Every federal agency is—or certainly should be—familiar with the National Institute of Standards and Technology (NIST) and its security compliance framework. Agencies should also be highly familiar with NIST compliance requirements.
Yet, does complying with NIST risk management framework requirements mean your agency is protected from cybersecurity attacks? Some experts say yes, some say no. Though the NIST framework provides guidance and best practices to manage and reduce cybersecurity threats, it doesn’t necessarily prevent or combat all hackers; agencies can do more to strengthen network security.
In fact, there are a series of best-practice security strategies agencies can combine with their NIST compliance to prevent, quickly detect, and combat hackers in real time. These strategies include:
- Gaining holistic visibility into the network – Taking inventory of all devices and users on the network
- Monitoring device and user behavior – Specifically, being able to track and pinpoint abnormal activity on the network
- Updating policies and procedures – Hacker tactics are constantly evolving; your policies should constantly evolve as well
- Training – Education is key in ensuring all agency staffers are involved in keeping the network safe
Let’s look at each of these individually.
It almost goes without saying, “you can’t protect what you cannot see.” An increase in visibility allows your team to identify blind spots in your environment and create action plans to close the gaps discovered.
Keep in mind, the network your agency counts on comprises more than servers and enterprise applications. Understanding your environment and interdependencies between mission goals and services consumed is a first step toward ensuring secure and reliable delivery of those services. Next steps may involve categorizing each asset by owner and function, and ensuring enterprise-wide reports show each asset’s function and status. Federal IT pros can use this information to implement incident response or system recovery tactics.
The end result? Increased network security in your environment.
Your agency already monitors your network, but do you know what may have been missed? Monitoring is most valuable when you’re able to monitor all assets in your environment, return data about the health of those assets, then translate the data toward understanding the health of the network itself. Gain additional insight by applying alert thresholds and logic to each asset to minimize false positives.
Federal IT pros might want to consider next-level monitoring through device-specific templates to ensure like assets are monitored similarly and updates are easily applied across like assets. One more tip: consider a solution designed to monitor network flows to better detect anomalies against routine network behavior and to provide critical insight during an event.
Network monitoring should provide more than uptime and other common statistics; it should directly support visibility and permit rapid detection of anomalous behavior on the network.
Policies and Procedures
Successful security practices expand well beyond a network operations center or server room. Even if you have a robust review and update process to ensure annual documentation updates aligning with NIST guidance, you may yet have work to do. Before you consider security documentation a job well done, remember hackers and other bad actors continue to develop attack techniques on an ongoing basis and poor or outdated documentation may impede detection and recovery efforts.
Maintaining security documentation on an ongoing basis will help your agency respond quickly to changes in the attack surface and attacker techniques while simultaneously supporting incident response and recovery efforts.
Training should be more than a checkbox when it comes to security. A trained team can better assess cybersecurity risks in your environment and is better positioned to implement the NIST Cybersecurity Framework.
Training aligned with NIST objectives helps federal IT pros better assess and manage risks within an agency environment. This alignment further supports the ability of the federal IT security team to select, tailor, and implement security controls to best satisfy your agency’s compliance requirements. Training can also help more effectively implement federally recommended initiatives such as FedRAMP cloud solutions supporting Cloud Smart mandates for federal agencies.
A successful implementation of the NIST framework supports prevention, detection, and response efforts for online attacks while simultaneously minimizing the potential adverse impact of such an attack. The key word here is “supports”—federal IT pros can help enhance NIST guidance by implementing best practice tactics in addition to NIST compliance requirements to dramatically enhance the agency’s overall security posture.