The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1.1 in April 2018.
Have you noticed it’s never “Hey, someone got by a firewall” or “WOW, they bypassed the network security”? No. It’s always about the Device. It’s the same for hackers because everything else is just a means to an end, and that end is your Device! Imagine, late at night, driving around the Amusement Park security gate, then busting open the locked gated fence. These actions are necessary to get to the big score, the Rides! Yaaahoo!
NIST Special Publication 800-171 (NIST SP 800-171 or NIST 800-171) is a set of security controls within the NIST Cybersecurity Framework that establishes baseline security standards for federal government organizations. NIST SP 800-171 is mandatory for all non-government organizations operating with federal information systems.
NIST SP 800-161 revision 1 outlines a cybersecurity framework for mitigating security risks in the supply chain. NIST SP-800-161 is a subset of NIST 800-53, a broader cyber risk mitigation framework that’s foundational to most cybersecurity programs. The National Institute of Standards and Technology (NIST) designed NIST 800-161 to improve cyber supply chain risk management for all U.S federal agencies.
NIST Special Publication 800-53 sets an exemplary standard for protecting sensitive data. Though originally designed for government agencies, the framework has become a popular inclusion in most security programs across a wide range of industries.
NIST compliance is mandatory for any entity and service provider processing Controlled Unclassified Information (CUI) on behalf of the US Federal Government. Given the substantial risk to national security if this sensitive data is exploited and the high potential of its compromise through supply chain attacks, the range of organizations expected to comply with this cybersecurity regulation is intentionally broad.
Today’s threat landscape is driven by digital transformation and the outsourcing of critical operations to third-party vendors. Cybercriminals’ high demand for sensitive data paired with a historical lack of cybersecurity investment across the industry is cause for concern. Healthcare organizations recognize they have the choice to either increase their cyber spending or inevitably fall victim to a costly data breach. However, investing in cybersecurity solutions alone isn’t enough.
