How to Meet the Guidelines for the NIST Cybersecurity Framework

How to Meet the Guidelines for the NIST Cybersecurity Framework

Cybriant offers tiered cyber security services through CybriantXDR. Each service offered through CybriantXDR has a solution that will help you meet the NIST cybersecurity framework.

Which cybersecurity framework do you use? We discussed the importance of a framework in this previous post. A framework is a standardized methodology for selecting, implementing, testing, and maintaining a set of security metrics, also called security controls. There are many frameworks to choose from; NIST, ISO, NERC, PCI, etc., etc. The point is that you want to compare yourself against a known yardstick.

We prefer NIST CSF and recommend this to our clients.

What is the NIST Cybersecurity Framework?

National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF), which calls for “a set of industry standards and best practices to help organizations manage cybersecurity risks.”

Organizations can use the CSF to take a risk-based approach to align their security processes with business requirements. Because the CSF is not intended to be a “one size fits all” approach, Cybriant’s solution is scalable across all organizational sizes and can be adapted for specific use across multiple industries.

The Cybersecurity Framework was released in February 2014 as a result of Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which was signed on February 12, 2013. The CSF was created through collaboration between the United States government and the private sector and places a focus on aligning business needs and priorities with cybersecurity and risk management. The CSF is comprised of three parts: the Core, the Implementation Tiers and the Profile. The Core identifies cybersecurity activities and practices that share a commonality across critical infrastructure sectors.

These activities and practices are grouped into five Functions: Identify, Protect, Detect, Respond and Recover. The Implementation Tiers provide entities with context for managing cybersecurity risks and applying a plan to their specific organization. Profiles are used to match cybersecurity objectives to business requirements, risk tolerance, and resources.

CybriantXDR enables organizations to automate the NIST Cybersecurity Framework’s technical controls by bringing active scanning and passive monitoring, configuration auditing, host event, and data monitoring and analysis, reporting and alerting together with risk classification, assessment, and mitigation in a scalable enterprise security system.

Once an organization begins to use the NIST Cybersecurity Framework Core as a baseline for its cybersecurity and risk activities, CybriantXDR makes it easier to take the step towards developing a detailed Target Profile that is both achievable and manageable.

Definitions of each function are quoted from the NIST Cybersecurity Framework, and several examples are explained below.


The activities in the Identify Function are foundational for effective use of the NIST Cybersecurity Framework.

Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enable an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

Using the Risk Assessment category as an example, there are three technical controls, all of which can be automated or supported with the use of CybriantXDR. Subcategory ID.RA-2 requires that “Threat and vulnerability information is received on a daily basis from information sharing forums and sources.”

Through our technology partners, CybriantXDR updates its vulnerability information and threat intelligence, provided by multiple third parties, on a daily basis. The Risk Assessment category has two other subcategories that state “Asset vulnerabilities are identified and documented” and “Threats, both internal and external, are identified and documented.” Both of these subcategories are also automated through active scanning, passive monitoring and event analysis.


The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

Using the Information Protection Processes and Procedures category as an example, CybriantXDR has numerous capabilities to automate the technical controls. Examples include:

  • PR.IP-1: Baselines are created and maintained
  • PR.IP-2: System development lifecycle to manage systems is implemented
  • PR.IP-3: Configuration change control processes are in place

The CSF contains 22 technical subcategories for Protect, 19 of which are automated or supported by CybriantXDR


The Detect Function enables the timely discovery of cybersecurity events. Examples of outcome Categories within this Function include Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

Using the Security Continuous Monitoring category as an example, CybriantXDR has numerous automated capabilities to fulfill these controls. Examples include:

  • DE.CM-1: Network is monitored to detect potential cybersecurity events
  • DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events
  • DE.CM-4: Malicious code is detected
  • DE.CM-5: Unauthorized mobile code is detected

The CSF contains 14 technical subcategories for Detect, 13 of which are automated or supported by CybriantXDR. For example, through active and agent scanning, continuous listening and host data analysis, CybriantXDR can observe network and user activity, detect vulnerabilities and events, and alert and report on these as part of an overall cybersecurity plan.


