Explore the NIST Cybersecurity Framework
After completing this unit, you’ll be able to:
- Define the parts of the NIST Cybersecurity Framework.
- Explain how to use the NIST Cybersecurity Framework.
Introduction to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
Remember Jim, the network security engineer at a small medical clinic, from the previous module? He decides to finally start building his dream house. He thinks about the features that are most important to him: a fenced-in yard where his children can play safely, separate bedrooms for each of his kids, an open-air dining area to entertain guests.
He calls up his architect friend and lays out a vision. He’s going for a consistent vibe throughout the house: modern, clean, minimalist. His architect gives him an idea of the steps he takes, from the design and construction stages to putting on the finishing touches and moving in to his dream home.
Just as Jim would never build a house without a plan, he wouldn’t approach the cybersecurity of his organization without one either. Having a framework, whether when building a house or navigating an organization’s security program, can help prioritize tasks, communicate with stakeholders, and make sure everyone understands the activities, processes, and precautions needed to meet the end goals.
The NIST CSF can be used to navigate a security program. It was developed by the standards body within the United States Department of Commerce, but applies to public and private sector organizations of all sizes around the world, drawing on best practices from industries to manage cybersecurity risks. The NIST CSF is intended to:
- Apply to a variety of organizations
- Strengthen an organization’s security posture
- Communicate about cybersecurity within an organization
- Assist in formulating implementation plans
The NIST CSF complements an existing cybersecurity strategy and is just one of many frameworks available to draw on. See the Resources section at the end of this unit to learn more about other frameworks to leverage.
Learn the Functions of the NIST CSF
Five functions of the NIST CSF describe cybersecurity activities and desired outcomes across organizations from the executive level to the operations level, where a network security engineer operates on a daily basis. The five functions are: Identify, Protect, Detect, Respond, and Recover. These functions provide a high-level view of the lifecycle of an organization’s management of cybersecurity risk and can be applied to many domains, including application security, threat intelligence, and network security.
The following units in this module and the next provide information about each of the five cybersecurity functions and how they can be applied to understand the role of a network security engineer. You can preview each one briefly here.
- Identify: The Identify function covers knowing what assets and users are on the network and understanding the vulnerabilities, threats, and risks associated with each. If a network security engineer doesn't know what they have, how can they protect it?
- Protect: The Protect function includes the security controls put in place around network devices, network access, and the data transiting and stored on the network. It also includes making sure users are aware of and trained on network security policies and procedures.
- Detect: The Detect function deals with knowing when something anomalous or malicious happens on the network, understanding the impact, and verifying the effectiveness of protective measures.
- Respond: No matter how good a security professional is at their job, sometimes bad things happen. When they do, network security engineers need to be able to execute response processes and manage communication during a breach, as well as learn from mistakes to strengthen the future security posture.
- Recover: After a breach, network security engineers may have a role to play in restoring affected systems to business as usual and implementing improvements to strengthen network security. These are key elements of the Recovery function.
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the function in the left column to the matching category on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.
Great job! You’ve learned how to use a framework like the NIST CSF to understand and manage a security program. In the next section, let’s dive a bit deeper into the first function, Identify, and explain how a network security engineer understands the devices, users, and topology of the network they must secure.