WHY IMPLEMENT NIST?

The framework was created by cyber security professionals from government, academia, and various industries. First published in 2014, it was designed to provide best practice for securing critical infrastructures, such as those in use by governments, healthcare companies, and financial services.
It has been quickly adopted by financial services organisations worldwide, as being the most recent, most relevant, and most practical way to ensure cyber defences are up to scratch. The framework is divided into three parts:

• The Framework Core: A structured set of functions that must be followed: identify; protect; detect; respond and recover.
• Framework Implementation Tiers: These are used to clarify how cyber security risk is viewed within an organisation and the resilience of the existing security management approach. The tiers are partial, risk-informed, repeatable and adaptive;
• A Framework Profile: This is a list of outcomes that an organisation has chosen from the categories and subcategories, based on its business needs and individual risk assessments.

It can be used alongside ISO 27001 whereby the information security is set based on ISO 27001 and then the NIST framework is implemented to deal with risk management and safeguard against cyber attacks.

NIST Compliance Assessment

we have experience advising our clients using NIST guidance and frameworks (all rules & regulations are customized according to PK territory) such as:

• NIST Cybersecurity Framework PK- Created through voluntary collaboration between industry stakeholders and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk
• NIST 800-53 - This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations.
• NIST 800-61 - This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
• NIST 800-30 - This document provides guidance for carrying out each of the three steps in the risk assessment process (i.e., prepare for the assessment, conduct the assessment, and maintain the assessment) and how risk assessments and other organizational risk management processes complement and inform each other.
• NIST 800-171 - This publication provides federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI):
  (i) when the CUI is resident in nonfederal information systems and organizations;
  (ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and
  (iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government wide policy for the CUI category or subcategory listed in the CUI Registry.
• NIST 800-82 - This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements.