Article

Understanding the NIST Cybersecurity Framework (NIST CSF)

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet985 viewsSign in to rate
Last week, the NIST Small Business Cybersecurity Act (S. 770) passed the U.S. Senate and was sent to the White House, where the president is expected to sign it into law shortly. The bipartisan measure directs NIST to provide resources to small businesses to help them implement the NIST Cybersecurity Framework (aka the NIST CSF) and to keep the needs of small enterprises in mind when developing future standards. The law does not require businesses to use the NIST CSF; it simply provides government resources to help small businesses implement it. This article will explain what the NIST CSF is and the benefits of using it to secure your small business’ systems and data. What Is the NIST CSF? The NIST CSF is based on NIST 800–53, which mandates security requirements for federal government IT systems. The NIST CSF is far more concise and uses less technical language. It provides guidance to organizations, based on existing standards, guidelines, and practices, to better manage and reduce their cyber security risk. It also encourages communications about risk and cybersecurity management among internal and exte al organizational stakeholders. The most recent version of the NIST CSF, v. 1.1, was released in April 2018. It includes updates on authentication and identity, IoT risks, self-assessing cyber security risk, managing cyber security within the supply chain, and vulnerability disclosure. The NIST CSF consists of three main components: the Core, Implementation Tiers, and Profiles. These are further broken down into five “functions”—Identify, Protect, Detect, Respond, and Recover—which are subdivided into 22 “categories” outlining cyber security outcomes and security controls. It is important to note that the NIST CSF was designed to complement, not replace, enterprise cybersecurity programs and risk management processes. It helps enterprises identify areas where existing security processes may be strengthened or where new processes can be implemented. Who Should Use the NIST CSF? The NIST CSF was originally designed for companies that are part of the nation’s critical infrastructure, such as energy and water utilities, transportation, financial services, communications, healthcare and public health, food and agriculture, chemical and other facilities, dams, key manufacturers, and emergency services. However, a wide variety of private and public-sector enterprises utilize it. It is inherently versatile and scalable, and it can be customized for use by organizations of all sizes, in all sectors, whether they are just developing a cyber security program or have had one in place for some time. Why Should an Organization Use the NIST CSF? There are numerous benefits to using the NIST CSF. * Currently, there is no federal cyber security law that all organizations can turn to when developing their cyber security programs. Instead, they must reconcile their efforts with numerous industry regulations, standards, and state laws. The NIST CSF provides a consistent, universal set of standards that any organization can use to evaluate their risk levels and determine appropriate cyber security controls. * The NIST CSF is flexible and scalable. It focuses on outcomes, not specific procedures. Regardless of their industry or size, organizations can achieve these outcomes in a way that is feasible for them, and they can continue using the framework as they expand. * The NIST CSF lays the foundation for compliance with other common standards and regulations, such as HIPAA, FISMA, and SOX. * Because it is written in plain language, many enterprises use it to obtain security buy-in from internal decision-makers, exte al partners, and suppliers who do not have technical backgrounds.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026