The NIST Cybersecurity Framework: What SMBs Need to Know Why is the NIST Cybersecurity Framework important? Cybersecurity is a complex concept that encompasses technology, risk management and mitigation, business processes and procedures, operations, and other functional areas. The interdisciplinary nature of cybersecurity can make it difficult for organizations to operationalize and affect cybersecurity strategy. The NIST CSF provides a roadmap for organizations to begin planning and operationalizing cybersecurity controls that align with specific security outcomes. How does the NIST CSF apply to small and medium businesses (SMBs)? One weakness of the NIST CSF is that fully aligning an organization to all standards and outcomes can be incredibly time consuming, expensive, and challenging – especially for SMBs that may already be resource- constrained or lack a risk management officer and information security specialist on staff. Recognizing these challenges, NIST published “Small Business Information Security: The Fundamentals” in November 2016 to pare down the original NIST CSF recommendations to the fundamental security standards and outcomes that all organizations should have in place to ensure a baseline level of cybersecurity preparedness. Rocus Networks recommends that all organizations begin by mapping their cybersecurity strategy to this SMB-focused framework (unless industry requirements specify alignment with compliance-based standards such as HIPPA or NYDFS). Once the fundamentals have been implemented, work can begin to align to the larger NIST CSF. How does Rocus CyberFusion™ align with the Small Business Fundamentals? The Rocus CyberFusion™ solution combines advanced security technologies, virtual CISO (Chief Information Security Officer) consulting services, 24x7 monitoring and response, and white-glove service for all clients. The CyberFusion™ combination of technology, consulting, and managed services fulfills all 20 fundamental outcomes. The NIST Cybersecurity Framework was created to guide organizaZons through structured steps to protect their networks and data. Below we answer common quesZons about the framework and how Rocus CyberFusion™ helps organizaZons achieve these important and widely-accepted recommendaZons for protecZon. (800) 349-0976 | [email protected] | rocusnetworks.com Contact us to find out how Rocus CyberFusion™ can protect your business What is the NIST Cybersecurity Framework? The National Institute for Standards and Technology (NIST) published the inaugural Cybersecurity Framework (CSF) in 2014 and released update 1.1 in April of 2018. The NIST CSF is the federal government’s attempt to establish comprehensive cybersecurity standards and outcomes for organizations regardless of industry, entity type, or size. The five functions of the framework are: Identify, Protect, Detect, Respond, and Recover. Credit: N. Hanacek/NIST