Skip to main content

Explore the NIST Cybersecurity Framework

Learning Objectives

After completing this unit, you’ll be able to:

  • Define the parts of the NIST Cybersecurity Framework.
  • Explain how to use the NIST Cybersecurity Framework.

Introduction to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

Remember Jim, the network security engineer at a small medical clinic, from the previous module? He decides to finally start building his dream house. He thinks about the features that are most important to him: a fenced-in yard where his children can play safely, separate bedrooms for each of his kids, an open-air dining area to entertain guests. 

A man discusses architectural plans to build his dream home with an architect.

He calls up his architect friend and lays out a vision. He’s going for a consistent vibe throughout the house: modern, clean, minimalist. His architect gives him an idea of the steps he takes, from the design and construction stages to putting on the finishing touches and moving in to his dream home. 

Just as Jim would never build a house without a plan, he wouldn’t approach the cybersecurity of his organization without one either. Having a framework, whether when building a house or navigating an organization’s security program, can help prioritize tasks, communicate with stakeholders, and make sure everyone understands the activities, processes, and precautions needed to meet the end goals.

The NIST CSF can be used to understand, assess, prioritize, and communicate cybersecurity risks. It was developed by the standards body within the United States Department of Commerce, but applies to public and private sector organizations of all sizes around the world, drawing on best practices from industries to manage cybersecurity risks. The NIST CSF is intended to:

  • Apply to a variety of organizations
  • Strengthen an organization’s security posture
  • Facilitate clear communication at all levels within an organization
  • Highlight the importance of governance and supply chains
  • Improve communication with suppliers and partners
  • Assist in formulating implementation plans
  • Help integrate cybersecurity-related issues with broader enterprise risk management strategies

The NIST CSF complements an existing cybersecurity strategy and is just one of many frameworks available to draw on. See the Resources section at the end of this unit to learn more about other frameworks to leverage.  

Learn the Functions of the NIST CSF

Six functions of the NIST CSF describe cybersecurity activities and desired outcomes across organizations from the executive level to the operations level, where a network security engineer operates on a daily basis. The six functions are: Govern, Identify, Protect, Detect, Respond, and Recover. These functions provide a comprehensive view of the lifecycle of an organization’s management of cybersecurity risk and can be applied to many domains, including application security, threat intelligence, and network security.

A circular color-coded diagram demonstrating the NIST cybersecurity framework with six functions listed: Identify, Protect, Detect, Respond and Recover and the sixth and innermost circle and function is labeled “Govern”.

The units in this module and the next provide information about each of the six cybersecurity functions and how they can be applied to understand the role of a network security engineer. You can preview each one briefly here.

  1. Govern: The cybersecurity risk management strategy is established. The Govern function helps you understand how cybersecurity risks can disrupt achievement of the business’s mission.
  2. Identify: Cybersecurity risks are understood. The Identify function helps you determine what assets and users are on the network and what vulnerabilities, threats, and risks are associated with each. If a network security engineer doesn't know what they have, how can they protect it?
  3. Protect: Safeguards to manage risks are used. The Protect function includes the security controls put in place around network devices, network access, and the data transiting and stored on the network. It also includes making sure users are aware of and trained on network security policies and procedures.
  4. Detect: Possible incidents are found and analyzed. The Detect function deals with knowing when something anomalous or malicious happens on the network, understanding the impact, and verifying the effectiveness of protective measures.
  5. Respond: Actions are taken against identified incidents. No matter how good a security professional is at their job, sometimes bad things happen. When they do, network security engineers need to be able to execute response processes and manage communication during a breach, as well as learn from mistakes to strengthen the future security posture.
  6. Recover: Assets and affected operations are restored. After a breach, network security engineers may have a role to play in restoring affected systems to business as usual and implementing improvements to strengthen network security. These are key elements of the Recovery function.

Govern

First, the “govern” function, the most recent addition to the framework, establishes the organization’s cybersecurity risk management strategy, ensuring it aligns with overall business goals and risk tolerance. This function is cross-cutting, adds context and is designed to help security teams prioritize the outcomes of the other five functions. The governance function comprises four critical categories:

  • Organizational context: This involves examining the organization’s mission, vision, risk appetite, as well as cybersecurity’s alignment with the business’s strategic goals.
  • Risk management strategy: This involves developing a strategy to identify, evaluate, and respond to cybersecurity risks ensuring it complements broader business objectives.
  • Policies and procedures: This includes establishing and enforcing policies and procedures that support the cybersecurity risk management strategy (e.g., cybersecurity policies, training policy, incident response plan).
  • Roles and responsibilities: This focuses on clearly defining and assigning cybersecurity roles and responsibilities in addition to putting communication and collaboration mechanisms in place.

While the network security engineer may not have a direct role in the high-level aspects of the govern function, they do play a crucial role in supporting the decisions and implementing the controls that will enforce the decisions made during this phase.Knowledge Check

Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the function in the left column to the matching category on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.

Great job! You’ve learned how to use a framework like the NIST CSF to understand and manage a security program. In the next section, let’s dive a bit deeper into the first function, Identify, and explain how a network security engineer understands the devices, users, and topology of the network they must secure. 

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback