What is the NIST Cybersecurity Framework? The National Institute of Standards and Technology (NIST) is responsible for establishing and operating the NIST Cybersecurity Framework. In short, the NIST Cybersecurity Framework offers a globally consistent approach to information security that sets the standards by which information security practices are measured.
Many businesses, governments, and other entities have implemented the framework in order to establish a uniform method of assessing the degree of risk associated with information security. This has resulted in a number of international standards for information security, including the ISO Security Standardization and the Computer Transportation Security Standards. Both private and public sector users, businesses and government agencies have been governed by the guidelines established by the NIST Cybersecurity Framework.
What are some of the cyber threats to our nation’s information and technology infrastructures? The cyber threats today include primarily external threats, meaning those from outside the realm of the United States. In recent years, this external threat has grown substantially with the penetration of malicious intruders who penetrate computer networks and send confidential or personal information across the Internet.
While most intruders are criminal in nature, a small percentage are nation-sponsored cyber criminals who use cyber tactics to extract economic advantage or to sabotage critical infrastructure. While more easily thwarted than internal threats, the public and private sectors have been coping with these external threats for some time.
What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework establishes a consistent methodology for determining the vulnerability of a system or network to potential attack. Crucial to this assessment is the use of a vulnerability assessment, which determines the highest threat level that could be exploited through a cyber means. Based on this information, an individual or organization may establish a mitigation strategy or develop a fix.
Why is the NIST Cybercrime Framework important? Inadequate protection can leave you exposed to dangerous cyber attacks, compromising your data and increasing your vulnerability to costly litigation. This framework allows businesses to work with security companies to determine their vulnerability and work with security and network experts to mitigate their risk. By establishing a baseline of information about cyber vulnerabilities, businesses can be better prepared to defend against cyber threats.
What is the NIST Cybersecurity Manual? The NIST Cyber Security Manual is a reference document that describes the procedures that organizations must follow when determining whether they possess cyber threats and the mitigations that will mitigate those threats. The Manual also serves as a standard reference that security professionals may refer to when assessing a system’s vulnerability to threats and how to manage those threats.
Unlike the Framework, the Manual does not attempt to define a standard definition for a vulnerability or a mitigation strategy. Rather, it provides a list of recommended best practice for determining vulnerabilities, listing the security risks inherent in the system and suggesting how to manage those risks.
What is the NIST Cybersecurity Vulnerability Assessment? The NIST Cybersecurity Vulnerability Assessment is a comprehensive assessment of a potential cyber threat, one that incorporates both vulnerability research and mitigation strategy. This assessment is designed to provide comprehensive visibility of a system’s vulnerabilities and an estimate of the cost and time needed to fix any issues that may be lurking in the cyber landscape.
What is the NIST Broadband Security Initiative? The NIST Broadband Security Initiative (BSMI) was developed by the National Institute of Standards and Technology (NIST) to help standardize on the prevention, identification, investigation, and mitigation of cyber threats.
The initiative was established as part of the Network Infrastructure Security Management Act (NISMA) of the National Security Agency (NSA). BSI works to standardize the protection against known and potential cyber threats. In essence, it attempts to create a uniform approach for detecting, analyzing, managing, and mitigating cyber threats.
What is the NIST Cyber Crime Intelligence Service? NIST’s Cyber Crime Intelligence Service (CCIS) helps US intelligence agencies and law enforcement officials understand cyber crime trends and international operations by providing timely information on such subjects as malicious cyber activity, illicit digital currency transactions, international terrorism threats, and cyber crimes that involve public entities.
NIST is also responsible for collecting, analyzing, and disseminating cyber crime intelligence data and information to federal, state, local, and international law enforcement and security agencies upon request. NIST is a unit of the National Science Foundation (NSF) that was established to enhance cyber security through science and technology research. The unit was created to exploit emerging technologies for the public’s safety.