NIST Cybersecurity Framework Steps
The NIST Cybersecurity Program. Get In On It!
Missouri Enterprise is the NIST MEP National Network partner for the state of Missouri, and if you manufacture in Missouri, you can connect with an extensive network of resources through us. The National Institute of Standards and Technology’s world-class cybersecurity program is just one of those great resources, and you should Get In On It! The program was specifically designed to help small to medium sized manufacturers effectively manage cybersecurity. Contact Us to learn more. We’re here to help.
The NIST Cybersecurity Framework.
The National Institute of Technology’s (NIST) Cybersecurity Framework helps manufacturing organizations better understand and improve their management of cybersecurity risk. The framework consists of standards, guidelines and practices to promote the protection of manufacturers’ information and IT systems. The framework is a flexible, cost-effective approach to help manufacturing companies manage cybersecurity related risk. The NIST Cybersecurity Framework consists of 5 key areas.
- IDENTIFY. Make a list of all equipment, software and data you use, including laptops, smartphones, tablets and point of sale devices. Create and share a company cybersecurity policy that covers:
- Roles and responsibilities for employees, vendors and anyone else with access to sensitive data.
- Steps to take to protect against an attack and limit the damage if one occurs.
- PROTECT. Create and share a company cybersecurity policy that covers:
- Control who logs on to your network and uses your computers and other devices.
- Use security software to protect data.
- Encrypt sensitive data, at rest and in transit.
- Update security software regularly, automating those updates if possible.
- Have formal policies for safely disposing of electronic files and old devices.
- Train everyone who uses your computers, devices and network about cybersecurity. You can help employees understand their personal risk in addition to their crucial role in the workplace.
- Monitor your computers for unauthorized personnel access, devices (like USB drives), and software.
- Check your network for unauthorized users or connections.
- Investigate any unusual activities on your network by your staff.
- RESPOND. Have a plan for:
- Notifying customers, employees and others whose data may be at risk.
- Keeping business operations up and running.
- Investigating and containing an attack.
- Updating your cybersecurity policy and plan with lessons learned.
- Preparing for inadvertent events (like weather emergencies) that may put data at risk.
- RECOVER. After an attack:
- Repair and restore the parts and equipment of your network that were affected.
- Keep employees and customers informed of your response and recovery activities.