Implementing NIST Cybersecurity Framework Standards with BeyondTrust Solutions
Cybersecurity Framework Overview
The Cybersecurity Framework, developed in partnership between industry and government, was designed to provide a universal standard, yet be flexible enough to address an organization’s unique risks and risk tolerance. It is a “living document” that will be refined as technology and practices evolve and industry continues to provide feedback.
The risk based approach developed for the framework is based on three sections: The Core, Implementation Tiers and Profile. The framework core is a set of desired actions, outcomes and references across critical infrastructure sectors. This core consists of five functions: Identify, Protect, Detect, Respond, and Recover. The recommendations within the core map back to several globally recognized standards, including NIST SP800-53.r4.
Controlling and monitoring privileged access is extremely important to mitigating the risks posed by insider threats, preventing data breaches, and meeting compliance requirements. But security and IT leaders must walk a fine line between protecting the organization’s critical data to ensure business continuity, and enabling users and administrators to be productive. Disparate, disjointed tools deployed and managed in silos leave gaps in coverage over privileged access. This legacy model is expensive, difficult to manage, and requires too much time to show any meaningful risk reduction. It also impedes the adoption of best practices like those called out in the Cybersecurity Framework as well as compliance achievement with mandates like FISMA.