What is the NIST Cybersecurity Framework (CSF)?
NIST is a federal agency within the US Department of Commerce that creates guidelines, frameworks, and policies that support innovation in science and technology. It was created in response to Presidential Executive Order 13636, The National Institute of Standards and Technology (NIST) created a Cybersecurity Framework (CSF) in 2014.
The NIST Cybersecurity Framework provides guidance to organizations on how to mitigate, handle, and monitor security threats. Only federal agencies and their vendors, contractors, and partners are mandated to comply with NIST CSF.
Many private organizations voluntarily implement NIST CSF principles into their compliance and security programs. Self-attestation does not require an audit, and there is no accrediting body that awards certificates for compliance.
NIST CSF is based on five core functions intended to holistically safeguard organizations from security risks.
- Identify: Develop an understanding of possible security risks as they relate to a company’s people, processes, and technology.
- Protect: Establish cybersecurity protocols and principles that actively and passively defend a company’s infrastructure from security breaches.
- Detect: Continuously monitor a company’s infrastructure for anomalous events, malicious activity, and system weaknesses.
- Respond: Ensure a proper response strategy that effectively eliminates a security threat while also keeping company production on track.
- Recover: Maintain the integrity of all systems so that a company’s people, processes, and technologies can return to a stronger, more efficient state of operations.
Additional resources you might like:
Scaling Security Mammoth
In this on-demand webinar you'll learn: How being ISO 27001 certified benefits your business The five main requirements in the certification process How automation can lead to a more cost-effective path to ISO 27001 compliance The value of continuous security monitoring during the two-year surveillance audit
Coffee and Compliance: Building Trust to Drive Business Growth
Join our live webinar on May 23 at 12 PM where VP of Product Chase Lee, and Staff Product Manager Sanjay Padval as they demonstrate a brief overview and provide guidance on advancing your security program beyond building or improving. Learn how to enhance customer satisfaction and gain a competitive advantage, accelerating your business growth.
Café et compliance : les clés pour booster sa croissance en tant que startup
Pour vendre à des entreprises, les startups doivent garantir la protection des données de leurs clients en prouvant qu’elles ont mis en place les bonnes pratiques de sécurité. Pour cela, elles peuvent obtenir une certification comme la norme ISO 27001. Ce webinar explique les différents contrôles de sécurité à effectuer, les avantages de la certification et comment automatiser jusqu'à 90% du processus avec Vanta. Sébastien, CTO et co-fondateur de Leeway reviendra sur son expérience avec Vanta, et les participants pourront échanger avec notre responsable commerciale en France et notre expert en certification.