The NIST Cybersecurity Framework: Introduction to 1.1 and Looking Forward Towards 2.0 

The NIST Cybersecurity Framework (CSF) was created as a result of the US government’s investment in providing guidance to organizations on cybersecurity best practices. It has quickly grown to become one of the standards of cybersecurity worldwide and is used by a variety of organizations. In this blog, we will be covering the basic components of the CSF, as well as looking towards the new updates to the Framework that will be coming soon in 2024.  

If you are interested in seeing how your organization measures up to the CSF, then feel free to contact the Telcion team for more information on assessments and consultation.  

The Framework  

Identify  

The Identify Function serves as a means for developing an organizational awareness of how to manage cybersecurity risks surrounding systems, individuals, assets, data, and capabilities. By gaining insight into the business context, the assets vital for critical operations, and the corresponding cybersecurity threats, an organization can strategically direct its efforts to adhere to their risk management strategy and business requirements. 

Identifying areas of risk also means assessing the organization’s place in the supply chain, looking at any preexisting cybersecurity policies and their usefulness, recognizing and acknowledging any compliancy requirements from external governing bodies, and other factors that impact the organization’s cybersecurity posture and strategy.  

Protect 

The best way to solve a problem is to make sure that it doesn’t happen in the first place. Protecting your business means having a strong framework in place that covers a varied and diverse area of protection in all areas of the organization to make sure that risk is managed as efficiently and effectively as possible.  

Now, you can’t completely protect your network from every single possible risk—it’s simply not possible given the dynamic threat landscape, and beyond that, overprotection impacts business processes. However, having a philosophy of risk management is crucial to protecting your organization from threats as best as reasonable and possible, and is a key part of the structure of the NIST Framework.  

Detect 

Addressing cybersecurity issues in your network means being able to not only protect yourself from threats ever occurring, but also being able to detect them quickly and comprehensively when they do occur. Some breaches can go undetected for months, during which the attacker has all the more time and opportunity to do damage to your company. A good cybersecurity framework will have solutions and practices in place that allows for, facilitates, and encourages the active seeking out and detection of potential and actual threats to the network.  

Part of detection also means accurately evaluating risk. There are levels to risk: sometimes something that pops up over the weekend can wait until Monday morning, but other times it requires boots on the ground regardless of the time. A good cybersecurity response plan, or a SOC/SIEM monitoring service, can help to identify and triage these types of issues.  

Respond 

It is crucial to respond effectively and appropriately when your organization is breached; however, there are degrees of responses, and the Respond function of the CSF is designed to guide organizations in developing the needed response plan in case of an incident.  

Activities that should be accounted for in the Respond function include maintaining communication with key stakeholders, analyzing sources and causes of the breach, any needed mitigation activity, and repair plans to seal the breach and prevent the incident from occurring again.  

Recover 

You can’t go back in time to stop a cybersecurity breach from occurring, but you can make notes of what happened and prepare for future attacks accordingly. Within your framework, you should be writing into the structure space for response plan review and alternation, conversations with key stakeholders, and any remediation that may need to occur as a result of the breach.  

As part of the Recovery function of the CSF, it is also helpful to incorporate space to assess the organization’s cybersecurity posture as a whole and make strategic adjustments to increase the strength of protection. In this instance, rolling out a cybersecurity assessment can be instrumentally helpful in getting a better grasp on where your organization stands for the future. It is recommended that cybersecurity assessments be implemented regularly as a part of the cadence of protection, but especially in the case of responding to a cybersecurity breach, assessments can help reassure key stakeholders that the organization is back on track and reasonably safe from threats.  

Other Considerations: 

Cyber SCRM (Supply Chain Resource Management) 

Being secure means that your connections to other entities need to be secure as well. Organizations do not exist in a vacuum—there is a vast interconnected ecosystem that organizational networks connect into, so the cybersecurity frameworks in place need to reflect that.  

Take the infamous 2013 Target breach for example: the breach occurred because a third-party service company needed access to the Target network. The third-party company needed to get onto the company network, and so the IT department gave them unprotected access. This gave the hackers the perfect opportunity to breach Target, not through Target’s system directly, but through the third-party service company. The breach ended up costing target 18.3 million dollars in settlement costs. It’s a cautionary tale, but it goes to show that you have to take every connection into consideration, even if it is not within your immediate network.  

Appropriately Handling PI (Personal Information) 

Having an appropriately secure environment doesn’t mean that you have to put people’s personal information at risk. Appropriately handling personal information (PI) can be done in a way that allows only authorized individuals to access it, while still collecting the data needed to protect the organization.  

Practices involving PI that you want to avoid include the over-collection and over-retention of PI beyond what is necessary to protect the organization, erroneously disclosing or making PI available to unauthorized parties, and protection or monitoring practices that impede on personal liberties and freedom of expression.  

What’s Coming in Framework 2.0? 

One of the biggest changes in the new version of the NIST Cybersecurity Framework (due to be released early 2024) is the addition of a sixth function to the original five. The new function, “Govern,” reflects the overarching need for pervasive cybersecurity governance throughout the entire organization. Governance principles apply across all of the original five functions of the CSF (Identify, Protect, Detect, Respond, and Recover), so organizations need to account for it accordingly.  

The new version of the CSF also provides more inclusive guidance for organizations of different types, including international ones, as part of a recognition of the wide and diverse use of the framework. Additionally, there are more in-depth resources to help organizations implement the framework, utilize assessments, and understand cyber supply chain management.  

As the new Framework is released in 2024, look out for another blog post explaining the new changes in more detail.

Conclusion 

Cybersecurity is not a perfect art, but it is a crucial one. Guides and structures like the NIST Cybersecurity Framework are instrumental in helping organizations of all types and sizes keep their environment secure, so understanding such frameworks is an important step in maintaining a secure, compliant organization.  

If you want to learn more about protecting your organization from threats and assuring stakeholders, contact the Telcion team for a free, knowledgeable consultation to help you get—and stay—on track.  

You may also like: