Thursday 11th March 2021

NIST and the NIS Directive / Regulations

NIST is the National Institute of Standards and Technology and they were selected for the task of developing the NIST Framework because they are a non-regulatory federal agency. They act as an unbiased source of scientific data and practices, including cybersecurity practices.

The framework was the result of a US executive order in 2013. By 2014 it was adopted globally, partly due to global organisations having a U.S. Headquarters and being U.S. owned. Organisations such as  Google, Amazon/AWS, Paypal and Morgan Stanley.

The framework itself is made up of 5 functions; identify, protect, detect, respond and recover.

The functions are further broken down into 23 categories and underneath those categories are 108 sub-categories.

In August 2017 the UK government published the first version of the NIS Directive to guide suppliers of essential services to the Critical National Infrastructure. The NIS directive is closely aligned to the NIST Cyber Security Framework.

In June 2018 the Cabinet Office developed the minimum cyber security standard and it is also closely aligned to the NIST Cyber Security Framework.

With the UK leaving the EU, the NIS Directive has now become the NIS Regulations.

The remit of business’s security functions is constantly changing and expanding.

Organising your security operations into headings helps to introduce a workflow in order to assign activities to teams or individuals.

IP-Performance have a variety of products and services which are aligned with these frameworks. Our aim is to be able to offer assistance at any of the stages of your journey in a way that is complimentary to standards and best practice.

  • IP-Performance recently ran 2 virtual cyber breach response workshops for Elmbridge Borough Council and we cannot recommend them highly enough. As well as lots of practical resources & templates to take away, the second day culminates with an simulation which brings a cyberattack to life. It’s highly interactive, slightly stressful, but most importantly really makes you think! There’s a definite buzz around cyber at Elmbridge now thanks to Phil and team.

    Nikki Benge, ICT Business Manager,
    Elmbridge Borough Council