The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include Response Planning; Communications; Analysis; Mitigation; and Improvements.


The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include Recovery Planning; Improvements; and Communications.

The Respond and Recover Functions are comprised of categories and subcategories that are mostly administrative in nature, such as “Response plan is executed during or after an event,” “Recovery plans incorporate lessons learned,” and “Public relations are managed.” CybriantXDRs capabilities are focused primarily on the CSF’s technical controls, and although some exceptions exist, CybriantXDR does not provide full support for the administrative Respond and Recover Functions.

Concurrent and Continuous Monitoring

Strong security, as prescribed in the CSF, requires broad visibility of extended networks, including IT systems, industrial control systems (ICS), virtual infrastructure, cloud, and BYOD. This visibility cannot rely solely on point-in-time data acquisition; it requires continuous, real-time data. The technology behind CybriantXDR acquires security data from across organizations, using sources such as network traffic, virtual systems, mobile device management, patch management, host activity, and monitoring, as well as external sources of threat intelligence to feed an intelligent monitoring system. It analyzes this data to identify and prioritize anomalies and suspicious behavior so our team can effectively investigate and resolve them.

Protect Your Business with Cybriant’s IT Security Best Practices Checklist


Get Started With CybriantXDR

People, Process, Technology in Cybersecurity or: How I Learned to Stop Worrying and Love the Process!

People, Process, Technology in Cybersecurity or: How I Learned to Stop Worrying and Love the Process!

People, Process, and Technology is the cornerstone of ITIL, but can it also be used to ensure a proper cybersecurity foundation? The answer may surprise you!

Let’s just get this out of the way. You are not secure. There I said it.

Let me qualify that statement: when I say you are not secure what I mean is that regardless of the money, talent, resources, or luck your organization possesses, your organization (or any other) cannot consider itself completely impervious to outside aggressors. Just like a Major in boot camp, let me tear your assumptions down for a moment so I can build them back up.

According to Gemalto, 82 records were compromised every second in 2017. It is widely accepted that the nation-state failure rate is as near to nothing to make no difference. There are spear phishing kits available to allow anyone, even your mom, to launch a targeted attack against you. You have to be right every time; a hacker only has to be right once. A bird in the hand . . . . . I could go on, but I think you get the point.

“But,” you say “I just bought something with ‘NEXT-GEN’ in the product description. That’s got to make me secure!” No, it won’t. Nothing short of throwing all copies of your secure data into a volcano will make your data completely secure.


people process technology


What we must strive for, what we must get up every morning and make it our mission to accomplish, is the process. A far too common mistake is that once we place security controls around our data we believe the job is done. Once we buy and install that tool, outsource that task, or hire that consultant firm we are not done. Let’s look at the tried and true foundation of People, Process, Technology and see how that fits into your cybersecurity plan – we are going to switch it up and discuss process last.

According to ITIL News, using People, Process, and Technology for a successful implementation is not only good old-fashioned common sense but also like a 3-legged stool. The stool analogy is used because any leg that is too short or too long will cause an imbalance.

People, Process, Technology


Here’s one thing everyone in security knows: People like clicking on all the links! Hackers know this, even that rich Prince from Nigeria knows this! In Jim Collins book, Good to Great, he discusses how the leader of your organization is a like a bus driver and the employees are the bus riders.

You are a bus driver. The bus, your company, is at a standstill, and it’s your job to get it going. You have to decide where you’re going, how you’re going to get there, and who’s going with you.

Most people assume that great bus drivers (read: business leaders) immediately start the journey by announcing to the people on the bus where they’re going—by setting a new direction or by articulating a fresh corporate vision.

In fact, leaders of companies that go from good to great start not with “where” but with “who.” They start by getting the right people on the bus, the wrong people off the bus, and the right people in the right seats. And they stick with that discipline—first the people, then the direction—no matter how dire the circumstances.

While this may seem like a stretch in the cybersecurity world, the analogy holds true in the sense that everyone on board the bus must be on the same mission. We don’t want to let anyone (cybercriminals) on the bus or let any corporate secret fly out the bus windows.

Train your people and make sure policies are understood from the top down.


If that “next-gen” tool were able to keep you secure without your ability to understand and effectively use it, why isn’t everyone buying it and not the others? Because no tool by itself can effectively secure your data. You must be knowledgeable of what the tool is telling you, how to effectively deploy it, and how to customize it to your environment. If you don’t take the time to do these things you might as well have dug a hole and thrown the money in, it’s the same thing. Too many times I have seen a very expensive product simply create heat. The security product was implemented, but time was not dedicated to truly use the product. Now it’s ignored.

On the other hand, you could outsource the task of doing all that.….

Great! You’ve contracted an MSSP to watch your security for you. Job’s a good’n. Nope. I’ve trained many, many MSSPs, probably near fifty plus. I’ve been instrumental in starting two successful MSSPs. This experience has taught me several things of which one is critically important to this conversation.

It can be summed up by a question: How do you know they provide value?

Nifty charts? Awesome. Wizbang product suite? Sweet! Suites that cost more than your first car? Shiny. However, all of that is for naught if you have not educated yourself in the mechanics of what they provide. Most people outsource what they are not good at, wouldn’t a better idea be to outsource what you are good at? The more you know about the topic the less you must worry about whether that vendor is doing a good job. If you don’t stay current, educate yourself on cybersecurity and constantly engage your vendor, what value do they really bring?


people process technologyIt is said wisdom is the appropriate application of knowledge. You may have learned many things about cybersecurity, but if you can’t effectively use that knowledge in everyday life what use is it? This is where everything we’ve discussed above fits into “the framework”. I’ve described what a framework is and how to pick one in other blogs.

With a framework, we can take each new product; align it with our goals, test the product, and verify our management of the product is appropriate. With each outsourced task, we can quickly and easily see if the value exists by the iterative processes inherent in frameworks. With each consultant, we can direct and manage the work and relationship using the process of satisfying the framework.

Cybersecurity is a process. It is not a rush to prepare for a single point in time audit and relaxing until the next time. By embracing that iterative steps, incremental progress is the proper way to secure your environment, you inherently become secure.

Well, at least until George clicks on that link again.

Cybersecurity trends 2018: Cyberattacks will continue to surge

Cybersecurity trends 2018: Cyberattacks will continue to surge

To predict what will happen in 2018, let’s take a look at what happened in 2017. In the first six months of 2017 alone:

  • There were 918 data breaches that compromised 1.9 billion data records in the first six months of 2017, which is an increase of 164% compared to 2016.
  • Of these 918 breaches, 500 breaches had an unknown number of compromised records, while 22 of the largest data breaches involved more than one million compromised records.
  • Almost 2 billion data records around the world were lost or stolen by cyberattacks in the first half of 2017 and the number of breaches reported by companies looks set to rise.
  • Governments around the world are introducing legislation that will force more companies to disclose data breaches.

Take a look at just a few of our top predictions for cybersecurity trends in 2018:

Companies will feel more pressure to be transparent and reveal data breaches

New regulations such as the U.K. data protection bill, the European Union’s General Data Protection Regulation (GDPR), and Australia’s Privacy Amendment (Notifiable Data Breaches) Act are set to come into force in the coming months and years and will push firms to disclose hacks and security breaches.

Hackers will move to more profitable targets

The hope is that the profitability of traditional ransomware will decline as cyber risk protection, user training, and corporate cybersecurity strategies improve. This means, however, that hackers will move to more profitable targets like high net-worth individuals, connected devices, and businesses, according to McAfee’s Threat Predictions Report. 

