Created by the National Institute of Standards and Technology, the NIST Cybersecurity Framework (subsequently referred to as NIST CSF) is one of the most preferred texts when it comes to securing IT infrastructure. But leveraging NIST can be a hard task.
As you may be considering Prey for compliance, we decided to prepare a detailed guide, comparing our capabilities with the various Framework Cores (and their corresponding documentation, such as NIST Special Publications). If you just need the exact details to leverage, you can scroll to the appropriate section on the document below.
Note: if you’re a little lost and really looking for a more detailed guide on frameworks, our Cybersecurity Frameworks post can be a great starting point.
Why leveraging NIST CSF is a good idea
NIST CSF has evolved from a public standard created by the US Government into a very cohesive set of guidelines for private organizations to protect critical IT infrastructure. It’s not a compliance-based guide. Instead, it tries to provide guidance on protecting IT assets and encourage the enterprise world to prioritize cybersecurity risks.
That encouragement requires efforts from all across the organization, with deep compromises from key stakeholders & the security team.
By complying with NIST best practices, you ensure that the systems, data, and networks of your organization and your customers are protected from cybersecurity attacks. This helps you save significant time and avoid expenses you may have in the future.
Leveraging NIST the right way
As a risk-based approach to cybersecurity, NIST CSF is flexible and can be easily adopted. Depending on the scope of the security protection your organization might need, it may be necessary to leverage some or all of the points provided in the official documentation of NIST CSF. Nevertheless, the core functions of NIST CSF (which we will tie to Prey below) need evaluation tied to real security concerns.
These framework’s core functions include industry standards and practices that enable communication of cybersecurity activities and outcomes across the company, from the executive or C-level to the implementation/operations level.
As such, the core functions should be leveraged in context. That’s where the implementation comes in! The implementation tiers provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. The tiers reflect a structured progression of the informal reactive response to agile and highly risky approaches.
Without going too deep into them, the tiers are (from least reactive to completely reactive):
Tier 1: Partial
Tier 2: Risk Informed
Tier 3: Repeatable
Tier 4: Adaptive
More information about the implementation tiers can be found in NIST’s official documentation.
In the process of assessing the tier your organization is in, managers usually start building the third part of the NIST trilogy: framework profiles. Profiles are “current” and “expected”, both the different states where risk resides before and in a subjective or “ideal” after (usually in tier 4, described above). The gap between those two states is where problems are to be addressed with key solutions.
This is where solutions like Prey can shine.
Framework Core Functions & Prey
As a device tracking & asset management tool, Prey can be useful in several steps of the leveraging process.
As a tracking tool, Prey can be used proactively and reactively. Deployed before a disaster happens, Prey's stellar tracking capabilities can help locate & recover equipment all around the globe.
On the other hand, Prey’s Management suite can be useful in inventory management processes, where visibility is key.
Prey can also be useful when dealing with data security. With wiping, factory reset & encryption capabilities, our solution is equipped to respond to potential breaches, protecting data at rest.
A detailed guide of the several points of the framework core of NIST CSF where Prey is useful can be found here.
Identify
Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.
- ID.AM-1: Physical devices and systems within the organization are inventoried. Prey’s Full Suite solution can serve as a solid inventory of computational devices.
Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
- ID.RA-1: Asset vulnerabilities are identified and documented. Prey is one of many tools available to identify physical threats to computational assets.
Protect
Data Security (PR.DS): Information and records (data) are managed consistently with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
- PR.DS-1: Data-at-rest is protected. Prey can facilitate encryption on protected devices and secure disposal of data on demand through wipe, factory reset, & our Kill Switch solution.
- PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition. A subset of rules regarding this disposition adds Asset Management to the set of tools to leverage this rule.
Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage the protection of information systems and assets.
- PR.IP-6: Data is destroyed according to policy. Prey is capable of media sanitization through remote wiping, factory reset & Kill Switch capabilities, part of our Data Security & Full Suite plans.
Detect
Anomalies and Events (DE.AE): Anomalous activity is detected and the potential impact of events is understood.
- DE.AE-3: Event data are collected and correlated from multiple sources and sensors. A continuous monitoring plan requires several data sources. Prey can work as one of those sources, providing tracking capabilities that can be correlated with geofences & other actions.
Security Continuous Monitoring (DE.CM): The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.
- DE.CM-2: The physical environment is monitored to detect potential cybersecurity events. Asset tracking & monitoring has been added as a ruling in NIST SP 800-53.
Respond
Mitigation (RS.MI): Activities are performed to prevent the expansion of an event, mitigate its effects, and resolve the incident.
- RS.MI-1: Incidents are contained. Prey can be an ally in incident handling, specifically regarding detection, containment & recovery from physical vulnerabilities.
- RS.MI-2: Incidents are mitigated. Same as RS.MI-1, Prey is a useful tool in incident handling.