aidarrow-end-inversearrow-endarrow-left-angulararrow-left-angularWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareArticleUse caseWebinarResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days

Articles

Meet the requirements of NIST Cybersecurity Framework

Page 01 Download the article

Introduction

Avecto helps organizations to adopt the NIST Cybersecurity framework (CSF) through removal of administrator rights, along with detailed reporting that allows you to track the use of privileges over time. This voluntary standard offers best practice security guidance that helps to assess and improve your ability to prevent, detect, and respond to cyber attacks.

About NIST CSF

The NIST CSF was created on a White House directive in 2013 and, according to Gartner, while intended as a voluntary code, has been adopted by 30% of public and private enterprises in the US. CSF differs from many other regulatory codes in that rather than providing a checklist of security controls, it is a riskbased approach where organizations must evaluate their risk position and implement controls as appropriate.

The CSF does not replace existing security programs or risk management processes but is intended to improve processes to allow organizations to describe their present security posture, target state, assess progress towards achieving a new state and communicate about cybersecurity risk to stakeholders.

The CSF consists of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. The Framework Core contains a list of cybersecurity activities, anticipated results, and related references to industry standards and guidelines that can be used to achieve the desired results. Five functions are used to provide an overview of an organization’s cybersecurity risk profile: Identify, Protect, Detect, Respond, and Recover. These functions are then further subdivided into categories and subcategories that relate to Informative References giving further information about industry standards and best practice guidelines.