Cyber Security Framework
The NIST CSF (National Institute of Standards and Technology, Cyber Security Framework) is a framework that helps an organization better understand, manage and reduce its security risks. With the help of NIST-CSF, the organization gets a clear picture of its current cyber security capability against a desired state.
Strengthens cyber security • Shows current cyber security capabilities • Guides step by step towards better cyber security
The NIST CSF framework
With knowledge of the current ability to manage and reduce cyber security risks, the organization’s knowledge of what needs to be accomplished to manage cyber security in a better way increases. This is where the NIST-CSF framework comes in handy for an organization that wants both an indication of the current ability to manage threats and vulnerabilities related to cyber security, but also the knowledge to take the necessary measures.
Following NIST-CSF is not a statutory requirement within the EU. Currently, there is no certification for NIST-CSF. If you want to be certified, management systems within information security ISO 27001 work very well. On the other hand, we see an increased request for NIST-CSF from European companies operating in the US market, which at short notice receive express demands from American customers to apply NIST-CSF. Companies whose customers are directly or indirectly suppliers to US authorities may be faced with explicit requirements to demonstrate a certain level of maturity in their approach to cyber security based on the NIST-CSF. There are four maturity levels and it is the customer/authority who decides which level applies.
The framework’s structure is based on five functional areas that follow each other in a logical sequence.
Do you want to know more?
Contact us and we will tell you more about NIST.
This is what our customers think
Secify supports us in data protection issues and in our work with Data Privacy. In a trustworthy manner and with broad competence, Secify has contributed to our delivery.
Robert Ekvall, IT Security & Company Integration Lead
Några av våra kunder
The framework is based on five steps to ensure that protection is achieved.
- Identify (identify)
Gives the organization an understanding of what risks exist related to the cyber security of systems, people, assets and data information.
Develop and implement appropriate safeguards to ensure delivery of critical business functions.
Develop and implement appropriate activities to detect cyber-related threats.
- Handle (respond)
Develop and implement appropriate activities to manage and remediate detected cyber-related threats.
Develop and implement appropriate activities to restore critical business functions to normal after cyber-related attacks.