• Blog
  • What are the Five Elements of the NIST Cybersecurity Framework?

Blog

What are the Five Elements of the NIST Cybersecurity Framework?

A cybersecurity framework is a group of documents outlining guidelines, security-related standards, and best practices to help organizations manage and protect their assets from cybersecurity threats. Any InfoSec framework aims to prepare organizations and minimize the potential risk of vulnerabilities by identifying and remediating them. 

Example cybersecurity frameworks include the NIST cybersecurity framework, the ISO 27001 framework, the Cybersecurity maturity model (CMMC) developed by the US Department of Defense (DoD), as well as Payment Card Industry Data Security Standard (PCI DSS). Legit Security has aggregated many of these frameworks together into best-practices that can reduce software supply chain risk dramatically.  

Breaking Down the 5 Elements of the NIST Framework 

The NIST Cybersecurity Framework (NIST CSF) is a set of guidelines developed to improve cybersecurity risk management in critical infrastructure by relevant stakeholders to protect increasingly connected and complex systems, putting the United States’ security, economy, and public safety at risk. The core competencies of NIST are aligned with the 5 NIST functions which are Identify, Protect, Detect, Respond and Recover. These five security functions are ever-increasingly relevant to organizations in any sector or community. We will deep-dive into each one of them and identify the most critical aspects of protecting any organization. 

1. Identify

The first function of the NIST CSF, is to identify the assets that are critical to the organization and understand their risks (a.k.a. NIST asset management). The key activities that take place during this phase are:  

  • Identifying the physical and software assets within the organization to establish the basis of an asset management program, through which the organization can contextualize which of its assets are relevant to the following elements in the IT security framework.  
  • Identifying the business environment, the organization supports, and how its offerings pertain to the standards required when organizations take part in the supply chain of securing critical business assets. 
  • Identify cybersecurity policies established within the organization to define the organization’s governance program and whether it corresponds to the organization’s legal and regulatory requirements regarding cybersecurity. 
  • As a basis for the organization’s Risk Assessment, identifying asset vulnerabilities and threats to internal and external organizational resources, including establishing risk tolerances for defined threat models. 
  • Identifying a Supply Chain Risk Management strategy, including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks. 

2. Protect 

The second function of the NIST CSF is to protect the organization's critical assets from cybersecurity threats. This includes implementing safeguards such as security controls and protocols to protect critical services and prevent unauthorized access to sensitive information. The key activities that should be performed during this phase as a continuation of the NIST asset management are: 

  • Setting protections for Identity Management and Access Control as a basis for minimizing the exposure of sensitive information within the organization. This aims to limit and contain the ramifications of a cybersecurity incident.  
  • Creating Awareness and Training programs to empower staff within the organization while emphasizing the differences between privileged and non-privileged users. 
  • Protecting the confidentiality, integrity, and availability of information by establishing Data Security protections consistent with the organization’s risk strategy, potentially derived from the NIST impact levels.  
  • Implementing Information Protection processes and procedures to maintain information systems and asset safeguards. 

3. Detect

The third function of the NIST CSF is to detect cybersecurity incidents as they occur. This includes implementing monitoring and detection systems that can alert the organization to potential threats and allow it to respond quickly. The processes that are put in place during this phase help determine how proactive threat detections are inside the organization. The key processes that should take place during this phase are:

  • Creating procedures with InfoSec frameworks as a basis that will ensure that anomalies and events are detected and that the organization understands the potential blast radius of each event.  
  • Verifying the effectiveness of existing protective measures and implementing new capabilities that will help monitor cybersecurity events to ensure the organization does protect, detect, and respond in a timely manner. 
  • Assessing current processes and ensuring that detection processes are continuously maintained to provide the organization with alerting and visibility when anomalous events occur.  

4. Respond 

The NIST CyberSecurity Framework's fourth function is responding to cybersecurity incidents when they occur. This includes having a well-defined incident response and escalation plan in place to ensure that the organization can effectively respond to and recover from an incident. It also gives the organization the power to remediate quickly and effectively and minimize potential damage should an attack occur. It is the third layer in the protect, detect, respond triad, which is the motto by which most, if not all, InfoSec frameworks require organizations to abide by. The activities that ideally take place during this phase are: 

  • Ensuring that the response planning processes are ready to be executed during and after an incident occurs to mitigate and investigate the potential harm that the incident has caused. 
  • Ensuring that the protocols for the management of communications during and after the event with all the relevant stakeholders are in place, including law enforcement and external stakeholders, when relevant. 
  • Putting in place an analysis plan to be conducted in order to ensure an effective response and support recovery activities which include forensic analysis and determining the impact of incidents. 

5. Recover

The fifth and final function of the NIST CSF is focused on identifying activities that will help restore resilience and recover from a cybersecurity incident. This includes implementing measures to restore normal operations and mitigate the impact of the incident on the organization. The efforts put forth by an organization on the recovery component will directly affect their ability to contain the impact of a cybersecurity incident and minimize potential damage. Although this function is in addition to the Protect, Detect, Respond triad, it is one of the most important core competencies of NIST, as it will determine the size of the damage that a potential cybersecurity incident will have on an organization.  The key activities that should take place during this phase are:  

  • Ensure Recovery Planning processes are implemented and system restoration procedures are in place, to mitigate the results of a cybersecurity incident. 
  • Learning continuously and improving the recovery strategies based on industry standards and other cybersecurity incidents, as well as a continuous review of the current strategies. 
  • Planning the coordination of internal and external communications during and after the recovery from a cybersecurity incident.  

Why the NIST Framework Matters

The initial purpose of NIST CSF was to help secure the United States’ critical infrastructure. However, we can more clearly see that this framework is relevant to any and all organizations that need to secure their operating environment from a broad range of cybercriminals. In the past, security was traditionally considered at the end of the Software Development Lifecycle (SDLC). Today’s increasingly hostile cybersecurity environments along with businesses increased dependence on digital services demand that organizations also put the utmost attention on security across the pre-production development environment and SDLC by abiding to an IT security framework such as NIST CSF. As previously mentioned, the Protect, Detect, and Respond operating model is a pillar of this framework. It should be the motto by which any organization that wishes to protect itself from cybersecurity threats, creates its cyber security plan. 

Keep Your Software Supply Chain Secure by Adopting the NIST Approach 

The role of an InfoSec framework is to help organizations secure their environment by providing a set of guidelines and safeguards that they should follow. Although The 5 NIST functions, namely Protect, Identify, Detect, Respond, and Recover are similar to other top security frameworks, they contain a number of critical procedures that help minimize the effect of cybersecurity incidents on organizations of any size. In addition to these guidelines, Legit Security has devised a set of 10 steps that will help any organization secure its software supply chain, an increasingly important component to securing organizations’ overall digital business models. 

Share this guide

Published on
January 23, 2023

Get a stronger AppSec foundation you can trust and prove it’s doing the job right.

Request a Demo