Request Demo

NIST Cybersecurity Framework

Taking Action on The Framework for Improving Critical Infrastructure Cybersecurity 


The Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure is starting to result in actions by not only U.S. federal agencies but also by U.S. businesses. Recent attacks and hacks have resulted in a more aware private sector, and businesses are asking what they can do to reduce their risks.

Some are overwhelmed by the Framework because of its complexity, but the National Institute of Standards and Technology’s Framework, formally titled The Framework for Improving Critical Infrastructure Cybersecurity, is what many call the closest thing to a national gold-standard for cybersecurity. Its popularity and support already covers about 30% of U.S. businesses who have adopted it and that number is growing rapidly according to Gartner. The NIST CSF builds upon existing frameworks like NIST 800-53, ISO 27001 and others and was built by over 3,000 public and private security professionals. The new version that is set to be released also has an immense amount of input and feedback from those who started to implement version 1.0. Therefore, it’s only right that both the public and private entities that support our economy and ultimately support the comings and goings of our daily lives would take it seriously.

The Framework is a risk-based approach to managing cybersecurity, and NIST further stated that its purpose is to create a common language that spans risk, cyber, and management communications, internally and externally in both public and private organizations. It might seem like a far-fetched goal, but now couldn’t be a better time to execute on efforts to strengthen your cyber posture considering the increase in attacks on businesses of all sizes. It's time to be proactive about cybersecurity management and strategic about how companies build their programs. Some organizations are even requiring their vendors to adopt the Framework as they scale their businesses, and for good reason considering the number of attacks even in the last few months. Likewise, some financial and healthcare entities are starting to map regulations to the framework and are realizing the importance of securing their data more than ever before.

[ Interested in learning how to strategically deploy the NIST Cybersecurity Framework? Sign up for our upcoming Webinar: How to Simplify The NIST CSF to learn from industry experts]

The executive order specified that federal entities should run an assessment to build their target profile in relation to the NIST Cybersecurity Framework. Then, these organizations would identify gaps and put remediation plans in place to be submitted to the Office of Management and Budget. 

For both public and private organizations, running an assessment and identifying gaps are critical to creating a sound budget to strengthen your cybersecurity program. Mitigation and remediation steps should be identified with various paths to choose from, for example using one technology versus another to fulfill a certain area in the Framework. Having a proactive plan in place for all areas, especially if you are able to prioritize them and thus won’t get to all of them immediately, will give you more flexibility when you actually start to execute your budget. 

Running a risk-based program is the proactive way to manage your cyber posture as every move and measure should be in response to the related risk - not in response to a breach after the fact. The NIST Cybersecurity Framework promotes this strategy and is helping to give businesses and organizations that are critical to our economy guidance in making cybersecurity management a priority.

Learn the steps you should take to prepare for adoption and how to assemble your resources in CyberSaint’s NIST CSF whitepaper.


Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption


You may also like

Why GRC Needs IRM
on February 15, 2019

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day ...

Alison Furneaux
Government Shutdown Cybersecurity ...
on February 12, 2019

In January, CyberSaint CEO George Wrenn penned his thoughts on the impact of the government shutdown. In his post, George foresaw the outcome of the shutdown not being a future ...

The Cybersecurity Skills Gap: The ...
on February 7, 2019

The cybersecurity skills gap is nothing new to the seasoned cyber professional. It has been widely discussed in cyber and information security circles for some time. The main flag ...

George Wrenn
The Post-Digitization CISO
on February 5, 2019

Information leaders in digital businesses, whether focusing on optimization or a full transformation, are inherently altering their position among the executive leadership. As ...

Integrated Risk Management and ...
on January 31, 2019

With technology permeating every aspect of a business, one begins to wonder what technology is reserved for digital risk management rather than the other facets of integrated risk ...

Department of Defense Launches ...
on January 29, 2019

The Defense Federal Acquisition Regulation Supplement (DFARS) mandate, specifically Clause 252.204-7012 requiring all members of the Department of Defense’s supply chain to comply ...