NIST Cybersecurity Framework (CSF 2.0)
The NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF) was established as a result of an executive order by former President Obama to improve critical infrastructure cybersecurity through partnership and collaboration. Compliance to this standard is voluntary but this framework is often used as a basis to assess cybersecurity program maturity, practice gaps, and mitigation roadmaps due to its flexibility and common language. The NIST CSF is currently in version 1.1 as of April 2018.
The NIST CSF version 2.0 is comprised of 6 key Functions – Govern, Identify, Protect, Detect, Respond, and Recover.
Under the 6 Functions are 23 Categories and 106 Subcategories (control activities).
The NIST CSF applies to almost all cybersecurity programs and is commonly used as a reference framework within the US and North America. It is often used to assess program maturity and provide a basis of reporting to internal and external stakeholders regarding the overall security posture.
How can Socium Security help?
Socium Security can provide companies of all sizes an independent program maturity assessment based on the NIST CSF using a standard methodology. This service is typically paired with a Security Architecture Assessment that includes an assessment, report, and risk-based recommendations around the IT architecture, data processing, and security controls in place. Together, this provides management and technical stakeholders a complete picture of the current state security posture.
If your cybersecurity practices are operating with measurable maturity, consider testing the program’s capabilities with a crisis management exercise or penetration test by Socium Security.