What Are the 5 NIST Pillars?

NIST is helping organizations develop and implement effective cybersecurity programs through its five functional pillars: Identify, Protect, Detect, Respond, and Recover.

The National Institute of Standards and Technology (NIST) was established in 1901 to promote U.S. innovation and industrial competitiveness through its core competencies:

  • Measurement science
  • Rigorous traceability
  • Development and use of standards

Today, NIST supports the development of technologies from nanoscale devices to earthquake-resistant skyscrapers and global communication networks. And in the digital age, NIST is helping organizations develop and implement effective cybersecurity programs through its five functional pillars: Identify, Protect, Detect, Respond, and Recover.

Identify

An organization must first identify and understand its critical functions and systems, and their related cybersecurity risks so it can better focus and prioritize preventative efforts. Areas of focus should include:

  • The physical and software assets to establish an Asset Management program
  • The overall business environment including supply chain and critical infrastructure
  • Cybersecurity Governance policies including the legal and regulatory requirements
  • A specific Supply Chain Risk Management strategy including priorities, constraints, and risk tolerances

Protect

An organization should outline specific safeguards needed to protect its critical infrastructure, systems and services. The goal is to limit or contain the impact of a potential cybersecurity event. These safeguards should include:

  • Identity Management and Access Control including physical and remote access
  • Awareness training for staff including role-based and privileged user training
  • Data Security protection of the confidentiality, integrity, and availability of information
  • Resources protection through maintenance activities
  • Technology to ensure the security and resilience of systems and assets

Detect

An organization must establish systems and activities to detect a cybersecurity event. This will help ensure that cyber-attacks can be identified and responded to quickly. Comprehensive detection should include:

  • Ongoing training so staff is better able to identify anomalies and events, and their potential impact
  • Continuous monitoring capabilities to detect cybersecurity events and verify the effectiveness of protective measures
  • Maintaining detection processes to provide awareness of anomalous events

Respond

An organization must establish specific actions to take in response to detected cybersecurity incidents. These actions should support the ability to contain the impact of a potential cyber-attack. Responsive strategies should include:

  • Systems to ensure that response activities are executed correctly during an incident
  • Communications with stakeholders, law enforcement, and external stakeholders
  • Analysis activities such as forensic analysis and impact analysis
  • Mitigation systems and activities to prevent expansion of an event and to resolve the incident
  • Actions to better understand the lessons learned from cybersecurity events

Recover

An organization should implement and maintain plans to restore any capabilities and services impaired by a cybersecurity incident. Recovery plans should support timely restoration of normal operations and reducing the impact from a cybersecurity incidents. A recovery plan should include:

  • Systems to ensure recovery processes and procedures are followed accurately
  • Ongoing improvements based on lessons learned and reviews of existing strategies
  • Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident

Protecting your business

Cyber attacks will continue to be a major concern for businesses. The damage caused from data breaches and ransomware attacks can cripple your organization’s operations and reputation. It is imperative to have a comprehensive security plan in place to help prevent attacks as well as aid in a rapid and full recovery. InterVision’s Ransomware Protection as a Service (RPaaS) is a unique and holistic approach to cybersecurity that focuses on prevention, detection and recovery.

Visit our website to learn more, or call 844-622-5710 to speak with one of our experts.