There is no easy fix for cybersecurity. It’s important to create a “Zero Trust” mindset in your organization – including all employees, contractors, board members, and C-suite members – that hackers are constantly trying to access your data. It’s important to be vigilant. A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so. This means adapting your security setup to focus on detection, response, and remediation.

Companies will be judged based on their Cyber Score

After the largely publicized breaches in 2017, consumers and organizations alike will lean on a company’s cybers score to determine its security posture. According to TechRepublic, “Historically, organizations would go to credit rating agencies and find out the creditworthiness of their partner, but now that companies are handing out data to their partners, they need to understand what their posture is. For example, FICO offers an Enterprise Security Score for an objective measure of cybersecurity risk.

Tools like Artificial Intelligence (AI) and machine learning will become mainstream

Changes in cybersecurity will require new types of skills in data science and analytics. The general increase in information will mean artificial security intelligence is necessary. Adaptive skills will be key for the next phase of cybersecurity. The battle with hackers moves fast, so AI and machine learning can predict and accurately identify attacks quickly. See how Cybriant is using machine learning to protect our clients. 

Cybersecurity skills shortage will continue

If the trend continues as it is today, we have a global shortage of two million cybersecurity professionals, “The fastest growing job with a huge skills gap.” Security Analysts are the blockers or tacklers of cybersecurity. Many companies are finding ways to automate and outsource this skill. Cybriant has the best of the best when it comes to Security Analysts.

Here are a few trends that we hope will happen:

Companies will develop a common cybersecurity foundation

The government, cybersecurity experts, and many organizations are coming together to develop a common language around cybersecurity, NIST Cybersecurity Framework. This is a set of broad guidelines that will provide a secure foundation that will then allow you to refine based on your business functions, systems, and operating environment. Cybriant can help you develop this foundation to arrive at the right blend for your organization. Together, we will consider any regulations, emerging threats, new and legacy technologies, and systems, in addition to your business goals.

Managed Patching

Many data breaches in 20107 were the result of forgotten/failed/slow patches. This is an often ignored problem that has reaped a lot of damage in the past.Cybriant offers a patch management service which includes detecting and deploying missing patches on your system. This service will simplify patch management across your organization—even on remote and mobile endpoints.

Continuous Monitoring

Too often, companies think that security is a ‘set it and forget it’ operation. Your work is never done when it comes to cybersecurity because things change. You might adopt a new system, integrate a new third-party service, or change your business goals. To comply with your legal requirements, you need to be up to date with the latest regulations. And all the while, new software vulnerabilities are being discovered, and hackers are probing your defenses and developing new techniques to gain entry. This is where Cybriant comes in – read more about our continuous monitoring solution. 

Let's Talk

Why do you need a Managed Security Service Provider (MSSP)?

Why do you need a Managed Security Service Provider (MSSP)?

MSSPs today offer extremely advanced tools and possess the expertise needed to run them. But, it’s understandable that your company may have some concerns about turning over any security-related functions to an outside provider.

An Enterprise Strategy Group survey reported that 57% of 340 surveyed IT and security professionals reported that they are currently using an MSSP in some capacity to protect their company. The reasons may include the fact that many internal security initiatives struggle to get adequate funding and teams often lack the skills, tools, and people to deploy security programs to their enterprise.

According to Tech Target, the pros of outsourcing security services to an MSSP include the following:

  • Capital expenditures are kept to a minimum.
  • There’s a dedicated expert staff for the protection of critical assets.
  • Typically, the largest expenditure—for IT personnel – is greatly reduced.
  • There is continuous security monitoring.
  • Enterprises do not have to spend funds on training, office space, equipment, software tools, and other operating costs.
  • The cost of a managed service is significantly less than maintaining the same level of service in-house.

While the financial benefits are significant, your organization will still need a foundational security program, like NIST CSF.

