VOOZH about

URL: https://devops.com/what-is-the-nist-cybersecurity-framework/

⇱ What is the NIST Cybersecurity Framework? - DevOps.com

Sign up for our newsletter!
Stay informed on the latest DevOps news

Cybersecurity threats are easier to handle when you have a framework to build off of. That’s why NIST developed the Cybersecurity Framework. Learn more.

What You Need to Know About the NIST Cybersecurity Framework

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework.

The 5 Elements of the NIST Cybersecurity Framework

There are five central elements of the NIST Cybersecurity Framework:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

The 3 Components of the NIST Cybersecurity Framework

In addition to the five main elements of the NIST Cybersecurity Framework, there are also three essential components.

Framework Core: The Framework Core provides you with a set of activities to help you achieve specific cybersecurity outcomes. In order to help you achieve each activity, the Framework Core provides you with examples.

Implementation Tiers: The Implementation Tiers provide you with an outline to increase the sophistication in your cybersecurity risk management.

Framework Profiles: The Framework Profiles outline your cybersecurity activities and provides a look at the potential cybersecurity outcomes needed to meet your cybersecurity goals.

How to Use the NIST Cybersecurity Framework

In order to use the NIST Cybersecurity Framework, you must follow these three steps:

  1. Determine the appropriate implementation tier.
  2. Understand the gap between its current and target profiles.
  3. Put plans in place to implement the activities from the Framework Core to move toward the target profiles.

The CIS Controls for NIST Cybersecurity Framework

The Center for Internet Security (CIS) regularly publishes CIS Critical Security Controls that map to the NIST Cybersecurity Framework. While there are many sections to the CIS Controls, the most relevant is CIS Control 18, Application Software Security. The section recommends the following actions:

  1. Establish secure coding practices.
  2. Ensure software development personnel are trained in secure coding.
  3. Apply static and dynamic code analysis tools.

To read more, please visit: https://www.perforce.com/blog/kw/nist-cybersecurity-static-analysis