NIST and the NIS Directive / Regulations
NIST is the National Institute of Standards and Technology and they were selected for the task of developing the NIST Framework because they are a non-regulatory federal agency. They act as an unbiased source of scientific data and practices, including cybersecurity practices.
The framework was the result of a US executive order in 2013. By 2014 it was adopted globally, partly due to global organisations having a U.S. Headquarters and being U.S. owned. Organisations such as Google, Amazon/AWS, Paypal and Morgan Stanley.
The framework itself is made up of 5 functions; identify, protect, detect, respond and recover.
The functions are further broken down into 23 categories and underneath those categories are 108 sub-categories.
In August 2017 the UK government published the first version of the NIS Directive to guide suppliers of essential services to the Critical National Infrastructure. The NIS directive is closely aligned to the NIST Cyber Security Framework.
In June 2018 the Cabinet Office developed the minimum cyber security standard and it is also closely aligned to the NIST Cyber Security Framework.
With the UK leaving the EU, the NIS Directive has now become the NIS Regulations.
The remit of business’s security functions is constantly changing and expanding.
Organising your security operations into headings helps to introduce a workflow in order to assign activities to teams or individuals.
IP-Performance have a variety of products and services which are aligned with these frameworks. Our aim is to be able to offer assistance at any of the stages of your journey in a way that is complimentary to standards and best practice.
-
‘It was a brilliant course and a useful exercise all round’
Toni Collins,
Cyber Security Specialist