User:Shawndouglas/sandbox/sublevel3

From LIMSWiki
Jump to navigationJump to search

The NIST Cybersecurity Framework is the resulting cybersecurity guidance that came out of 2013's U.S. Executive Order 13636: Improving Critical Infrastructure Cybersecurity.[1] Building off the frameworks of NIST Special Publication 800-53 (Revision 4), COBIT 5, and the ISO 27000 series of standards, the NIST Cybersecurity Framework attempts to be a more high-level, concise, and voluntary framework for those without a rich technical background to better implement cybersecurity measures within their organization.[2][3]

Version 1.0 of the framework was introduced in 2014, and by 2016[4]:

  • Seventy percent of organizations viewed the framework as "a security best practice," though fifty percent noted its required high level of investment as problematic to adoption.
  • Sixty-four percent of organizations chose to use only part of the framework "due to cost and lack of regulatory pressures."
  • Eighty-three percent of organizations that said they would be adopting the framework in 2017 also indicated they would only use part of the framework.

However, organizations are slowly changing their view from more moment-in-time approaches to cybersecurity, to more long-term and continual conformance and improvement approaches.[4][5][6] Version 1.1 of the NIST Cybersecurity Framework was introduced in April 2018, updating guidance on authentication and identity procedures, self-assessment of cybersecurity risk, and vulnerability disclosure.[7] Since the framework is already based upon NIST SP 800-53 and other solid frameworks, and it's developed "to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders,"[8] the framework is likely to be further embraced in some form worldwide.

It should be noted, however, that the framework isn't strictly intended to be a standalone framework; rather it's meant to be customized and used in conjunction with the control, program, and risk frameworks it's based upon.[3] At its core, the NIST Cybersecurity Framework promotes the functions of identification, protection, detection, response, and recovery. Aligned with those functions are nearly 300 controls pulled from the referenced frameworks, reinforcing the related concepts of security control development, project management, and risk management being rooted into the framework.[3]

References

  1. "Fact Sheet: Executive Order (EO) 13636 Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD) 21 Critical Infrastructure Security and Resilience". U.S. Deapartment of Homeland Security. March 2013. https://www.dhs.gov/publication/eo-13636-ppd-21-fact-sheet. Retrieved 23 July 2020. 
  2. Chang-Gu, A. (2 March 2015). "NIST Cybersecurity Framework vs. NIST Special Publication 800-53". Praetorian Security Blog. Praetorian Security, Inc. https://www.praetorian.com/blog/nist-cybersecurity-framework-vs-nist-special-publication-800-53. Retrieved 23 July 2020. 
  3. 3.0 3.1 3.2 Morgan, J. (4 April 2018). "How to Use the NIST Cybersecurity Framework: A Conversation with NIST’s Matthew Barrett". Security. BNP Media. https://www.securitymagazine.com/blogs/14-security-blog/post/88890-how-to-use-the-nist-cybersecurity-framework. Retrieved 23 July 2020. 
  4. 4.0 4.1 Dark Reading Staff (30 March 2016). "NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds". Dark Reading - Attacks/Breaches. Informa PLC Informa UK Limited. https://www.darkreading.com/attacks-breaches/nist-cybersecurity-framework-adoption-hampered-by-costs-survey-finds/d/d-id/1324901. Retrieved 23 July 2020. 
  5. BizTech Staff (20 December 2017). "Why a Risk-Based Approach Leads to Effective Cybersecurity". BizTech. CDW LLC. https://biztechmagazine.com/article/2017/12/why-risk-based-approach-leads-effective-cybersecurity. Retrieved 23 July 2020. 
  6. Daniel, M. (25 January 2018). "Smarter Cybersecurity Thinking: Change Your Mindset to Even the Odds". Cyber Threat Alliance Blog. https://www.cyberthreatalliance.org/smarter-way-think-cybersecurity-change-mindset-even-odds/. Retrieved 23 July 2020. 
  7. "NIST Releases Version 1.1 of its Popular Cybersecurity Framework". National Institute of Standards and Technology. 16 April 2018. https://www.nist.gov/news-events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework. Retrieved 23 July 2020. 
  8. "New to Framework". Cybersecurity Framework. National Institute of Standards and Technology. 18 November 2019. https://www.nist.gov/cyberframework/new-framework. Retrieved 23 July 2020.