What are the Five Elements of the NIST Cybersecurity Framework?
NIST cybersecurity categorizes security principles into five key functions, known as the Framework Core Functions. These five elements represent a strategic overview of an organization’s cybersecurity risk management program, with each category representing a key chronological step in enhancing an organization’s security.
The five steps for MSPs to follow when implementing the NIST Cybersecurity Framework for their customers are:
1. Identify: To begin managing an organization’s cybersecurity risk to systems, assets, data, and capabilities, an MSP must develop an understanding and visibility into the organizational environment. Identifying current risks and exposure, existing digital and physical assets, and organizational roles and responsibilities are all crucial elements of this step. To define these elements, this function is further divided into six categories: asset management , business environment, governance, risk assessment, risk management strategy, and supply chain risk management.
2. Protect: MSPs must develop and implement the necessary safeguards to prevent or reduce the effects of a potential cyberattack. To do so, MSPs and their customers should require controlled access to assets, put policies in place to authenticate identities and keep data secure, and educate users about cybersecurity awareness. Categories within this function include: identity management, authentication and access control, awareness and training, data security, information protection and procedures, maintenance, and protective technology.
3. Detect: MSPs and their customers should have the appropriate measures in place to be able to quickly identify cyberattacks and other events. This step likely consists of monitoring solutions and threat hunting to detect any unusual activity. Categories that provide visibility into networks include: anomalies and events, security continuous monitoring, and detection process.
4. Respond: In the case of a cyberattack or breach, organizations need a clear plan of action to limit the impact of such an event. This step is further separated into five categories to be considered after a cybersecurity event: response planning, communications, analysis, mitigation, and improvements.
5. Recover: Finally, MSPs and their customers need a plan to get systems back in order after a cybersecurity event. The appropriate activities and the plan to restore impaired services should be implemented long before any such event, including: recovery planning, improvements, and communications.
The NIST Cybersecurity Framework is a comprehensive model, detailed out in five essential functions to safeguard IT environments. Organizations should look to these Core Functions to evaluate their cybersecurity program from top to bottom, guiding them from identification through recovery.
How Many Controls are there in the NIST Cybersecurity Framework?
Beyond the above five Core Functions and their listed categories, CSF NIST goes even further to divide each of these categories into subcategories of cybersecurity outcomes and security controls. There are a total of 108 security controls that provide specific security action items for organizations. Each subcategory also provides resources referencing elements of other frameworks such as ISO 27001, COBIT, ISA 62443, and NIST SP 800-53 for further guidance.
For example, to comply with the first function, Identify, a business should complete an inventory of all its hardware, software, and data, including desktops, laptops, servers, smartphones, tablets, and point-of-sale devices. Then it should write a company cybersecurity policy covering roles and responsibilities for employees and contractors with access to sensitive data. SolarWinds® Risk Intelligence is designed for compliance with the Identify function. Scanning for unsecured data across a network, it provides a financial estimate of an organization’s potential liability in the event of a data breach, showing where security fixes are most urgently needed.
The second function, Protect, entails steps to guard against an attack and minimize the damage if and when one occurs. This includes installing antivirus software, firewalls, secure passwords, multi-factor authentication, performing regular backups, encrypting private data, automating software updates, implementing secure hardware disposal procedures, and cybersecurity training. SolarWinds Passportal can be an invaluable tool for protecting your clients’ networks. Passportal is an encrypted password manager that makes password security simple, even allowing regular password updates to be automated for ease of use.
Next comes Detect. To comply with this function, organizations must continuously monitor their systems for unauthorized users, software installations, and devices like plug-in USB drives. Any unusual connections to the network should be investigated immediately. SolarWinds Threat Monitor provides unparalleled network and host intrusion detection systems, log correlation and analysis, streamlined security monitoring, and a customizable alarm engine.
The fourth function, Respond, means having a plan for when disaster strikes. This means notifying anyone whose data may have been compromised, informing law enforcement authorities, containing the attack, and updating the security policy with lessons learned. SolarWinds Endpoint Detection and Response is built for responding to cyber attacks. It provides custom, policy-driven automated responses, quarantines infected machines from the rest of the network, and rolls back compromised files to the last known healthy version.
Finally, Recover comes into play in the aftermath of a penetration. Affected software, hardware, and areas of the network must be repaired and restored to their previous state. It’s essential to inform employers and customers of restoration plans to maintain their confidence. For a robust recovery solution, consider SolarWinds Backup. It features True Delta deduplication for faster restores, automated system restores to Hyper-V or VMware, and the capacity for recovery from a bare-metal image.
Explore our layered security solutions to find out how you can help your customers stay ahead of security threats.