Every federal agency is—or certainly should be—familiar with the National Institute of Standards and Technology (NIST) and its security compliance framework. Agencies should also be highly familiar with NIST compliance requirements.
Yet, does complying with NIST framework requirements mean your agency is protected from cybersecurity attacks? Some experts say yes, some say no. Though the NIST framework provides guidance and best practices to manage and reduce cybersecurity threats, it doesn’t necessarily prevent or combat all hackers; there’s much more agencies can do to strengthen network security.
In fact, there are a series of best-practice security strategies agencies can combine with their NIST compliance to prevent, quickly detect, and combat hackers in real time. These strategies include:
- Gaining holistic visibility into the network—taking inventory of all devices and users on the network
- Monitoring device and user behavior—specifically, being able to track and pinpoint abnormal activity on the network
- Updating policies and procedures—hacker tactics are constantly evolving; your policies should evolve constantly, too
- Training—education is key in ensuring all agency staffers are involved in keeping the network safe
Let’s look at each of these individually.
It almost goes without saying, “you can’t protect what you cannot see.” Increasing visibility allows your team to identify blind spots in your environment and create action plans to close the gaps discovered.
The network your agency counts on comprises so much more than servers and enterprise applications. Understanding your environment and interdependencies between mission goals and services consumed is a first step toward ensuing secure and reliable delivery of those services. Next steps may involve categorizing each asset by owner and function, and ensuring enterprise-wide reporting shows each asset’s function and status. Federal IT pros can use this information to implement incident response or system recovery tactics.
The end result? Increased network security in your environment.
Your agency already monitors your network, but do you know what may have been missed? Monitoring is most valuable when you can monitor all assets in your environment, return data about the health of those assets, then translate the data toward understanding the health of the network itself. Gain additional insight by applying alert thresholds and logic to each asset to minimize false positives.
Federal IT pros might want to consider next-level monitoring using device-specific templates to ensure like assets are monitored similarly and monitoring updates are easily applied across like assets. One more tip: consider a solution that monitors network flows to better detect anomalies against routine network behavior and provide critical insight during an event.
Network monitoring should provide more than uptime and other common statistics; it should directly support visibility and permit rapid detection of anomalous behavior on the network.
Policies and Procedures
As you likely already know, successful security practices expand well beyond a network operations center or server room. In fact, even if you have a robust review and update process that ensures annual documentation updates aligned with NIST guidance, you may yet have work to do. Before you consider security documentation a job well done, consider hackers and other bad actors continue to develop attack techniques on an ongoing basis and poor or outdated documentation may impede detection and recovery efforts.
Maintaining security documentation on an ongoing basis will help your agency respond quickly to changes in the attack surface and attacker techniques while simultaneously supporting incident response and recovery efforts.
Training should be more than a checkbox when it comes to security. A trained team can better assess cybersecurity risks in your environment and is better positioned to implement the NIST Cybersecurity Framework.
In fact, aligning training with NIST objectives helps federal IT pros better assess and manage risks within an agency environment. This alignment further supports the ability of the federal IT security team to select, tailor, and implement security controls to best satisfy your agency’s compliance requirements. Training can also help more effectively implement federally recommended initiatives such as FedRAMP cloud solutions supporting Cloud Smart mandates for federal agencies.
A successful implementation of the NIST framework supports prevention, detection, and response efforts for online attacks while simultaneously minimizing the potential adverse impact of such an attack. The key word here is “supports;” federal IT pros can help enhance NIST guidance by implementing best practice tactics in addition to NIST compliance requirements to dramatically enhance the agency’s overall security posture.