Home | Resources | Articles

NIST Cybersecurity Framework

NextLabs Articles

NextLabs helps organizations meet the security requirements of the National Institute of Standards and Technology (NIST). In particular, NIST has published several documents, each of which focuses on a different facet of security. NextLabs addresses many of the requirements of these publications as noted below.

NextLabs is a member of the NIST National Cybersecurity Excellence Partnership (NCEP) program.

NCEP partners have pledged to provide hardware, software and expertise to support NIST’s efforts to advance rapid adoption of secure technologies. In addition to contributing equipment and other products to the NCCoE’s test environments, companies may designate guest researchers to work at the center, in person or remotely.

NIST SP 800-53 Revision 5

This document details a framework to protect an organization and its assets from a range of threats, including cyberattacks, insider threats, application security, supply chain risks, and human error, among others. NextLabs helps organizations meet various access control requirements, including enforcement of least privilege/need-to-know, dynamic privilege management, and usage controls on features such as Edit, Print, Reshare, and Extract.

NIST SP 800-162

This paper defines of attribute based access control (ABAC). NextLabs was selected by NIST to help define the core capabilities and benefits of ABAC. ABAC is an access control model where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes.

NIST SP 800-171

NIST SP 800-171 sets forth the minimum security standards for all Department of Defense contractors that process, store, or transmit Controlled Unclassified Information (CUI). NextLabs helps organizations safeguard the information that resides in or transits through covered contractor information systems and the reporting of cyber incidents.

NIST SP 800-178

In this document, titled “A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services. Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC),” NIST describes how these are very different attribute based access control standards with similar goals and objectives. The goal of both models is to provide a standardized way for expressing and enforcing a multitude of access control policies on various types of data services. The two standards differ with respect to the manner in which access control policies are specified, managed, and enforced.

NIST SP 1800-2

NIST SP 1800-2 covers how energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology (IT), and operational technology (OT) to protect power generation, transmission, and distribution. They must implement technology to authenticate authorized individuals to the devices and facilities to which the companies are giving them access rights to with a high degree of certainty.

NIST SP 1800-3

Like SP 800-162 this document focuses on ABAC, however it includes the involvement of the National Cybersecurity Center of Excellence (NCCoE) and their example of an advanced access control system. The NCCoE practice guide in this paper details a collaborative effort between the NCCoE and technology providers to demonstrate a standards-based approach to attribute based access control. This guide also discusses potential security risks facing organizations, benefits that may result from the implementation of an ABAC system, and the approach the NCCoE took in developing a reference architecture and build.

NIST SP 1800-9

This paper discusses access rights management for the financial services sector. Financial services firms are complex organizations with several internal systems managing sensitive financial and customer data. These internal systems are typically independent of each other, which makes centralized management and oversight challenging. In collaboration with the financial services community and technology collaborators, the National Cybersecurity Center of Excellence (NCCoE) developed SP 1800-9 which uses standards-based, commercially available technologies and industry best practices to help financial services companies provide a more secure and efficient way to manage access to data and system.

NIST SP 800-207

This special publication discusses the core logical components that make up a zero trust architecture (ZTA) network strategy. Zero trust refers to an evolving set of network security paradigms that narrow defenses from wide network perimeters to individuals or small groups of resources. Its focus on protecting resources rather than network segments is a response to enterprise trends that include remote users and cloud-based assets that are not located within an enterprise-owned network boundary.

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Capability Maturity Model (CMMC) certification is the US Government’s solution to fix low rates of compliance associated with NIST SP 800-171. CMMC is not optional and is designed to permit only allow businesses with a valid CMMC certification to bid on and win contracts with the US Government. The US Department of Defense (DoD) recognizes that all contractors are not alike, as well as the nature of how subcontractors are used. The CMMC is a tiered model that addresses every business in the DIB, from the largest contractors down to small subcontractors (e.g., IT service providers, bookkeepers, janitorial services, etc.) that could impact CUI.

One common misconception is that CMMC compliance is the same thing as NIST SP 800-171. That is not entirely true, especially in the higher levels of CMMC that include requirements from frameworks other than NIST SP 800-171.

One common misconception is that CMMC compliance is the same thing as NIST SP 800-171. That is not entirely true, especially in the higher levels of CMMC that include requirements from frameworks other than NIST SP 800-171.

