top of page

NIST Shares New Cyber Security Rules

NIST is the National Institute of Standards and Technology, and they are a federal agency, who has come out with new cyber security standards for businesses of all types and sizes. 

CSF or the cybersecurity framework by NIST is a guide for organizations to better understand, assess, prioritize, manage and communicate cyber events. These will be tools and links to help you initiate the practices and controls necessary to achieve and maintain cyber safety. 

image.png

GOVERN (GV) - provides informative outcomes explaining what an organization may do to achieve and prioritize outcomes of the other five CSF functions. GV activities are crucial for broadening an organizations cybersecurity risk management strategy, in that roles, rules, authority and management are identified and implemented.  

IDENTIFY (ID) - is understanding organizational assets like, data, hardware, software, systems, facilities, services, people, suppliers and related cybersecurity risks. This means that the organization IDs and prioritizes efforts consistent with risk management strategy and mission needs identified under GV. ID also lends opportunities to improve policies, plans, processes, procedures, and practices that support cybersecurity and risk management strategies in all six categories. 

PROTECT (PR) - supports the ability to secure assets and prevent/lower the impact of adverse cybersecurity events. PR increases opportunities and safety through identity management, authentication and access control; awareness and training; data security; platform security (i.e., securing the hardware, software, and services of physical and virtual platforms); and the resilience of technology infrastructure. 

DETECT (DE) - enables a timely discovery and analysis of anomalies, indicators of compromise and other DE supports incident response and recovery activities successfully. 

RESPOND (RS) - supports the ability to contain the effects of cybersecurity and breach events. Incident management, analysis, mitigation, reporting and communication are just a few of the outcomes this category supports.  

RECOVER (RC) - supports the restoration of normal operations in a timely fashion to reduce the effects of cybersecurity incidents and enable appropriate communication during recovery efforts. 

Find out more about NISTs report on updating your businesses cyber security road map. 

bottom of page