NIST

Best practices and standards for cybersecurity

What is
the NIST cybersecurity
framework?

The U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a set of best practices and standards that CISOs in both government and private companies are increasingly adopting to improve their overall cybersecurity. Organizations often fail to realize that they can leverage robust DDI services to satisfy some of the guidelines in the NIST CSF to reduce their overall business risks.

Learn more

“As CIOs/CISOs are increasingly held accountable by the board for securing their business infrastructure, they are looking for ways to simplify assessing business risks by adopting industry standard best practices, such as the NIST Cybersecurity Framework. Hence, over 70 percent of IT organizations are already implementing or planning to implement NIST CSF in the next 18 months, to measure the security posture of their business infrastructure.”

Anthony James, VP of Product Marketing, Infoblox

Basic components of the NIST cybersecurity framework

Core: Contains the array of activities, desired outcomes and references, which are applicable across all IT infrastructure components. It consists of five high-level functions: Identify, Protect, Detect, Respond and Recover. These are further divided into 23 categories and 108 subcategories.
Implementation Tiers: Provide context on how an organization views its cybersecurity risks and the processes in place to manage those risks. Tiers help organizations characterize their practices in each of the core functions and categories and prioritize the findings into four tiers: Partial, Risk Informed, Repeatable and Adaptive.
Profiles: Define the outcomes based on business needs that an organization has selected from the framework categories and subcategories. Your organization can use profiles to prioritize opportunities for improving its cybersecurity by comparing a “current” profile with a “target” profile (desired state).

Benefits
of the
NIST cybersecurity framework

Applies to both public and private sectors throughout the United States and beyond

Can co-exist with and take advantage of existing frameworks such as ISO, COBIT, FFIEC and form the basis for compliance programs such as FedRAMP

Depicts an information security lifecycle that IT typically follows and understands

Has a common taxonomy that can be applied across a wide variety of IT infrastructure components (network, endpoints, applications and data)

Enables your organization to ultimately reduce the risk of a successful cyberattack, increase the efficiency of cybersecurity budget allocation toward personnel and security controls and enhance security operations’ effectiveness and efficiency

The NIST cybersecurity framework: Enabling critical defense

The NIST CSF addresses the lack of standards for security. It defines a set of best practices that enables IT organizations to effectively manage cybersecurity risks regardless of size, degree of cyberrisk or sophistication of attack. Organizations can voluntarily use this framework to determine their current level of cyberrisks, set goals for cybersecurity that are in sync with their business environment and make plans for improving or maintaining their security posture.

Learn more

How to get started with the NIST cybersecurity framework

Download our white paper on the NIST Cybersecurity Framework to learn more. It briefly describes the relevance of DDI services and how they can help secure your critical infrastructure and data. It also discusses how the NIST CSF can improve your organization’s cybersecurity posture using the top 10 must-haves in the foundational network infrastructure services you deploy.