This blog is part of a series of posts to highlight how Field Effect’s flagship product, Covalence, can help our customers attain their compliance goals.
Whether it’s to mitigate risks, maintain a cyber insurance policy, fulfill a contractual requirement, or ensure the protection of employee and customer data, Field Effect knows how important it is for businesses to adhere to industry-standard compliance frameworks.
What is the NIST CSF?
In 2014, the US National Institute of Standards and Technology (NIST) released a set of cybersecurity standards, guidelines, and best practices called the NIST Cybersecurity Framework (CSF). The framework was originally developed to guide the cybersecurity activities of critical infrastructure providers while helping them to consider risk management and the protection of both individual privacy & civil liberties.
Since then, the framework has been widely adopted by organizations in many countries and industries including finance, education, and healthcare. The reason for NIST CSF’s success is that the framework can be customized to an organization's unique needs and risk profile, making it an ideal starting point for business entities of all sizes.
The currently approved version of NIST CSF (1.1) was released in 2018. As of the publishing of this blog, an updated version (Version 2.0) is undergoing final review by stakeholders with an expected release in early 2024.
How is NIST CSF organized?
To help organizations implement it efficiently, the CSF is broken down into five core functions:
- Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
- Protect: Develop and implement appropriate safeguards to ensure delivery of critical services.
- Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
- Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
- Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
All five functions have a set of categories and subcategories, each of which may have one or more security controls. Version 2.0 of CSF will add a sixth core function, Govern, that focuses on organizational context, risk management strategy, policies, and procedures.
Is the NIST CSF mandatory?
NIST CSF was developed as a completely voluntary standard for organizations wishing to improve their cybersecurity risk management.
However, there are times when NIST CSF may be mandatory. For example, cyber insurance providers may request that an organization adhere to CSF to demonstrate a commitment to security and privacy.
How can Covalence help?
Our team has created a detailed mapping document to show how our holistic cybersecurity solution satisfies, partially satisfies, or supports the categories in NIST CSF V1.1.
Let’s take a look at a few examples:
Subcategory ID.RA-2
Subcategory ID.RA-2 in the Identify core function instructs organizations to implement processes and procedures to ensure that “cyber threat intelligence is received from information sharing forums and sources.”
Very few small and mid-sized organizations have the time and resources to gather, analyze, and contextualize information about current and future cyberattacks. This is why Covalence employs industry-standard IOCs, along with our own threat intelligence, to identify malicious activity, domains, botnets, ransomware, and other cyber threats in an environment.
Subcategory DE.AE-2
Subcategory DE.AE-2 in the Detect core function calls for organizations to ensure that “detected events are analyzed to understand attack targets and methods.”
Backed by Field Effect’s team of experienced cyber analysts, Covalence detects and analyzes alerts with the context appropriate within your organization to develop a complete understanding of the methods and targets of the attack.
This methodology reduces alert fatigue and ensures your networks and devices are protected against even the most sophisticated threats.
Subcategory DE.CM-1
Subcategory DE.CM-1, also in the Detect core function, calls for organizations to ensure “the network is monitored to detect potential cybersecurity events."
Covalence network sensors conduct full packet capture and deep inspection of all network traffic transiting them, providing our customers with a method of detecting risks and threats at their network edge and other key locations.
Subcategory RS.AN-5
Subcategory RS.AN-5 of the Respond core function calls on organizations to ensure that “processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g., internal testing, security bulletins, or security researchers).”
Staying on top of the ever-evolving cyber threat landscape is tough, even for large enterprises with dedicated cybersecurity teams. Field Effect's threat intelligence team monitors security bulletins, vulnerability notifications, and posts from security researchers to ensure Covalence detects the latest threats and that your network and data stay protected.
Covalence users receive straightforward remediation instructions for any identified vulnerabilities impacting their environment, with the ability to sort by highest risk using the prioritized Endpoint Devices view.
Learn more about Covalence & NIST CSF
Reach out to our team to get a copy of the NIST CSF Compliance Mapping Guide. This document is a great starting point to help you better understand the regulatory compliance landscape. However, because every organization is different, we still recommend consulting with a regulatory auditor for your specific requirements.
