According to the 2019 SANS State of OT/ICS Cybersecurity Survey, the NIST Cybersecurity Framework (CSF) is the most popular security framework in use today. The NIST CSF is a voluntary standard that uses business drivers to guide cybersecurity activities as part of an organization’s overall risk management strategy. Version 1.1 of this framework was published in 2018 using feedback NIST received from Version 1.0 to enhance and clarify topics like supply chain risk and access control. A summary of the changes in Version 1.1 can be found here.
The NIST Cybersecurity Framework consists of three main elements:
These Functions categorize basic cybersecurity activities at a high level so that critical infrastructure companies can organize information to enable better risk management decisions, address cybersecurity threats, and use experience to improve. Benchmarking progress against these Functions helps security practitioners and executive management demonstrate how their industrial control system (ICS) cybersecurity investments are reducing their cyber risk exposure.
These are the 5 Functions of the NIST Cybersecurity Framework and how to apply them in ICS environments:
We know our customers are always striving to improve their maturity within the NIST Cybersecurity Framework, which is why we released built-in reporting features for the framework in our platform. Our users can now automate executive-level reporting using the complete and accurate OT asset data from Industrial Defender to demonstrate cyber risk reduction efforts for their ICS environments and benchmark their progress towards NIST CSF maturity.
For a glimpse into 40+ report samples from our built-in NIST CSF library, download our NIST Cybersecurity Framework report book.