This week, The National Institute of Standards and Technology (NIST) marks the 5th anniversary of the release by NIST of its popular cybersecurity framework, the Framework for Improving Critical Infrastructure Cybersecurity. The document has been downloaded more than half a million times, and although its use is voluntary for the private sector, it became mandatory for all U.S. federal agencies through a 2017 Presidential executive order. Experts with CyberSaint and Juniper Networks offer thoughts on the impact of the NIST framework.
According to George Wrenn, CEO, CyberSaint Security:
“For those organizations attempting to fall under “safe harbor”, adopting the NIST Cybersecurity Framework is key to your success. It’s now been five years since the NIST CSF was published and Framework adoption has drastically helped information security organizations and CISOs, including myself, standardize cybersecurity best practices. It’s no surprise that after the Framework was declared as the standard for government, that adoption is becoming mandatory or at least heavily encouraged through regulations such as these at the state level.”
According to Laurence Pitt, Strategic Security Director, Juniper Networks:
“The NIST Cybersecurity Framework was introduced at a time when large-scale attacks were getting more and more public visibility, just six months earlier we’d seen the CryptoLocker ransomware, which really brought malware to the public eye. This meant that these attacks were also getting noticed by management and ‘the board’. In addition to providing a framework to help organizations develop an effective security strategy, it has also enabled conversations on cybersecurity risk to occur between the security team and senior leadership using a language that both can understand. In five years, NIST has gone from being a framework to help develop an effective security program and posture, to a recognized process that has enabled successful conversations to bridge the gap between security and senior leadership.”