The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a methodology that provides a structure for organizations to implement a security program and increase their overall security posture. The NIST CSF is broken down into 5 core functions:
Determine inventory, the criticality of each asset and what needs to be protected
Select and implement the appropriate mechanisms to secure your assets
Implement the necessary mechanisms to identify pertinent events and incidents
Develop the capabilities and techniques to respond to cybersecurity incidents
Implement appropriate mechanisms and processes to restore operations after an incident
These 5 functions are then broken down into 23 categories and further decomposed into 108 subcategory controls. The controls are outcome driven statements that organizations must implement processes and mechanisms for.
(Click to enlarge)
The GAI Cyber Team has provided input to the release of each version of the NIST CSF since version 1.0 in 2014. We have helped organizations in every industry sector build security programs from the ground up using the NIST CSF. Our team will help architect a new security program or improve upon an existing one while determining the optimal target maturity level your organization should pursue.