  • CMMC Level 1: This is essentially addressing FAR 52.204-21 cybersecurity principles.
  • CMMC Level 2: This builds on CMMC Level 1 and addresses a little over half of NIST 800-171 controls.
  • CMMC Level 3: This builds on CMMC Level 2 and addresses all NIST 800-171 and a few extras.
  • CMMC Levels 4 & 5: CMMC Levels 4 & 5 build off CMMC Level 3 and include controls from a range of frameworks:
    • CERT RMM v1.2
    • NIST SP 800-53
    • NIST SP 800-172
    • ISO 27002
    • CIS CSC 7.1

To comment on this post
Login to NextLabs Community

NextLabs seeks to provide helpful resources and easy to digest information on data-centric security related topics. To discuss and share insights on this resource with peers in the data security field, join the NextLabs community.

Home | Intelligent Enterprise | NIST CSF

NIST Cybersecurity Framework (CSF)

Stay ahead of the curve

Talk to an Expert

Created through collaboration between industry and government, the NIST Cybersecurity Framework (CSF), acts as a voluntary framework that consists of standards, guidelines, and practices to promote the protection of critical infrastructure.  

Designed to be flexible, repeatable, and cost-effective, NIST’s CSF helps enterprises manage and reduce cyber-risk, as well as foster risk and cybersecurity management communications among internal and external stakeholders. The framework is organized into six core functions: Identify, Protect, Detect, Respond, Recover, and Govern. Each function includes a set of categories and subcategories that provide guidance on how to implement effective cybersecurity practices. It includes a set of implementation tiers that measure an organization’s level of cybersecurity maturity and assess progress towards achieving its cybersecurity goals. 

Implementing Data Security using Attribute Based Access Control (ABAC)

Discover how Attribute Based Access Control (ABAC) provides a robust, data security solution that keeps pace with the demands of your extended enterprise

NIST ABAC Overview

Learn how NextLabs partnered with e National Cybersecurity Center of Excellence (NCCoE) to address the challenge of implementing Attribute Based Access Control (ABAC)

Applying Zero Trust Principles to NIST 800-53

Discover how zero trust principles can be applied to NIST 800-53 to safeguard applications and data from a diverse range of threats

The NIST Cybersecurity Framework Approach Addresses:

Although the CSF was designed with Critical Infrastructure (CI) in mind, it is extremely versatile and can be used by organizations of all sizes, sectors, and maturities. The NIST Cybersecurity Framework helps enterprises introduce: 

  • Cyber Resilience- Through the NIST CSF enterprises can anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources regardless of the source. 
  • Next-Generation Technologies- The CSF encourages technological innovation by aiming for strong cybersecurity protection without being tied to specific offerings or current technology.  
  • Preventive Controls- By going one step further and automating data protection and access management across applications, enterprises can prevent unauthorized access and data breaches. 
  • Enhanced Compliance- The Cybersecurity Framework enables streamlined regulatory compliance and strengthens data access governance with a common language that applies to all applications. 
  • Reduced Costs- The framework helps lower costs of cybersecurity risk management by prioritizing expenditures to maximize the impact of the investment. 

Why NIST Cybersecurity Framework ?

The NIST Cybersecurity Framework offers a common language and systematic methodology for managing cybersecurity risk. The framework was designed as a ‘cookbook’ which can offer guidance on how to establish and/or complement an enterprise’s cybersecurity program and risk management processes.  

The process of creating Framework Profiles (alignment of the Functions, Categories, and Subcategories with the business requirements, risk tolerance, and resources of the organization) provides organizations with the opportunity to identify areas where existing processes may be strengthened, or new processes can be implemented.  

The pairing of CSF Profiles with an implementation plan allows an enterprise to take advantage of the CSF by enabling cost-effective prioritization and communication of improvement activities among organizational stakeholders or for setting expectations with suppliers and partners.  Moreover, Profiles and associated implementation plans can be leveraged as strong artifacts for demonstrating due care. 

The Implementation Tiers component of the CSF helps enterprises by providing context on how an organization views cybersecurity risk management. The Tiers guide companies to consider the appropriate level of rigor for their cybersecurity program, which can be leveraged as a communication tool to discuss mission priority, risk appetite, and budget. 

To learn about NIST’s technologies via its special publications, explore our NIST special publications page.

