NIST Cybersecurity Framework Giacomo Lanzi

NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed to reduce cybersecurity risks. Lists specific activities associated with IT security risk management based on existing standards and guidelines. It is one of the most popular frameworks dedicated to cybersecurity and d is widely used because it helps in the aspect of risk management.

Written by the National Institute of Standards and Technology (NIST), this framework from cybersecurity addresses the lack of standards when it comes to cybersecurity. In fact, provides a uniform set of rules, guidelines and standards for organizations to use across industries . The NIST Cybersecurity Framework (sometimes abbreviated NIST CSF ) is widely regarded as the gold-standard for building a cybersecurity program.

Whether you are just starting to establish a cybersecurity program or are already running a fairly mature program, the framework can provide added value. Acts as a high-level security management tool that helps assess cybersecurity risk across the organization.

NIST Cybersecurity Framework

The structure of the NIST Cybersecurity Framework

The NIST Cybersecurity Framework is mainly structured in three parts:

Core: contains a series of activities, results and references on aspects and approaches related to cyber security.
Implementation Tiers: is a classification system that helps organizations to clarify the aspects dedicated to IT security risk management.
Profile: in essence it is the list of results that an organization has chosen, based on its needs, from categories and sub-categories of the structure.

Functions and categories of cybersecurity activities

The NIST Core can be divided into 5 sections, which in turn are divided into 23 categories. For each category a series of sub-categories is defined, for a total of 108 sub-categories. categories. Each sub-category provides Information Resources that refer to specific sections of other security standards, such as ISO 27001 , COBIT, NIST SP 800-53, ANSI / ISA and CCS CSC.

The complexity of this framework has given rise to the creation of bills that guide NIST to create guidelines that are easily accessible to small and medium-sized enterprises.

Sections of the NIST Cybersecurity Framework

NIST Sections

Identification ( Identify )

The identification function focuses on laying the foundation for an effective cybersecurity program . This function assists in developing an organizational understanding to manage cybersecurity risk for systems, people, assets, data and capabilities. To allow an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs, this function has emphasized the importance of understanding the business context, the resources that support critical functions, and related cybersecurity risks .

Essential activities in this section of NIST include:

Individuare le risorse fisiche e software per stabilire la base di un programma di gestione delle risorse
Definire l’ambiente di business dell’organizzazione, compreso il suo ruolo nella catena di fornitura
Scegliere le politiche di cybersecurity stabilite per definire il programma di governance e identificare i requisiti legali e normativi relativi alle capacità di cybersecurity dell’organizzazione
Identificare le vulnerabilità degli asset, le minacce alle risorse organizzative interne ed esterne e le attività di risposta al rischio per valutare il rischio
Stabilire una strategia di gestione del rischio, compresa l’identificazione della tolleranza al rischio
Produrre una strategia di gestione del rischio della catena di fornitura, comprese le priorità, i vincoli, le tolleranze di rischio e le ipotesi usate per sostenere le decisioni di rischio associate alla gestione dei rischi della catena di fornitura

Protection ( Protect )

NIST’s security function outlines appropriate safeguards to ensure the provision of critical infrastructure services. It also supports the ability to limit or contain the impact of a potential cybersecurity event.

Critical activities in this group include:

Implement protections for identity management and access control within the organization, including physical and remote access
Empower staff through security awareness training , including privileged and role-based user training
< strong> Establish data security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity and availability of information
Implement processes and procedures to maintain and manage protection of systems information and resources
Protect organizational resources through maintenance, including remote maintenance activities
Manage technology for ensure the security and resilience of systems , in line with organizational policies, procedures and agreements

Detections ( Detect )

Detecting potential cybersecurity incidents is critical, and this Framework feature defines the appropriate activities to identify the occurrence of a cybersecurity event in a timely manner. Activities in this feature include:

Ensuring the detection of anomalies and events and understanding their potential impact
Implementing capabilities of continuous monitoring to monitor cybersecurity events and verify the effectiveness of security measures, including network and physical activities

Answers ( Respond )

NIST’s response function focuses on the appropriate activities to take action in the event of a detected cybersecurity incident and supports the ability to contain the impact of a potential cybersecurity incident.

Activities essential for this feature include:

Ensuring the execution of the response planning process during and after an incident
Managing communications with internal and external stakeholders during and after an Analyze l incident to Ensure effective response and support recovery activities, including forensic analysis and accident impact determination
Perform mitigation to prevent expanding an event and resolving the incident
Implement improvements by incorporating lessons learned from current and previous detection / response activities


The framework’s recovery function identifies the appropriate activities to renew and maintain resilience plans and to restore any capacity or service that has been compromised due to a cybersecurity incident. Timely recovery at normal operation is important to reduce the impact of an accident.

