BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

NIST Cybersecurity Framework: Vulnerability Management - Not One Size Fits All

July 20, 2017

  • Blog
  • Archive

NIST Cyber Security Framework: Vulnerability Management

The Presidential Executive Order on Cybersecurity takes clear aim at vulnerability management, “Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies (agencies). Known vulnerabilities include using operating systems or hardware beyond the vendor's support lifecycle, declining to implement a vendor's security patch, or failing to execute security-specific configuration guidance.”

Ok, so maybe you are thinking, “The White House is mandating a black and white solution to a gray problem” Or, “Patching those vulnerabilities can take my system off line and that is riskier than the threat of vulnerability exploitation”. Fortunately, the EO also establishes the NIST Framework for Improving Critical Infrastructure (The Cybersecurity Framework) as the roadmap for government IT risk mitigation.

Check out this on-demand webinar from cybersecurity expert, Don Maclean, 'Addressing Executive Order on Cybersecurity Requirements to Mitigate Risk'. View now

The NIST Model for Vulnerability Management

The NIST model defines controls and best practices that allow agencies to thoughtfully view the subject of vulnerability management holistically. No one size fits all mandates here. NIST Cybersecurity Framework guidance recommends the following actions as part of an overall vulnerability management and risk mitigation strategy:

  • Asset vulnerabilities are identified and documented
  • Threat and vulnerability information is received from information sharing forums and sources
  • Threats both internal and external are identified and documented
  • Threats, vulnerabilities, likelihoods and impacts are used to determine risk
  • Risk responses are identified and prioritized
  • Vulnerability management plan is developed and implemented
  • Event Data are aggregated and correlated from multiple sources and sensors
  • Vulnerability scans are performed
  • Newly identified vulnerabilities are mitigated or documented as accepted risks

I think we can all agree, this is simply good vulnerability management hygiene. And the impact it has on mitigating risk is undeniable.

The BeyondTrust vulnerability management solution, Retina, in concert with our IT Risk Management Platform can address these requirements and more. Check out the white paper Implementing NIST Cybersecurity Framework Standards with BeyondTrust solutions to explore how our solutions can help you not only address vulnerability management needs, but also the privilege access management controls prescribed by the framework.

We explored the long-term impacts of the Presidential Executive Order on Cybersecurity and considerations for implementing the NIST framework to achieve compliance with EO directives with Cybersecurity expert Don Maclean in our recent webinar: 'Addressing Executive Order on Cybersecurity Requirements to Mitigate Risk'.

Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.