes

The NIST Cybersecurity framework has links to the following:

  • COBIT 5
  • CCS CSC
  • ANSI/ISA-62443-2-1 and -3-3
  • ISO/IEC 27001
  • NIST SP 800-53

These links are included as notes.

You may also like the NIST guide to Cybersecurity for Small Businesses.

Related links

Questions or Comments?

Respond to this post if you want to comment on the template or ask the author a question.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk