Solutions

NIST

The NIST Cybersecurity Framework (CSF) provides a governance model that helps evaluate cybersecurity practices, establish or improve a cybersecurity program, and inform your security roadmap and buying decisions.

Tech9labs’s approach provides “ground truth” on an organization’s current cybersecurity posture (current state), and where the organization should be based on its threat profile (target state). A threat profile is established by examining an organization’s operations, industry vertical, technology profile, and likely adversaries. From that analysis, we provide a comprehensive set of actionable recommendations to move the organization forward in the short, medium, and long term.

As technologies advance and cyber threats continue to grow in number and complexity, many organizations are turning to outside assistance to enhance safeguards around their sensitive data. Tech9labs (NIST) capabilities provide a source for commercial entities that require or desire compliance or alignment with NIST-related standards. Our goal is to help create a homogenous level of quality for any NIST engagement. Our team of well-equipped professionals understands the commonalities between various standards that leverage NIST guidance.

No Image

Examples of NIST functions and categories include the following:

  • Identify: To protect against cyberattacks, the cybersecurity team needs a thorough understanding of what the most important assets and resources of the organization are. The identify function includes such categories as asset management, business environment, governance, risk assessment, risk management strategy, and supply chain risk management.
  • Protect: The protect function covers much of the technical and physical security controls for developing and implementing appropriate safeguards and protecting critical infrastructure. These categories are identity management and access control, awareness and training, data security, information protection processes and procedures, maintenance, and protective technology.
  • Detect: The detect function implements measures that alert an organization to cyberattacks. Detect categories include anomalies and events, security continuous monitoring, and detection processes.
  • Respond: The respond function categories ensure the appropriate response to cyberattacks and other cybersecurity events. Specific categories include response planning, communications, analysis, mitigation, and improvements.
  • Recover: Recovery activities implement plans for cyber resilience and ensure business continuity in the event of a cyberattack, security breach, or other cybersecurity event. The recovery functions are recovery planning improvements and communications.