Understanding the NIST cybersecurity framework (2024)

Table of Contents
You may have heard about the NIST Cybersecurity Framework, but what exactly is it? 1. Identify 2. Protect 3. Detect 4. Respond Have a plan for: 5. Recover After an attack:

Understanding the NIST cybersecurity framework (1)

Download/Print PDF

You may have heard about the NIST Cybersecurity Framework, but what exactly is it?

And does it apply to you?

NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary. It gives your business an outline of best practices to help you decide where to focus your time and money for cybersecurity protection.

You can put the NIST Cybersecurity Framework to work in your business in these five areas: Identify, Protect, Detect, Respond, and Recover.

1. Identify

Make a list of all equipment, software, and data you use, including laptops, smartphones, tablets, and point-of-sale devices.

See Also
NIST SP 800-53 Compliance Explained - Guide - TitaniaITGC audit checklist: 6 controls you need to address | TechTargetWhat are the NIST CSF implementation tiers?Data Classification for Compliance: Looking at the Nuances

Create and share a company cybersecurity policy that covers:

Understanding the NIST cybersecurity framework (2)

Roles and responsibilities for employees, vendors, and anyone else with access to sensitive data.

Understanding the NIST cybersecurity framework (3)

Steps to take to protect against an attack and limit the damage if one occurs.

2. Protect

  • Control who logs on to your network and uses your computers and other devices.
  • Use security software to protect data.
  • Encrypt sensitive data, at rest and in transit.
  • Conduct regular backups of data.
  • Update security software regularly, automating those updates if possible.
  • Have formal policies for safely disposing of electronic files and old devices.
  • Train everyone who uses your computers, devices, and network about cybersecurity. You can help employees understand their personal risk in addition to their crucial role in the workplace.

3. Detect

Monitor your computers for unauthorized personnel access, devices (like USB drives), and software.

See Also
Getting Started with CSF 1.1

Understanding the NIST cybersecurity framework (4)

Investigate any unusual activities on your network or by your staff.

Understanding the NIST cybersecurity framework (5)

Check your network for unauthorized users or connections.

4. Respond

Have a plan for:

  • Notifying customers, employees, and others whose data may be at risk.
  • Keeping business operations up and running.
  • Reporting the attack to law enforcement and other authorities.
  • Investigating and containing an attack.
  • Updating your cybersecurity policy and plan with lessons learned.
  • Preparing for inadvertent events (like weather emergencies) that may put data at risk.

Test your plan regularly

5. Recover

After an attack:

Understanding the NIST cybersecurity framework (6)

Repair and restore the equipment and parts of your network that were affected.

Understanding the NIST cybersecurity framework (7)

Keep employees and customers informed of your response and recovery activities.

For more information on the NIST Cybersecurity Framework and resources for small businesses, go to NIST.gov/CyberFramework and NIST.gov/Programs-Projects/Small-Business-Corner-SBC

Download/Print PDF

Understanding the NIST cybersecurity framework (2024)
Top Articles
How to Conduct a Successful Project Debrief in 3 Easy Steps | Toggl Blog
What Products Are Made In The Philippines? // Sourcing and Manufacturing in the Philippines - Sourcing Hub
Letra De Supertramp The Logical Song ENSINO
Lyrics Locked Behind Spotify Premium? Try This App Instead
Latest Posts
How to fix OneDrive error “Connecting to d.docs.live.net” when opening Microsoft Office files?
Activation Keys for Microsoft Office 2013 - List of Free Product Keys 2022
Article information

Author: Kerri Lueilwitz

Last Updated:

Views: 6140

Rating: 4.7 / 5 (67 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Kerri Lueilwitz

Birthday: 1992-10-31

Address: Suite 878 3699 Chantelle Roads, Colebury, NC 68599

Phone: +6111989609516

Job: Chief Farming Manager

Hobby: Mycology, Stone skipping, Dowsing, Whittling, Taxidermy, Sand art, Roller skating

Introduction: My name is Kerri Lueilwitz, I am a courageous, gentle, quaint, thankful, outstanding, brave, vast person who loves writing and wants to share my knowledge and understanding with you.