The essential activities for this function overlap somewhat with the replying activities and include:

Ensuring that your organization implements recovery planning processes and procedures to restore systems and / or assets affected by cybersecurity incidents
Implement based improvements on lessons learned and reviews of existing strategies
Internal and external communications are coordinated during and after recovery from a cybersecurity incident

Getting started with the NIST Cybersecurity Framework

Aligning with the framework means enumerating all your activities and labeling these items with one of these 5 function labels . For example, the Identify tag will be for tools that help you inventory your assets. Tools like Firewall will go into Protect . However, depending on their capabilities, you may also want to put them in Detect along with your SIEM . Incident response tools and playbooks go to Respond . Your backup and restore tools are part of Recover .

Once you have done this exercise, some of the sections may seem more empty than others and you may feel uncomfortable with the description of the corresponding function.

This is good, because now you can articulate what your cybersecurity program lacks.


In this article we have understood what the NIST Cybersecurity Framework is and how it is structured by analyzing some of its main sections and the elements that make up these sections.

However, our advice is to seek out a SaaS provider who can provide you with the tools to implement NIST efficiently without risk. Our SaaS solutions can help in this regard and we invite you to contact us to find out how our services can help your business in the area of cybersecurity.

Do not hesitate to contact us to find out more, we will answer all your questions.

Link utili:

Useful links:



More Articles…

Categories …


RSS Unknown Feed

RSS Full Disclosure

  • CyberDanube Security Research 20221124-0 | Authenticated Command Injection Hirschmann BAT-C2 November 29, 2022
    Posted by Thomas Weber on Nov 29CyberDanube Security Research 20221124-0 -------------------------------------------------------------------------------                title| Authenticated Command Injection              product| Hirschmann (Belden) BAT-C2   vulnerable version|        fixed version|           CVE number| CVE-2022-40282               impact| High            ...
  • Exploiting an N-day vBulletin PHP Object Injection Vulnerability November 29, 2022
    Posted by Egidio Romano on Nov 29Hello list, Just wanted to share with you my latest blog post: Best regards, /EgiX
  • Win32.Ransom.Conti / Crypto Logic Flaw November 29, 2022
    Posted by malvuln on Nov 29Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Backup media: Threat: Win32.Ransom.Conti Vulnerability: Crypto Logic Flaw Description: Conti ransomware FAILS to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names...
  • Ransomware Deception Tactics Part 1 November 29, 2022
    Posted by malvuln on Nov 29Did you know? some Ransomware like CONTI and others will FAIL to encrypt non PE files that have a ".exe" in the filename. Test.exe.docx Test.exe.pdf Conti MD5: 9eb9197cd58f4417a27621c4e1b25a71 ATOMSILO MD5: 5559e9f5e1645f8554ea020a29a5a3ee
  • Trojan.Win32.DarkNeuron.gen / Named Pipe Null DACL November 29, 2022
    Posted by malvuln on Nov 29Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Backup media: Threat: Trojan.Win32.DarkNeuron.gen Vulnerability: Named Pipe Null DACL Family: DarkNeuron (Turla Group) Type: PE32 MD5: d891c9374ccb2a4cae2274170e8644d8 Vuln ID: MVID-2022-0661 Disclosure: 11/24/2022...
  • Backdoor.Win32.Autocrat.b / Weak Hardcoded Credentials November 29, 2022
    Posted by malvuln on Nov 29Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Backup media: Threat: Backdoor.Win32.Autocrat.b Vulnerability: Weak Hardcoded Credentials Description: The malware is packed with PeCompact, listens on TCP port 8536 and requires authentication. However, the password...
  • Backdoor.Win32.Serman.a / Unauthenticated Open Proxy November 29, 2022
    Posted by malvuln on Nov 29Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Backup media: Threat: Backdoor.Win32.Serman.a Vulnerability: Unauthenticated Open Proxy Family: Serman Type: PE32 MD5: f312e3a436995b86b205a1a37b1bf10f Vuln ID: MVID-2022-0659 Disclosure: 11/22/2022 Description: The...
  • Open-Xchange Security Advisory 2022-11-24 November 29, 2022
    Posted by Martin Heiland via Fulldisclosure on Nov 29Dear subscribers, we&apos;re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne and soon at YesWeHack. Yours sincerely, Martin Heiland, Open-Xchange […]
  • [CVE-2022-33942] Intel Data Center Manager Console <= ”UserMgmtHandler" Authentication Logic Error Leading to Authentication Bypass November 29, 2022
    Posted by Julien Ahrens (RCE Security) on Nov 29RCE Security Advisory 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: Type: Authentication Bypass by Spoofing [CWE-290] Date found: 2022-06-01 Date published: 2022-11-23 CVSSv3 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVE:...
  • crashing potplayer again November 29, 2022
    Posted by houjingyi on Nov 29I disclosured a crash in potplayer last year : And I found a new one this year, this time is a mid file. Again I contacted Korea Internet & Security Agency(first-team () krcert or kr), they shared report to the onwer of the potplayer, Kakao Corp as they said. […]