This page, Review the NIST Cybersecurity Framework, is offered by

Review the NIST Cybersecurity Framework

Evaluate and address cybersecurity risks at your financial institution using the NIST Cybersecurity Framework. The NIST Cybersecurity Framework consists of five functions for developing a cybersecurity program. The Conference of State Bank Supervisors (CSBS) offers the information related to the CSF.

Table of Contents

National Institute of Standards and Technology (NIST) overview

NIST is a part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories.

Per a 2013 presidential executive order, NIST works with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure.

NIST developed the Cybersecurity Framework (CSF) as a tool for organizations to review and address their cyber risks. The CSF consists of standards, guidelines, and best practices to promote the protection of critical infrastructure. Owners and operators of critical infrastructure can use the CSF to manage cybersecurity risk while protecting business confidentiality, individual privacy, and civil liberties.

The CSF complements, but does not replace, your institution's risk management process and cybersecurity program. Your institution can use its current processes and leverage the CSF to identify opportunities to strengthen management of cybersecurity risk. If you don’t already have an existing cybersecurity program, you can use the CSF as a reference to establish one.

Identify function

The first main cybersecurity function is to identify your institution’s cybersecurity risk. This is the level of risk posed by a financial institution’s activities, connections, and operations. A risk is the potential for loss, damage, or destruction of an asset as a result of a threat exploiting a vulnerability.

Protect function

Once you have identified your financial institution’s threats, vulnerabilities, and risks, the next step is to ensure your financial institution has the right safeguards or controls in place. Safeguards help to mitigate the various types of threats to your financial institution. Your protection measures are the “front lines” of defense in securing critical information. These protection measures work to limit or contain the impact of a cybersecurity event or incident.

Detect function

Detection tools are your institution's reinforcement against cyber threats. Cyber attackers attempt to exploit any vulnerabilities they can find. It is up to your IT staff to detect intrusions inside and outside of your network. Your IT manager must have a solid understanding of your institution’s asset inventory and the associated risks. The 'Identify' section outlines associated risks. Your IT manager should also ensure the right safeguards are in place to protect these assets. The 'Protect' section outlines safeguards.

The start of any detection strategy is the baseline inventory. You should also check your networks, systems, and applications to establish a baseline traffic pattern or a measure for “normal” operations. Part of your strategy will also be to correct any issues as you detect them.

Respond function

Cybersecurity data breaches are now part of our way of life. Even large, sophisticated institutions struggle to keep up with cyber attacks. It is important to prepare for a cybersecurity incident. Preparation includes knowing how you will respond once an incident occurs. To do this, your financial institution must have an incident response plan.

Recover function

After your financial institution has taken action to respond to a cyber attack, the next step is the recovery period. Develop and put in place a recovery plan including processes and procedures to restore confidence in your recovered systems and data. Your recovery plan may include:

  • Recover Infrastructure:
    • A step-by-step plan for rebuilding compromised servers, databases, or network devices. Your plan should also include steps to restore baseline configurations. Your IT department should maintain a standard set of ready-to-install updated infrastructure images. For example, these images can be stored on a backup virtual machine or USB flash drive.
  • Restore Data:
    • If the integrity of data was affected or content deleted, have a plan in place for restoring it. Your IT department should have a reliable backup procedure in place.
  • Reconnect Service:
    • Your recovery plan should lay out how you will reconnect services with little disruption.