NIST CSF is guidance, based on standards, guidelines, and practices, for organizations to better managed and reduce cybersecurity risk. The recommended cybersecurity framework includes 5 functions:

Identify – develop the organizational understanding of managed cybersecurity risk to systems, assets, data, and capabilities.
Protect – Develop and implement the appropriate safeguards to ensure the delivery of critical infrastructure services.
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Find out more about our managed services. 

Have you heard of PREtect?

NIST Cybersecurity Framework

NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) created the Cybersecurity Framework (CSF) in response to Executive Order 13636, which called for the development of a risk-based cyber security framework “to reduce cyber risks to critical infrastructure.”

The CSF provides a set of voluntary guidelines for organizations to use to assess and improve their cyber security posture. The cyber security services framework is designed to be flexible and adaptable, allowing organizations to tailor their approach based on their unique needs and capabilities.

NIST CSF technologies can be used by organizations of all sizes and across all industries. Organizations adopting the NIST CSF can improve their cyber security posture and better protect themselves against cyber threats.

What is NIST Cybersecurity Framework?

The National Institute of Standards and Technology (NIST) cybersecurity framework is an important cybersecurity risk management system that was developed to help organizations reduce cybersecurity risks. It provides a platform for organizations to create a cybersecurity program tailored to their specific needs by creating a set of actions to be taken in order to manage cybersecurity. The NIST cybersecurity framework helps provide guidance on how organizations can secure their systems and assets and protect any data stored on them from cyber threats. It also outlines possible indicators of potential vulnerabilities as well as best practices for managing cybersecurity risk within an organization. All these measures ensure the safety and security of any sensitive organizational data.

NIST Vulnerability Assessment

NIST Vulnerability Assessment is one of the main components of the framework. It provides a structured approach to assessing any existing cybersecurity risks and identifying potential vulnerabilities in an organization’s systems and networks. The NIST Vulnerability Assessment also helps organizations understand their own security posture, such as uncovering any weak or missing points of defense that may be present in their information systems. Furthermore, the NIST Vulnerability Assessment provides guidance on how to reduce existing threats by implementing and maintaining effective mitigation measures.

NIST Vulnerability Management

NIST Vulnerability Management is an integral part of the NIST cybersecurity framework. It includes the assessment and management of security vulnerabilities to ensure that threats are identified, managed, and mitigated in a timely manner. This helps organizations identify any potential risks before they become actual breaches or attacks on their systems. Furthermore, it helps create situational awareness about current threats and their sources, as well as provides guidance on how to respond to them.

Overall, the NIST Cybersecurity Framework provides organizations with a comprehensive approach to risk management and cybersecurity. It helps organizations identify existing risks, create plans for preventing potential breaches, and ensure that any vulnerabilities are detected and mitigated quickly.

NIST Data Loss Prevention

Data Loss Prevention (DLP) is one example of NIST CSF technology. DLP helps organizations protect their sensitive data from unauthorized access and use by ensuring that only authorized individuals can view or access the data. Additionally, it provides organizations with real-time notifications when data is transmitted outside of their networks, allowing them to take immediate action if necessary.

Framework for cybersecurity

The NIST CSF provides organizations with a comprehensive framework for implementing and maintaining cybersecurity procedures. The framework is composed of five core functions: Identity, Protect, Detect, Respond, and Recover. Each function consists of different categories and subcategories that help organizations address specific cybersecurity threats.

NIST Cybersecurity Self-Assessment Tool

Organizations can use the NIST CSF to assess their current cyber security posture and determine areas where additional measures may be needed. The NIST Cybersecurity Self-Assessment Tool (CSAT) is a web-based questionnaire that helps organizations identify potential vulnerabilities, gaps in their cybersecurity processes, and opportunities for improvement.

