How FairWarning Maps to the NIST Cybersecurity Framework

May 17, 2019

In February 2013, the U.S. President issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which directed NIST to work with stakeholders to develop a voluntary Cybersecurity Framework. This was done because federal agencies and critical infrastructures were facing growing security attacks and needed ways to help them better understand, organize, manage and mitigate security risks. The framework also provided a common language for agencies and infrastructure entities to communicate about security and risk management.

NIST defines the purpose of the CSF as “Helping organizations to better understand and improve their management of cybersecurity risk.” The Cybersecurity Framework is designed to help practitioners reduce cyber risks to critical infrastructure; critical infrastructure is defined as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of these matters.”

While it was originally designed specifically for use by the U.S. federal agencies and critical infrastructure systems, many entities in both private and public sectors have adopted the framework as a helpful tool for organizing their security actions and mitigating cybersecurity risks.

Use of the FairWarning solution helps customers either fully or partially fulfill over 75 Control Objectives across 22 categories and all five NIST functions.

Previous Document
Complying with the New York State DFS Cybersecurity Regulation
Complying with the New York State DFS Cybersecurity Regulation

Are you in compliance with the New York State Cybersecurity Regulation? Find out how FairWarning can help w...

Next Document
How FairWarning Fulfills on HIPAA
How FairWarning Fulfills on HIPAA

FairWarning's solution for patient privacy monitoring maps directly to 13 key requirements of the OCR HIPAA...