What is NIST?
The National Institute of Standards and Technology Cyber Security Framework is a framework to help organisations manage and reduce their cyber security risk. It uses a common language and set of best practices for managing cyber risk across an organisation.
The framework is designed to be adaptable and flexible to adjust to the needs of different organisations of any size in any industry. It is structured around five core functions – Identify, Protect, Detect, Respond, and Recover – these represent the basic cyber security activities that any organisation should undertake to manage and reduce cyber security risk.
Although typically used by US-based organisations, it is becoming more common in the UK and Europe.
Who is required to comply with NIST?
There is no legislation or regulatory requirement for organisations to adopt the NIST CSF. However, some industries and sectors may be required by law or
regulation to implement specific cyber security measures or frameworks that align with the NIST CSF.
Organisations in the UK that have complex supply chains or business relationships involving US organisations, may find it beneficial to use the NIST CSF to help document their cyber security risk, mitigations and treatment processes.
NIST is recognised by the ICO (Information Commissioner’s Office) as a robust approach to evaluating an organisation’s IT Security and Data Protection capabilities. The NIST CSF is particularly useful in supporting the continual and evolving challenges of IT Security and Data Protection within an organisation, and can establish a task orientated approach to managing complex business models with complex risks.
How can Evolve North help?
We provide annual external audit and scoring of an organisation’s approach to IT Security, Data Protection and Governance against the requirements of the NIST CSF, identifying maturity levels and evaluating risk appetite. This can be leveraged to provide your organisation’s risk committee with a tangible benchmark to assist in making informed risk decisions based upon risk appetite, targeting areas that will have the most impact on risk management and reduction.
The audit is best conducted as an annual exercise to demonstrate and measure progress in a meaningful way to all stakeholders and help drive appropriate risk management and risk reduction across the business over the coming years.
Talk to a specialist now – call 01748 905 002.
“Having Evolve North support our board meetings really supported the work we are doing to safeguard our staff and customers”
Head of Operations, European Financial Services.
“Cyber Essentials Plus was essential for us to attain, and the Evolve North team made it possible”
Operations Director, UK Non-Profit
“Given our size, the vDPO service just made sense, as we couldn’t hire this role internally for several years to come”
CTO, UK Marketing Agency
“The Gap Analysis (UK GDPR, ISO 27001 & Cyber Essentials) just made things along clearer and proving our Data Protection roadmap for next 12momths”
Head of IT, Insurance Broker
“We’ve partnered with Evolve North for PCI DSS & ISO7001 support and they’ve always been there when we’ve needed them”
Programme Director, UK Hotel Chain
“They provided clarity across our M365 data and compliance services, our chaotic Microsoft licencing and our complex NHS environment”
Digital & Change Lead, UK NHS Trust
“After pushing through our Cyber Essentials and ISO27001, their quarterly Penetration Testing & Vulnerability scanning just made sense”
CTO, UK Housing Association
“Quick and easy method to get Cyber Essentials. Lots of support when needed”
IT Manager, UK Law Firm
“Just having the annual support days in place, meant we could tackle incidents and third-party onboarding easily”
Director of Tech, UK Hospitality Organisation