What is NIST and Why Should I Care?

You’ve heard other Managed Service Providers (MSPS) boasting about being NIST certified or following the NIST framework when applying cybersecurity programs, but you might have one question: 

What does that mean to me? 

The difference is night and day; it could mean everything. 

NIST 101 

The National Institute of Standards and Technology (NIST), originating from the U.S. Department of Commerce, created the NIST Cybersecurity Framework to guide businesses on how to set up an effective cybersecurity program. Though not required for any industries outside the government, The Framework has quickly been adopted by Managed IT (Information Technology) Services providers across the country to keep their clients’ data and business environments safe. 

The NIST framework is made up of 5 components: Identify, Protect, Detect, Respond and Recover. 

1. Identify  

Goal: Get the feel for your technology environment – what do you have, what’s working, what’s not?  

  • List and categorize all technology assets, software, and data your company uses. 
  • Define a cybersecurity policy for anyone interacting with these assets. 
  • Do a risk assessment on all assets to determine where potential vulnerabilities are. 
  • Create a risk management strategy on how to address these vulnerabilities and the security state of the company. 

2. Protect 

Goal: Put tools, strategies, and policies in place to protect your IT environment and data. 

  • Define who is authorized to interact with company technology and software and set different permission levels. 
  • Define lifecycles and disposal processes for older technology and software.  
  • Set up data protection tools such as security software, encryption, and backups. 
  • Keep all security software routinely updated. 
  • Train all employees in cybersecurity, physical security, internet etiquette, and company privacy policy.  

3. Detect 

Goal: Monitor traffic and quickly spot unusual activity, then investigate. If there’s risk for a threat, evaluate what level of response will be needed.  

  1. Endpoint Detection Response (EDR) 
  • Analyzes data at endpoints (ex. Laptops, servers, etc.) for suspicious activity like malware and ransomware 
  1. Network Detection and Response (NDR)  
  • Monitors suspicious activity on the network, such as who is accessing it and what permissions they have. 
  1. System Information and Event Monitoring (SIEM) 
  • Compiles and analyzes data from every logged asset for compliance checks and suspicious activity 
  1. Log Management 
  • Manages and logs data from all areas of the technology environment. 
  • Analyzes performance issues, bugs, and other unexpected behavior for any malicious activity. 

4. Respond 

GOAL: How will you get rid of suspicious activity? How will you stop cybersecurity incidents from spreading? 

GOAL: How do you choose to handle any suspicious activity and how will you get rid of it? How quickly can you contain a cybersecurity incident? 

  1. Stop the incident from spreading  
  • Analyze and log the incident. 
  • Identify the threat and where it is. 
  • What kind of response does it need? 
  • Contain the threat. 
  • Does it require short- term or long-term containment? 
  • Notify appropriate parties. 
  • Back up critical business components. 
  • Streamline recovery time by keeping total damage to a minimum. 
  1. Get rid of threats or suspicious activity 
  • Find the exploited vulnerability that caused the incident and fix it. 
  • Eradicate the threat if possible (malware, spyware, etc.). 
  • Improve systems to ensure similar incidents don’t happen in the future. 

5. Recovery 

GOAL: Long term improvements, Disaster Recovery, and communication. 

  • Quickly restore any damage to infrastructure, data, or hardware.  
  • Notify any appropriate parties with details of the incident and its potential impact. 
  • File communications and reports with the right agencies with details of the incident.  
  • Improve defined procedures and security measures to prevent future incidents under similar conditions. 
  • Periodically test defined procedures. 

I’m not in IT, why is this important to me? 

Your IT partner should be following the NIST Framework or similar ones to maximize your business’s overall protection. By understanding NIST, you now have the insight and knowledge to watch how your IT partner responds to security issues and general concerns, like slow email servers and faulty laptops. Based on these federally adopted guidelines, if you don’t think your IT partner is responsive, quick, or involved enough with the wellbeing of your business, it might be time for a new one. If you’re still looking for an IT partner, ask them if they’re NIST certified. 

Your employees and clients will thank you later.  

Still having trouble finding a good IT partner? Not sure what to look for? 

Check out our blog for more business cybersecurity tips!