Faced with the threat of major cybersecurity incidents in recent years, in February 2013, US President Obama issued Executive Order No. 13636 (EO), ordering the National Institute of Standards and Technology (NIST) to cooperate with stakeholders in accordance with existing standards, guidelines, and best practices. In practice, establishing a security framework that can be used by relevant units can strengthen network security. Then, NIST also launched a draft of the framework in July of the same year and released the official version 1.0 in February 2014. In May 2017, US President Trump signed a new executive order, requiring all 190 federal agencies in the United States to follow the Cybersecurity Framework framework. NIST also released version 1.1 of this framework in April 2018 after collecting feedback from companies and organizations that have adopted it.
The NIST is directly under the US Department of Commerce. It is engaged in basic and applied research in physics, biology, and engineering, as well as research in measurement technology and test methods. It provides standards, standard reference data and related services. The Cybersecurity Framework (CSF) proposed by NIST was originally created by the US government to improve the security protection of critical infrastructure. Although this cybersecurity framework was initially required to be implemented by government units, it has also been recognized by multinational organizations and companies around the world. The network security laws and regulations have also become a tool worthy of reference for enterprises to strengthen the security of their own network environment.
Basically, the CSF framework covers the five major aspects of information security, including Identify, Protect, Detect, Response, and Recover. For enterprises, it can be used to establish risk management for the cybersecurity lifecycle. In particular, after the 1.1 version of NIST CSF in 2018, the five major functions were expanded from 22 categories and 98 sub-categories to 23 categories and 108 sub-categories. In addition, the new version strengthens the content of supply chain security, identification and verification, and self-assessment of security risks. Therefore, it can better meet the current practical needs and become an unlimited size and business type.
In order to facilitate the adoption of the organization, NIST has provided 7 steps to use CSF to help create and implement the required control measures. So that an organization or enterprise can conduct a risk assessment based on its security status. Then, they can customize the outline of the goals it wants to achieve, evaluate the order of priority enhancements to implement the plan, and continuously evaluate its security maturity through the framework. However, it should be noted that the introduction of many security standards or system promotion has a key element, which is to obtain the support of the upper level of the company. Therefore, NIST also suggests that organizations should implement and implement information security policies through top-down, which is from the Executive Level, Business / Process Level, and Implementation / Operations Level. The cooperation among these three levels can maximumly implement this overall security plan.
Still don’t know how to implement NIST Cybersecurity Framework in your organization? LIFARS Compliance Advisory is designed to understand your compliance needs, ascertain current status, provide remediation guidance, and conduct a post-remediation assessment to ensure compliance with regulatory mandates such as GDPR, CCPA, PIPEDA, FFIEC, NYDFS, HIPAA, HITRUST, PCI DSS, and SOX. LIFARS’ competitive advantage is its proprietary systematic process, developed over a span of 20 years enriched by some of the most High-Profile engagements in the world. The LIFARS’ methodology outperforms our competitors in the length of engagement and quality of work, incorporating the several industry standards.
Contact LIFARS Immediately As We Have