In the never ending battle to secure networks, endpoints, and data from hacktivists, criminals, and nation state intelligence gathering, the National Institute of Standards and Technology (NIST), has become the superhero of the cybersecurity world. The recently introduced NIST Cybersecurity Framework doesn’t require the purchase of new boxes or software but provides a “simple taxonomy” to help organizations, most specifically those in the critical infrastructure space, organize their cybersecurity defenses against baseline requirements. In other words, the Framework helps define standards, guidelines, and practices to help organizations effectively lower cyber risk.
While the framework is still voluntary, it is likely that over the next few years the requirements will evolve into a legal standard not just for critical infrastructure operators, but for all government agencies, and the private sector too. In fact, the National Cybersecurity and Critical Infrastructure Protection Act is currently in front of the House and, while it might take many years to progress through the divided Congress, what is obvious is that there is a strong desire to develop common standards for cybersecurity that are mandated from the national level.
In the likelihood that a cybersecurity mandate will be put in place in the near future, a well prepared organization should be taking steps now to understand the NIST Cybersecurity Framework. From the fundamental step of identifying the organization’s current cybersecurity practice maturity level to how the Framework’s five core functions can be implemented. One of the most effective ways for government agencies to prepare is to work in concert with cybersecurity companies to simplify the process of establishing and implementing best practices. To learn more about how the NIST Cybersecurity Framework establishes best practices to identify, protect, detect, respond, and recover, from cyber threats click here to listen to a recent webinar.