Most Federal Agencies Now Use NIST Cybersecurity Framework

A majority of federal agencies are using the National Institute of Standards and Technology (NIST) cybersecurity framework now, according to a survey of federal IT professionals by Dell Software.

The NIST Framework, which was released in February 2014, has provided guidance for both government and industry, directing agencies on best practices to mitigate risk and strengthen their security posture. The Dell survey has found that 82% of federal IT respondents’ organizations are using the NIST framework to improve their security stance.

Additional survey findings demonstrate that the document is being used as a stepping-stone to a more secure government. In fact, three-quarters (74%) of organizations already using the framework indicate that it serves as a foundation for their own cybersecurity roadmap.

Further, 68% of respondents say they look to the framework to improve organizational security, and 39% use the framework to create a uniform approach to discussing security throughout their agency.

The NIST Framework has logged success in emphasizing the importance of a holistic, end-to-end approach to security. It outlines processes and mechanisms for any organization to improve cybersecurity risk management, and the framework is intentionally broad in order to support a wide range of organizational needs. Focused on five areas of cybersecurity risk management—identify, detect, protect, respond and recover—the framework recognizes that it is critical for agencies to adopt a holistic approach to security that includes identity and access management, next-gen firewalls, end-point protection and more.

“As security threats continue to increase in sophistication and frequency, holistic, end-to-end security is crucial,” said Paul Christman, vice president of federal at Dell. “The NIST Cybersecurity Framework empowers agencies to identify, detect, protect, respond and recover from cyber threats, and it can serve as an excellent resource for government. Regardless of mission, industry, data type, or threat factor, organizations can use the NIST Framework to strengthen their security posture, develop and enhance cybersecurity roadmaps, improve organizational security and create a uniform security language.”

Reflecting the impact of such efforts, 84% of survey respondents said that they feel confident that their organization has the necessary resources and guidance to defend against insider threats.

It should be noted that the NIST Cybersecurity Framework is just one example of the increased guidance coming from government to help organizations in both the public and private sector improve their security stance. Recent initiatives like the 30-day Cybersecurity Sprint and its follow up, the Cybersecurity Strategy and Implementation Plan, have given government additional resources to bolster security.

Photo © Gil C

What’s Hot on Infosecurity Magazine?