NIST and the NIS Directive / Regulations
NIST is the National Institute of Standards and Technology and they were selected for the task of developing the NIST Framework because they are a non-regulatory federal agency. They act as an unbiased source of scientific data and practices, including cybersecurity practices.
The framework was the result of a US executive order in 2013. By 2014 it was adopted globally, partly due to global organisations having a U.S. Headquarters and being U.S. owned. Organisations such as Google, Amazon/AWS, Paypal and Morgan Stanley.
The framework itself is made up of 5 functions; identify, protect, detect, respond and recover.
The functions are further broken down into 23 categories and underneath those categories are 108 sub-categories.
In August 2017 the UK government published the first version of the NIS Directive to guide suppliers of essential services to the Critical National Infrastructure. The NIS directive is closely aligned to the NIST Cyber Security Framework.
In June 2018 the Cabinet Office developed the minimum cyber security standard and it is also closely aligned to the NIST Cyber Security Framework.
With the UK leaving the EU, the NIS Directive has now become the NIS Regulations.
The remit of businessās security functions is constantly changing and expanding.
Organising your security operations into headings helps to introduce a workflow in order to assign activities to teams or individuals.
IP-Performance have a variety of products and services which are aligned with these frameworks. Our aim is to be able to offer assistance at any of the stages of your journey in a way that is complimentary to standards and best practice.
-
I have worked with IP-Performance for over 20 years and have always found them to be knowledgeable, helpful, prepared to go above and beyond and always right on the edge of modern technology and trends. So, when they suggested we might want to look at Pentera, we jumped at the chance and the results were nothing short of jaw droppingā¦ I would recommend anyone take a look at that product, even if you think you have all your security bases coveredā¦ Trust me, you havenāt. I would recommend the product, and anything that IP-P do to anyone across the industry. The breadth of what they cover is astounding.
David Brazewell, Technical Director,
QubeGB Ltd.
