Search
Close this search box.

The NIST Cybersecurity Framework

A real-world example of risk mitigation with Tachyon

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the US Department of Commerce. NIST is one of the nation’s oldest physical science laboratories and works with many state and local governments, as well as various private industries, on projects. One of the most extensive offerings that NIST produces is the Cybersecurity Framework.
When we talk about cybersecurity, there are so many options for you to secure your environment.  Determining your action plan can be challenging because you have to wade through quite a lot of information in order to figure out what you should do. The US Federal Government recognized this issue, culminating in President Obama signing an Executive Order to start creating the NIST Cybersecurity Framework.

What is the NIST Cybersecurity Framework?

The framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—including customers and partners—to develop a shared understanding of their cybersecurity risks.
While the NIST Cybersecurity Framework is a requirement for US Governmental Contractors (including sub-contractors), it’s good to adopt it no matter your organization’s size for two reasons:

  1. It provides for clear communication and the ability to adapt it for your specific organization.
  2. The items in the framework help you determine where you are in your cybersecurity risk management, develop a target goal for where you want to be, and then prioritize and develop a plan to get there.

The framework consists of five functions that contain 23 categories and 108 subcategories:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover.

The categories and subcategories break down each of the function areas into practice areas.
This article will focus on one category and subcategory in the Identify function and how Tachyon can address these items.

The Identity function and how Tachyon helps

The Identify (ID) function category Asset Management (ID.AM) subcategory number 1 (ID.AM-1) states, “Physical devices and systems within the organization are inventoried.”  Tachyon not only collects inventory on devices, which is key to fulfilling this part of the NIST cybersecurity framework, but also extends this further to allow organizations to leverage its current inventory solutions. It uses connectors to import the inventory data from five other systems into Tachyon; those being:

  1. BigFix
  2. OracleLMS
  3. ServiceNow
  4. vCenter
  5. System Center Configuration Manager.

Tachyon is also able to import device information (such as device type, model, operating system, processor details [such as vendor, family, model, and count]; and the core count [vCPUs])  from a TSV or CSV. That way, an organization can leverage all of their current inventory information and allow Tachyon to utilize it.
This identification of your devices in your environment is one of the critical foundations of any cybersecurity program. For Tachyon customers, the ability to provide this data in real-time is key to keeping their environment secure.
Cybersecurity is more important now in our Work From Anywhere world than it has ever been. 1E has helped many organizations adopt a cybersecurity framework and implement solutions to fulfill the technical goals of the framework. To learn more, speak to a 1E expert.

Report

The FORRESTER WAVE™: End-User Experience Management, Q3 2022

The FORRESTER WAVE™: End-User Experience Management, Q3 2022