Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Cybersecurity

Going Beyond NIST to Strengthen Your Agency’s Network Security

by Brandon Shopp
May 4, 2020
in Cybersecurity
Reading Time: 4 mins read
A A
NIST
Share on FacebookShare on Twitter

Every federal agency is—or certainly should be—familiar with the National Institute of Standards and Technology (NIST) and its security compliance framework. Agencies should also be highly familiar with NIST compliance requirements.

Yet, does complying with NIST framework requirements mean your agency is protected from cybersecurity attacks? Some experts say yes, some say no. Though the NIST framework provides guidance and best practices to manage and reduce cybersecurity threats, it doesn’t necessarily prevent or combat all hackers; there’s much more agencies can do to strengthen network security.

In fact, there are a series of best-practice security strategies agencies can combine with their NIST compliance to prevent, quickly detect, and combat hackers in real time. These strategies include:

  • Gaining holistic visibility into the network—taking inventory of all devices and users on the network
  • Monitoring device and user behavior—specifically, being able to track and pinpoint abnormal activity on the network
  • Updating policies and procedures—hacker tactics are constantly evolving; your policies should evolve constantly, too
  • Training—education is key in ensuring all agency staffers are involved in keeping the network safe

Let’s look at each of these individually.

Visibility

It almost goes without saying, “you can’t protect what you cannot see.” Increasing visibility allows your team to identify blind spots in your environment and create action plans to close the gaps discovered.

The network your agency counts on comprises so much more than servers and enterprise applications. Understanding your environment and interdependencies between mission goals and services consumed is a first step toward ensuing secure and reliable delivery of those services. Next steps may involve categorizing each asset by owner and function, and ensuring enterprise-wide reporting shows each asset’s function and status. Federal IT pros can use this information to implement incident response or system recovery tactics.

The end result? Increased network security in your environment.

Monitoring

Your agency already monitors your network, but do you know what may have been missed? Monitoring is most valuable when you can monitor all assets in your environment, return data about the health of those assets, then translate the data toward understanding the health of the network itself. Gain additional insight by applying alert thresholds and logic to each asset to minimize false positives.

Federal IT pros might want to consider next-level monitoring using device-specific templates to ensure like assets are monitored similarly and monitoring updates are easily applied across like assets. One more tip: consider a solution that monitors network flows to better detect anomalies against routine network behavior and provide critical insight during an event.

Network monitoring should provide more than uptime and other common statistics; it should directly support visibility and permit rapid detection of anomalous behavior on the network.

Policies and Procedures

As you likely already know, successful security practices expand well beyond a network operations center or server room. In fact, even if you have a robust review and update process that ensures annual documentation updates aligned with NIST guidance, you may yet have work to do. Before you consider security documentation a job well done, consider hackers and other bad actors continue to develop attack techniques on an ongoing basis and poor or outdated documentation may impede detection and recovery efforts.

Maintaining security documentation on an ongoing basis will help your agency respond quickly to changes in the attack surface and attacker techniques while simultaneously supporting incident response and recovery efforts.

Training

Training should be more than a checkbox when it comes to security. A trained team can better assess cybersecurity risks in your environment and is better positioned to implement the NIST Cybersecurity Framework.

In fact, aligning training with NIST objectives helps federal IT pros better assess and manage risks within an agency environment. This alignment further supports the ability of the federal IT security team to select, tailor, and implement security controls to best satisfy your agency’s compliance requirements. Training can also help more effectively implement federally recommended initiatives such as FedRAMP cloud solutions supporting Cloud Smart mandates for federal agencies.

Conclusion

A successful implementation of the NIST framework supports prevention, detection, and response efforts for online attacks while simultaneously minimizing the potential adverse impact of such an attack. The key word here is “supports;” federal IT pros can help enhance NIST guidance by implementing best practice tactics in addition to NIST compliance requirements to dramatically enhance the agency’s overall security posture.

Tags: Brandon Shoppnational institute of standards and technologyNISTsolarwinds

RELATED POSTS

healthcare modernization represented by a doctor standing with his arms crossed made out of digital code
Civilian

Healthcare Modernization Is a Marathon, Not a Sprint for U.S. Department of Health and Human Services

January 26, 2023
AIOps
AI & Data

How AIOps and Observability Can Improve Network Resiliency During Natural Disasters

January 18, 2023
High performance computing
AI & Data

Three Key Stages to Managing High Performance Computing Workloads

December 7, 2022

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    8500 shares
    Share 3400 Tweet 2125
  • Network Slicing Enables Agencies to Create Private, Secure, and Customized Networks: A Podcast

    124 shares
    Share 50 Tweet 31
  • CISA Issues Updated Guidance to Protect Federal Agencies Against Expected Onslaught of DDoS Attacks

    32 shares
    Share 13 Tweet 8
  • Identifying the Building Blocks for a Successful Zero Trust Journey

    40 shares
    Share 16 Tweet 10

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisment Banner Ad Advertisment Banner Ad Advertisment Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us