What is a Cybersecurity Framework?
A cybersecurity framework is an organized set of security controls and practices that can help you address common security risks, perform gap assessments, and build security roadmaps.
The most popular cybersecurity framework is the NIST Cybersecurity Framework, also known as NIST CSF. It helps security managers identify cybersecurity risks across the organization’s business activities and then structure a profile of control capabilities. The NIST framework breaks security functions into five categories: Identify, Protect, Detect, Respond and Recover.
Unlike industry standards (such as PCI-DSS) or government regulations (such as NERC CIP), cybersecurity frameworks are not prescriptive. They give you flexibility in choosing what risks you want to address and how you address them.
Cybersecurity frameworks are based on best-practices from leading organizations. They provide suggestions on “what” you should do to secure your digital assets. They typically refer to control frameworks for specific recommendations on “how” to perform each function.
Armis Support for NIST CSF
Armis is an agentless device security platform that provides a broad range of security functions that span ten of the NIST CSF controls across the categories Identify, Protect, Detect, and Respond.
|ID.RM||Risk Management Strategy|
|ID.SC||Supply Chain Risk Management|
|Protect||PR.AC||Identity Management and Access Control|
|PR.AT||Awareness and Training|
|PR.IP||Information Protection Processes|
|Detect||DE.AE||Anomalies and Events|
|DE.CM||Security Continuous Monitoring|
What is a Control Framework?
Control frameworks are similar to cybersecurity frameworks, but they tend to be less focused on security architecture and more focused on “how” to perform each security function. They also tend to be more prescriptive. The most widely used control frameworks are NIST SP 800-53 and the CIS Controls list (also sometimes referred to as CIS Critical Security Controls).
Initially developed in 2009 by the SANS Institute and known as the SANS Critical Controls, the CIS Controls are now managed by the Center for Internet Security (CIS). The controls are periodically updated by a worldwide community of experts who apply their experience as CISOs and security professionals. The current version of the CIS Controls is 7.1.
One reason why the CIS Controls are so popular is because the control list is so clear and succinct, as compared to, say, NIST SP 800-53 which is much more voluminous. The CIS Controls prioritize and focus on a smaller number of activities, with a correspondingly higher return on investment.
The twenty CIS controls are separated into three categories: basic, foundational and organizational. Originally, SANS recommended that organizations with limited resources implement the six basic controls first. But in 2019, CIS issued more nuanced guidance in the form of implementation groups. Each implementation group identifies a set of CIS Controls that is appropriate for an organization with a similar risk profile and resources to strive to implement.
Armis Support for CIS Critical Security Controls
Armis is an agentless device security platform that has been specifically designed to help you implement the CIS Critical Security Controls. Because Armis does not require agents, it works with all types of assets—managed, unmanaged, and IoT devices. Armis is cloud-based, so it is fast and easy to deploy, and it requires very little in terms of administrative maintenance.