NIST 8170 aims to provide a path to incorporate cybersecurity framework into existing security
As the widespread outbreak of the wannacry ransomware showed, basic cybersecurity practices are not being followed by organizations large and small.
The National Institute of Standards and Technology (NIST) released guidance on incorporating the NIST cybersecurity framework into existing security. Dubbed “Framework meets FISMA”, this document was intended to assist federal agencies with meeting the new executive order issued by Donald Trump.
Officially titled “NIST Interagency Report 8170“, it outlines how to vet third-party vendors, assign responsibilities across the staff, and to assess how well an agency is complying with data privacy laws, including FISMA and HIPAA.
While this latest release is targeted for federal agencies, we can and should use the NIST Cybersecurity Framework as a guideline to assess cybersecurity controls, policies and procedures and make certain that we are not missing basic best practices that can leave an organization vulnerable to cyber attacks.
Recent case study related to use of the NIST compliance framework:
Foresite Case study-Manufacturing