Back to Cyber Security

NIST Cybersecurity Framework (CSF)

Leveraging a globally recognized standard to manage and reduce cybersecurity risk.

What is the NIST Framework?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. While developed in the US, it has become a gold standard adopted by businesses worldwide.

The framework is voluntary, flexible, and designed to be integrated into an organization's existing risk management processes. It provides a common language for both technical and non-technical staff to understand, manage, and express cybersecurity risk.

The Five Core Functions

The NIST CSF is organized into five key functions which provide a high-level, strategic view of an organization's cybersecurity risk management lifecycle:

  • Identify: Develop an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
  • Protect: Implement appropriate safeguards to ensure delivery of critical infrastructure services.
  • Detect: Develop and implement activities to identify the occurrence of a cybersecurity event.
  • Respond: Take action regarding a detected cybersecurity incident to contain its impact.
  • Recover: Develop and implement activities to maintain plans for resilience and to restore any capabilities or services that were impaired.

How We Leverage NIST for You

At Portal Technology, we use the NIST Cybersecurity Framework as a cornerstone of our security consulting and managed services.

  • Risk Assessment: We use the 'Identify' function to help you understand your most critical assets and the risks they face.
  • Security Control Implementation: We align our security solutions with the 'Protect' function, implementing robust defences like firewalls, endpoint protection, and access control.
  • Threat Detection: Our 24/7 monitoring services directly map to the 'Detect' function, ensuring we can spot malicious activity quickly.
  • Incident Response Planning: We work with you to develop a comprehensive plan based on the 'Respond' and 'Recover' functions, ensuring you're prepared to act decisively when an incident occurs and can restore operations swiftly.