Understanding the NIST Cybersecurity Framework – Part 1: The Identify Pillar

Did you know there are no standards among IT Managed Service providers around what cybersecurity should look like. This means they are free to adopt any methodology they would like – regardless of how effective it is. 

ThrottleNet chose to take a different, more guided approach when creating our cybersecurity framework by basing our cybersecurity solutions on the gold standard – The National Institute of Standards and Technology (NIST) and their Cybersecurity Framework (CSF).

What are the Five NIST Cybersecurity Framework Pillars?

1. Identify: Focuses on developing an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
2. Protect: Concentrates on developing and implementing appropriate safeguards to ensure the delivery of critical infrastructure services.
3. Detect: Involves developing and implementing appropriate activities to identify the occurrence of a cybersecurity event.
4. Respond: Focuses on developing and implementing appropriate activities to take action regarding a detected cybersecurity event.
5. Recover: Emphasizes developing and implementing appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Over the coming weeks, we will explore each of the five pillars and the role they play in a comprehensive cybersecurity plan starting with the first pillar – Identify.

The Identify Pillar: In-Depth

The Identify pillar is the foundation of the NIST Cybersecurity Framework. It involves understanding and managing cybersecurity risks to systems, assets, data, and capabilities. This understanding helps organizations focus their cybersecurity efforts and resources where they are needed most. The Identify function is broken down into several categories:

1. Asset Management: Inventorying physical devices and systems within the organization, inventorying software platforms and applications within the organization, identifying organizational communication and data flows, and managing external information systems and assets.
2. Business Environment: Understanding the organization’s role in the supply chain, identifying the organization’s critical functions and processes, and recognizing the organization’s dependencies on other entities.
3. Governance: Establishing cybersecurity policies, defining roles and responsibilities within the organization, and developing and maintaining a legal and regulatory framework.
4. Risk Assessment: Identifying and documenting cybersecurity risks, conducting vulnerability assessments, and performing threat analysis.
5. Risk Management Strategy: Developing a risk management strategy, and prioritizing risk responses based on the risk management strategy.
6. Supply Chain Risk Management: Managing risks associated with third-party suppliers, and establishing processes for managing supply chain risks.

What the Identify Pillar Means

The Identify pillar is crucial because it lays the groundwork for a robust cybersecurity posture. 

Here’s what it means for an organization:

• Comprehensive Asset Awareness: By knowing what assets (both hardware and software) exist within the organization, businesses can ensure these assets are appropriately protected or recovered in the event of an emergency. This includes understanding who owns the asset, where it is located, and how it is used.
• Business Context Understanding: Recognizing how the business operates and its critical functions helps prioritize cybersecurity efforts. This involves understanding the organization’s place within the broader supply chain and how it interacts with other entities.
• Establish Roles and Responsibilities: Having clear policies and defined roles ensures that everyone in the organization knows their responsibilities related to cybersecurity. This governance framework supports consistent and effective security practices.
• Risk Identification and Management: By identifying and assessing risks, organizations can implement appropriate measures to mitigate these risks. This involves not only understanding the internal threats, but also those that come from external partners and suppliers.
• Strategic Approach: Developing a risk management strategy helps prioritize cybersecurity activities. Organizations can allocate resources efficiently and ensure that they are prepared to respond to potential incidents.
• Supply Chain Security: Recognizing and managing risks associated with third-party suppliers is essential. Many cybersecurity breaches occur due to vulnerabilities in the supply chain, so having strategies to mitigate these risks is critical.

The Identify pillar is the cornerstone of the NIST Cybersecurity Framework, providing the necessary foundation for all subsequent cybersecurity activities. By effectively implementing the Identify functions, organizations can build a strong, resilient cybersecurity posture that is well-prepared to protect, detect, respond to, and recover from cyber threats.