With Other Cybersecurity Frameworks, CSF Can Help Enhance Organizational Cybersecurity Posture As a security architect, I want more people to notice that Hopefully, looking to lower organizational risk and shield critical infrastructure. NIST's CSF can be a valuable tool for organizations to improve their security maturity. Recently, the National Institute of Standards and Technology (NIST) that interested parties provide comments on . But before NIST publish the comments and updates on CSF, in this article, I will take further steps to align CSF objectives to make this easier to understand. has requested how to improve Cybersecurity Framework (CSF) One example is to map with actual threats by leveraging , which emulate MITRE's ( ) against security products.The second application is to help you start the adoption of with the CSF and other practical frameworks.What is CSF? MITRE's ATT&CK Evaluations Adversarial Tactics, Techniques, and Common Knowledge ATT&CK Zero Trust Architecture (ZTA) The is a set of best practices organizations can use to secure their data. Built by the , the Framework was designed to make cost-effective security possible for organizations of any size. NIST Cybersecurity Framework National Institute of Standards and Technology It directed NIST to work with stakeholders to develop a voluntary framework for reducing risk to critical infrastructure. It does this by focusing on : The CSF came out with the cybersecurity executive order (EO 13636 ) from 2013 by President Obama. three key areas information sharing, privacy, and; the adoption of cybersecurity practices. The latest version of the CSF is , updated in April 2018. And for 2022, CSF would have a planned update to keep its current and ensure that it is aligned with other tools. In addition, to promote further adoption of the CSF, NIST has published guidance including: version 1.1 — , and NISTIR 8170 Approaches for Federal Agencies to Use the Cybersecurity Framework — Three Components of the CSF NISTIR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM). At its basis, the : the Core, Implementation Tiers, and Profiles. CSF has three components is a set of preferred cybersecurity exercises and results. It guides organizations in managing and reducing their cybersecurity risks in a way that complements an organization's existing cybersecurity and risk management processes. The Core are used by adopting organizations to give context regarding how organizations view cybersecurity risk management. The Tiers guide organizations to consider the appropriate level of rigor for their cybersecurity program and are often used as a communication tool to discuss risk appetite, mission priority, and budget. Implementation Tiers help provide customized alignment with organization requirements and objectives to achieve outcomes and reduce organizational and even industry-wide risk. Profiles are primarily used to identify and prioritize opportunities for improving cybersecurity at an organization. Framework Profiles Within these three components are additional that link to outcomes for a cybersecurity program. NIST has already produced several for manufacturing, elections, and the smart grid. categories and subcategories within functions example framework profiles Five Functions of the CSF One of the most recognizable aspects of CSF is the functions it breaks down activities into — Below are the five functions and the roles they play in supporting cybersecurity. Identify, Protect, Detect, Respond and Recover. Identify The first function, Identify, focuses on assessing and identifying risk in your business and IT infrastructure, which requires a thorough check of your current security practices. The following actions fall under Identify: Asset Management Business Environment Governance Risk Assessment Risk Management Strategy (Critical due to recent incidents such as , , and ) Supply Chain Risk Management Kaseya Log4Shell Colonial Pipeline Protect This function focuses on cybersecurity controls that can help you maintain "CIA" — Confidentiality, Integrity, and Availability. The implementation of the security controls we saw every day under this function. Identity Management and Access ControlAwareness and TrainingData SecurityInformation Protection Processes and ProceduresMaintenanceProtective TechnologyDetect To minimize the number of security incidents when the previous function (Protect) failed, you need ways to detect events when they occur. The Detect function includes the following steps: Anomalies Detection and Events Baselining Continuous Security Monitoring Detection Processes Respond When a security incident occurs, time is critical. Thus, you need to respond swiftly to any sign of an incident by taking the following steps: Response Planning (pre-work) Communications plan and drill (pre-work) Analysis and Investigation Impact Mitigation Improvements (post-work) Recover Finally, the last steps you take in the cybersecurity framework are focused on recovering data and resuming business lost or compromised. Use these steps to ensure a smooth recovery: Recovery Planning Improvements Communications Why is the CSF So Widely Recognized? CSF aligns with the activities and lifecycle of cybersecurity and risk management within an organization's security program. These functions are also applicable to organizations across many industries and verticals, making CSF dynamic and adaptable. Because it is both practical and logical, the Since CSF is built on top of existing standards, guidelines, and practices, it includes activities shared among other industry-leading guidance such as , which is evident through activities such as CIS Critical Controls "identify critical enterprise processes and assets." The CSF also has " Informative References " that align under each function and point to existing framework security controls and references to better leverage existing standards, guidelines, and practices. When the CSF Meet MITRE ATT&CK One great way to , which emulate adversarial tactics and techniques against leading cybersecurity products. align the CSF objectives to real cyber threats is by leveraging MITRE's ATT&CK Evaluations The information is then made available to industry end-users to see how products are performed and align with organizational security objectives. Another excellent resource from MITRE is the Center for and . Threat-Informed Defense mapping MITRE ATT&CK NIST 800–53 GitHub — center-for-threat-informed-defense/attack-control-framework-mappings By using these mappings, organizations could cross-reference the mapping from the Center to the Informational References in the CSF, tied to specific functions and categories. When the CSF Meet Zero Trust In May 2021, the US government on improving the nation's cybersecurity. A significant aspect of the EO was the push for agencies to adopt zero trust (mentioned 11 times ). So again, organizations can see substantial synergies between CSF and the EO objectives. issued another EO here For example, when it comes to Zero Trust, the NIST that (i.e., NIST SP800–27). These are core Zero Trust components, such as National Cybersecurity Center of Excellence (NCCoE) has guided maps relevant Zero Trust components to CSF functions, categories, and subcategories policy engines, administrators, enforcement points. Another helpful resource is the whitepaper from NIST — , which describes how to leverage CSF and the (SP800–37) in the journey of migrating to a Zero Trust Architecture. Planning for a Zero Trust Architecture NIST Risk Management Framework (RMF) Federal agencies and organizations can With that in mind, which includes mapping tools and aspects of the technology stack to CSF criteria. leverage the CSF to map security program objectives across the five CSF functions, categories, and subcategories. Final Words — CSF is Flexible We can use self-assessment and measurement through the CSF to improve decision-making about investment priorities regarding actual threats. A limited set of resources and funding is a reality for all security leaders, regardless of industry. Identifying gaps in the security program and driving investments to the areas that present the most significant risk can provide massive benefits. This is why CSF is essential for security leaders to Doing so ensures alignment with business leadership supports buy-in for security initiatives. ensure that security controls and activities are tied to organizational outcomes and business objectives. NIST's CSF is a flexible framework for managing organizational risk and security program maturity. Its use cases include All these use cases apply to meeting the slew of tasks and objectives that came out in the 2021 cybersecurity EO. managing cyber requirements, reporting cybersecurity risks, and integrating and aligning cyber and acquisition processes. Although the Cybersecurity Framework is not a "one-size-fits-all" approach to managing cybersecurity risk for organizations, it is ultimately aimed at reducing and better managing these risks. Therefore, this guide is intended for any organization regardless of sector or size. Organizations will vary in how they customize security practices described in the CSF. However, organizations can determine important activities to critical service delivery and prioritize investments to maximize impact. This intends to provide direction and guidance to those organizations — in any sector or community — seeking to improve cybersecurity risk management via the utilization of the NIST Cybersecurity Framework. Quick Start Guide ---- Thank you for reading. May InfoSec be with you🖖.