Why We Align Our Practice with the NIST Cybersecurity Framework

NIST Cybersecurity Framework

Companies across all industries have taken steps to protect their data and prevent cybercrime.

The use of information security frameworks grew out of a need for organizations to follow a set of steps to protect information. By selecting a cybersecurity framework, companies could adopt a set of policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment.

Common Cybersecurity Frameworks

Various frameworks were developed by volunteers, government agencies, and other organizations.

The cybersecurity frameworks most commonly used by companies today include:

Growing Adoption of the NIST CSF

In recent years, we have seen adoption of the NIST Cybersecurity Framework (CSF) escalate rapidly. One reason for this trend is some of the recent government mandates that have exposed companies to new compliance initiatives – companies that were otherwise unaffected by compliance.

For example, the need for NIST 800-171 compliance (effective as of December 31, 2017) impacts companies further down the federal supply chain than prime subcontracting companies, which were already complying with the wider-encompassing NIST 800-53 mandate. The emergence of NIST 800-171 revealed the need for security controls to a whole new group of organizations.

Read "The Definitive Guide to NIST Compliance"

Because NIST is a government agency (part of the US Department of Commerce), the resources that NIST creates have become recognized by and utilized by IT security, compliance, and risk management professionals as a standard for best practice.

Particularly for those corporations that have their own in-house senior security professionals on staff, we have noticed growing adoption of the NIST CSF. It makes sense when you think of the large percentage of companies that do business directly or indirectly with the government.

Aligning with a Cybersecurity Framework

You may be wondering...

straight

Why would I need to align with a cybersecurity framework at all?

straight

Corserva has been asked this very question on multiple occasions, and the answer is fairly straightforward.

If you are initiating a full-featured security program, why would you rely on Google searches?

Why would you invest heavily in training or hiring staff when you don't need to?

The framework itself provides formal guidance and is provided as a resource that was directly developed within the US government to address the management of cybersecurity risks. The NIST Cybersecurity Framework has been implemented across various industry vertical markets, and regardless of the regulatory requirements, technical design, and subsequent controls in place for an organization, it has proven to be successful. NIST also provides a broad library of documents for reference.

The oversight provided by a framework assists in the implementation and ongoing management and operation of a security program.

Why Corserva Chooses the NIST Cybersecurity Framework

Corserva's cybersecurity practice is primarily aligned with the NIST Cybersecurity Framework.

Our clients need to comply with many different regulations, such as PCI DSS, HIPAA, NERC CIP, FISMA, NIST 800-171, NIST 800-53, and GDPR. One thing you can count on is that there will continue to be more mandates in the future affecting a wide range of industries. The NIST Cybersecurity Framework can be used to comply with any security mandate to which your industry must comply.

straight

At Corserva, we take a holistic approach to safeguarding computer systems and data.

straight

For our clients, we believe they are best served if we use the NIST Cybersecurity Framework to provide guidance for the implementation and maintenance of a company's internal security management practices/programs.

Mandates will continue to evolve, and new ones will be introduced, depending on the industry. But aligning with the NIST Cybersecurity Framework will provide you a robust security program, regardless of any individual compliance mandate.

Cybersecurity white paperIt's important to note that choosing one framework over another does not mean you are omitting some areas of security. Instead, think of the various frameworks as different ways to organize or order the steps to create a secure IT environment. For example, the 20 CIS Controls support the other frameworks. A company that focuses on those 20 areas is taking a good first step at preventing the most critical security threats.

For practical, step-by-step information on implementing best practices in cybersecurity, download the white paper, "20 Steps to Improve Your Cybersecurity."

 

Think your security posture is already pretty good? Feeling confident?

About Corserva

Corserva provides a simple solution to the complicated program of defending against cyber attacks. With Corserva, all parts of the network (applications, client, WLAN/LAN) are protected from all threats, whether cloud or IoT. You get the protection you need within an all-inclusive monthly fee.

Get your free 14-day trial of our Managed Security Service today.

FREE TRIAL

Topic category:

NIST, Cybersecurity/security

Sean McCloat, CISSP

Sean is responsible for Corserva’s network and security operations centers, field services, sales engineering, data center operations, and professional services. He has an intense focus on delivering exceptional customer service across a wide array of client engagements. With 25+ years of national and global experience in the IT industry, Sean has real world experience at the corporate and enterprise levels of healthcare, advertising, and logistics organizations.

   
Questions? We've got answers.
 
CONTACT CORSERVA