NIST CSF is a cybersecurity framework created by the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce. NIST CSF, along with other security frameworks like ISO 27001 and CIS controls, is a comprehensive set of guidelines to help you manage your organization’s cybersecurity risk.
They help you manage risk by identifying and qualifying risks, giving you recommendations on how to mitigate them, and giving you a score based on your overall compliance with the framework.
There are many steps you can take to improve your NIST CSF score, and the steps that are best for you to implement first depend on your organization’s existing cybersecurity risks. A great way to identify and qualify these risks is to conduct a cybersecurity risk assessment. If you haven’t already done one, feel free to contact us to set up a free initial cybersecurity risk assessment.
While the best steps you can take to improve your NIST CSF score are situational, there are some tried and true methods that apply to most cases. We’ve outlined our top ten below.
1. Conduct a cybersecurity risk assessment and create a roadmap to address the results. Without conducting such an assessment, it’s impossible to fully understand the risks your company faces.
2. Implement MFA for all services, especially those facing the internet. Ideally, this should utilize a strong second factor such as Yubikeys or TOTP mobile passcodes. Going password-less is also a great way mitigate the risk presented by traditional single factor authentication.
3. Implement micro-segmentation. Since we live in a world where getting hacked is a matter of when, not if, having something that can contain the blast radius of a breach is essential. Micro-segmentation accomplishes this by first examining all traffic, application connections, and other activity on your devices and network. It uses this data to establish a baseline of how things should operate at your organization, and then “segments” your network by blocking all traffic not obeying the rules established by the micro-segmentation tool. Typically, a cybersecurity engineer will also manually review the results of the baseline to ensure you are not already compromised before enabling micro-segmentation. When a security incident does occur, micro-segmentation can stop it in its tracks before it can do any serious damage.
4. Implement and properly configure a good EDR solution. EDR solutions are absolutely essential in today’s threat landscape since many cyberattacks can easily evade the file-based protection of legacy antivirus. Legacy antivirus simply checks whether a file matches their existing definitions of known malicious files, whereas EDR examines the behavior of an endpoint or server to determine whether there is malicious activity.
5. Implement a good spam filter. Since the vast majority of cyberattacks start with email, investing in a high-quality spam filter greatly reduces the number of threats that can gain initial access to your network.
6. Ensure vulnerability scans are conducted regularly, and that the vulnerabilities identified are patched promptly. Vulnerability scanning ensures you have a complete understanding of what devices are on your network, what vulnerabilities they have, and how much of a risk they are.
7. Implement cybersecurity awareness training and testing. Since virtually all cyberattacks involve human error, properly training your employees on cybersecurity and how to detect threats they might see is an essential part of cybersecurity.
8. Implement a SIEM solution. SIEM ensures that all of your logs are in one easily searchable and accessible place. While this might not sound like much, having all of your security information in one place is critical in detecting attacks early, alerting on anomalies, providing network visibility, and ensuring compliance.
9. Harden your firewall policies and ensure your firewall has application-layer filtering. Simply filtering traffic based off ports and IPs is antiquated and puts you at risk. It’s essential to be able to analyze the traffic on your network, rather than just filtering it with traditional firewall rules.
10. Implement immutable backups. Since non-immutable backups can be encrypted just like all other data on your network, it’s important to have backup copies that cannot be modified or encrypted.
If you need help improving your NIST CSF score, or simply want it assessed, feel free to contact us!