NIST CSF Technologies

nist csf technologies include a range of tools and services designed to help organizations improve their cyber security posture. These technologies include:

* Access control systems

* Intrusion detection and prevention systems

* Encryption and tokenization systems

* Security information and event management (SIEM) solutions

* Firewall configurations

* Endpoint protection solutions

* Network segmentation solutions

* Software and hardware asset management systems

* Identity and access management (IAM) solutions

* Mobile device management (MDM) solutions

* Data loss prevention (DLP) solutions

* Backup, replication, and disaster recovery services.

How a Cyber Security Maturity Model Protects Your Business

NIST Cybersecurity Checklist

Organizations can use the NIST CSF to create a tailored cybersecurity checklist specific to their organization. This checklist should include steps such as creating security policies and procedures, establishing user access control measures, regularly patching systems and applications, monitoring networks for malicious activity, implementing antivirus solutions, and performing regular security audits.

NIST CSF Implementation

Organizations should ensure that their NIST CSF implementation is comprehensive and up-to-date. This includes regularly reviewing the framework, updating policies and procedures to reflect changes in technology or threats, training staff on cyber security best practices, and conducting regular vulnerability assessments. Additionally, organizations need to continuously monitor their systems for potential vulnerabilities and malicious activity and take swift action whenever needed.

NIST CSF Compliance

Organizations should ensure they are up to date with their NIST CSF compliance requirements. This includes completing the self-assessment questionnaire, implementing all necessary security controls, documenting security processes and procedures, regularly testing for vulnerabilities, and reporting any incidents to the appropriate authorities. Additionally, organizations should create a cyber security incident response plan and regularly review and update it to ensure that they can respond quickly and effectively to any potential threats or incidents.

By following the NIST CSF framework and implementing the necessary technologies, organizations can protect their networks from cyber security threats while also meeting their compliance requirements. The NIST CSF is an essential resource for any organization looking to improve its cyber security posture.

NIST Cybersecurity Checklist

Organizations should use the NIST CSF to create a tailored cybersecurity checklist. This checklist should include steps such as:

* Developing and enforcing security policies and procedures

* Establishing user access control measures

* Regularly patching systems and applications

* Monitoring networks for malicious activity

* Implementing antivirus solutions

* Performing regular security audits

* Ensuring that all systems, applications, and services are up to date with the latest security patches

* Encrypting data both at rest and in transit

* Backing up data regularly to ensure business continuity.

Organizations should also create a cyber security incident response plan and regularly review and update it to ensure they can respond quickly and effectively in case of a security incident.

By following the steps outlined in the NIST CSF and implementing the needed technologies, organizations can improve their cyber security posture while meeting their compliance requirements. The NIST CSF is an invaluable resource for any organization looking to safeguard their networks from potential cyber security threats.

Improving Critical Infrastructure Cybersecurity with NIST

Critical infrastructure refers to the systems and assets essential for the functioning of a society or enterprise. This includes everything from energy and transportation to communication and healthcare. In recent years, there has been an increased focus on protecting critical infrastructure from cyberattacks. The National Institute of Standards and Technology (NIST) is a federal agency that develops standards and guidelines for information security management.

NIST 800-53 is a publication that provides guidance on security controls for information systems. This publication can be used by organizations to assess and manage cybersecurity risk. Organizations can improve their cybersecurity posture by implementing the recommended security controls and better protecting their critical infrastructure.

Organizations of all sizes need a solid security framework based on standards and best practices – a foundation to help you manage your cybersecurity-related risk.  These standards should address interoperability, usability, and privacy based on the needs of your business.

To help address current and future computer and information security challenges, Cybriant highly recommends that our customers adopt the NIST Cybersecurity Framework. NIST’s cybersecurity programs seek to enable greater development and application of practical, innovative security technologies and methodologies.

Protect Your Business with Cybriant’s IT Security Best Practices Checklist


Get Your Free Security Analysis

An unintrusive way to get a professional assessment of the health of your security program.

7 Reasons to Consider a Cyber Security Risk Assessment