Learn more

NextLabs Solution

The NextLabs Zero Trust Data Security Suite helps organizations accelerate their implementation of the NIST Cybersecurity Framework’s six key functions: identify, protect, detect, respond, recover, and govern to manage cybersecurity risks effectively. Using the technologies from NIST’s special publications among its own patented technologies, NextLabs addresses the six key functions as follows: 

Protect data at the source

Secure applications, API, & microservices access, externalize entitlement, protect data, & simplify access management

Protect data in motion

Persistent protection of critical files stored and shared anywhere, cloud payload, and endpoint device

Protect data in use

Zero Code Approach to protect data & secure access independent of application with data masking, FPE, & data segregation

Protect data at the source

Secure applications, API, & microservices access, externalize entitlement, protect data, & simplify access management

Protect data in motion

Persistent protection of critical files stored and shared anywhere, cloud payload, and endpoint device

Protect data in use

Zero Code Approach to protect data & secure access independent of application with data masking, FPE, & data segregation

  • Identify: NextLabs helps organizations implement the Identify function through enforcers, which augment an application’s underlying security model, leveraging data classification by automatically identifying sensitive data types based on the app’s data model, then organizes this data The enforcers discern and collect relevant access activity data to facilitate centralized correlation and detection of anomalous activity, allowing  potential threats  to be recorded. 
  • Protect: To implement the Protect function, NextLabs enforcers persistently protect files across the information cycle using attribute-based policies. Attribute-based policies dynamically grant permissions for specific actions, such as viewing, editing, copying, forwarding, printing, and extracting content, based on the recipient’s identity. The solution provides persistent control of access and usage of digital information stored in files regardless of where it exists. It can safeguard and monitor business-critical documents such as intellectual property and product design, wherever it lives or travels – across devices, data centers, apps, cloud services, and on-premises.  
  • Detect: To implement the Detect function, NextLabs offers centralized logging and monitoring, that enables enterprise-wide activity logging to promptly identify any suspicious activity and anomalies. With NextLabs, organizations can track and store real-time user and data access activity across apps and services in a central audit repository, simplifying the process of auditing security controls.  
  • Respond: NextLabs supports the Respond function with its patented dynamic authorization technology. Because the attribute-based policies are dynamically evaluated at the time of the data access request, if there are threats detected, that information can be automatically incorporated into the policy decision and enforcement. 
  • Govern: With NextLabs Zero Trust Data Security, organizations can implement the Govern function by establishing dynamic security policies to protect business-critical assets and mitigate the risk of a cybersecurity breach.  These policies are then centrally managed and deployed across all applications to enforce least privilege access. Centralized policy management allows for increased agility as policies can be easily modified or updated without making significant changes to the underlying system or application. This flexibility also allows organizations to adapt quickly to evolving business requirements, regulatory changes, or new security needs. 
NextLabs Zero Trust Data Security is not only used to implement NIST’s Cybersecurity Framework, but is also used by enterprises to enable CMMC compliance (based on NIST SP 800-171)
Learn more

CSF & Intelligent Enterprise

Implementation of the NIST Cybersecurity Framework allows organizations to make the transition to intelligent enterprises without compromising on data securityThe best practices defined by NIST provide a guide for organizations as they plan their migrations to more digitized operations, and as they collaborate more using shared resourcesThe framework’s implementation tiers also provide a roadmap for organizations to measure their progress and continually improve their cybersecurityThis structure makes it easier for organizations to implement the changes to become more intelligent than if they had to develop cybersecurity plans from scratch. 

Learn more

NextLabs Resources

Data Sheets

Customer Stories

White Papers

Videos
  • NIST Cybersecurity Framework
  • Why NIST Cybersecurity Framework?
  • NextLabs Solution
  • Intelligent Enterprise
  • Resources

Grow with confidence

Zero Trust Data Centric Security

NextLabs® patented dynamic authorization technology and industry leading attribute-based zero trust policy platform helps enterprises identify and protect sensitive data, monitor and control access to the data, and prevent regulatory violations – whether in the cloud or on premises

Become an Influencer
Request a Demo

Zero Trust Data Centric Security

NextLabs® patented dynamic authorization technology and industry leading attribute-based zero trust policy platform helps enterprises identify and protect sensitive data, monitor and control access to the data, and prevent regulatory violations – whether in the cloud or on premises

Grow with confidence

Become an Insider
Request a Demo

Quick Links

About NextLabs

NextLabs Community

Contact Us

  • +1-650-577-9101
  • Fax: 650-577-9102
  • info@nextlabs.com