Security Line Card
  • Security Line Card
  • Key Trends
    • Security Frameworks
    • Zero Trust
    • Secure Access Service Edge
    • Secure & Protect The Cloud
    • Identity & Access Management (IAM)
    • Managed Security Services
    • Vulnerability Management
    • Security Awareness Training
    • Email & Endpoint Protection
    • Business Continuity
    • Ransomware Protection
  • Line Cards
    • Cloud Security Line Card
    • Consumer Technology ↗
    • DC/POS Line Card ↗
    • Emerging Business Group
    • Security Services (DXS) ↗
    • Smart Surveillance and Security Line Card ↗
    • UCC Line Card ↗
  • Resources
    • Business Transformation Center (BTC)
    • Digital Transformation Playbooks ↗
    • Financial Solutions ↗
    • Imagine Next ↗
      • Imagine Next Data Center ↗
      • Imagine Next Emerging Business Group ↗
      • Imagine Next Security ↗
      • Imagine Next Training ↗
    • Ingram Webinars & Events ↗
    • NIST Cybersecurity Framework
    • ONE Sales Tool ↗
    • Security Business Unit
    • Solution Design and Services
  • Login
Security Line Card
  • Security Line Card
  • Key Trends
    • Security Frameworks
    • Zero Trust
    • Secure Access Service Edge
    • Secure & Protect The Cloud
    • Identity & Access Management (IAM)
    • Managed Security Services
    • Vulnerability Management
    • Security Awareness Training
    • Email & Endpoint Protection
    • Business Continuity
    • Ransomware Protection
  • Line Cards
    • Cloud Security Line Card
    • Consumer Technology ↗
    • DC/POS Line Card ↗
    • Emerging Business Group
    • Security Services (DXS) ↗
    • Smart Surveillance and Security Line Card ↗
    • UCC Line Card ↗
  • Resources
    • Business Transformation Center (BTC)
    • Digital Transformation Playbooks ↗
    • Financial Solutions ↗
    • Imagine Next ↗
      • Imagine Next Data Center ↗
      • Imagine Next Emerging Business Group ↗
      • Imagine Next Security ↗
      • Imagine Next Training ↗
    • Ingram Webinars & Events ↗
    • NIST Cybersecurity Framework
    • ONE Sales Tool ↗
    • Security Business Unit
    • Solution Design and Services
  • Login

​NIST Cybersecurity Framework 

Ingram Micro's Security Line Card is built around the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and is designed to help you identify gaps in your customers security posture.
​
Since its introduction in 2014, NIST CSF has proven to be an elegant security framework for promoting information sharing and reducing risk to critical infrastructure, in both public and private sector settings. It’s no wonder the CSF has already been adopted by nearly 30 percent of businesses in the U.S. alone, with most of those companies stating they view CSF as an industry best practice.
 
But why have so many companies been so eager to adopt it since 2014? Glad you asked. Here are a few reasons:

• Simplicity – The CSF uses a small set of practical functions so even non-technical users can assess risk and build out a cybersecurity strategy. 
• Adaptability – A prioritized, flexible and cost-effective approach makes high-level strategic direction and broad application possible.
• Common Vernacular – a common taxonomy delivers a standardized, easy-to-understand language for stronger communication between all CSF users.
• Community Support – Input by the CSF’s more than 3,000 contributors means more unity and collaboration while also ensuring the CSF’s relevance for years to come.
NIST Cybersecurity Website
Ingram Micro's Security Line Card
Picture
Framework Version 1.1
Download and view the framework
Picture
New to Framework
Learn more about standards, guidelines and best practices to manage cybersecurity risk
Picture
Online Learning
Into material and guidance for new and advanced users
NIST has developed a cybersecurity framework to help organizations better understand and improve their management of cybersecurity risk. The framework is voluntary but provides best practice insight into the areas that should be on the radar when it comes to a strong cybersecurity stance. 

NIST is not just for federal/state-level resellers and customers—it’s a best practice framework designed to maintain reliable function of critical infrastructure for all.

​​

​Why the NIST framework is such an important asset

In the slick and shiny world of information security sales and advertising, frameworks can seem a bit dull. But what NIST and its cybersecurity framework (CSF) lack in sizzle, they more than make up for in steak. It’s become the de facto standard for assessing and maintaining good security posture for organizations of nearly all sizes and types. Consequently, IT service providers looking to expand into managed security services for their customers find great value in NIST’s CSF, both as a tool to gauge the effectiveness of their new practices and as a conversation starter with prospects. 

Following a trusted, standards-based framework like the one developed by NIST not only bolsters your credibility with prospects, it also gives you and them a common vernacular to assess risk and discuss security needs and solutions. 
​

​Help in understanding the NIST framework 

Do you or your clients have a good grasp of where you stack up against the policies and procedures set forth in NIST’s framework? If not, contact us at DXSservices@ingrammicro.com or (800) 456-8000, ext. 76094, option 1, to build a custom quote for the following services: 
  • NIST gap assessment—a gap review of an organization’s security posture as it relates to NIST SP800-53 R4 and other NIST documentations
  • NIST 800-171 gap assessment—a gap review of an organization’s security posture as it relates to NIST SP 800-171 for protection of confidential unclassified information (CUI), mainly for manufacturing 
The compliance and framework services are custom crafted usually based on the size of an organization. We provide our reseller partners with a custom statement of work they can upload and resell to their customers.

Picture

NIST CSF Functions & How To Use Them

1. Identify
Make a list of all equipment, software, and data you use, including laptops, smartphones, tablets, and point-of-sale devices.
​

Create and share a company cybersecurity policy that covers:
Picture
​Roles and responsibilities for employees, vendors, and anyone else with access to sensitive data.

Picture
Steps to take to protect against an attack and limit the damage if one occurs


2. Protect
  • Control who logs on to your network and uses your computers and other devices.
  • Use security software to protect data.
  • Encrypt sensitive data, at rest and in transit.
  • Conduct regular backups of data.
  • Update security software regularly, automating those updates if possible.
  • Have formal policies for safely disposing of electronic files and old devices.
  • Train everyone who uses your computers, devices, and network about cybersecurity. You can help employees understand their personal risk in addition to their crucial role in the workplace.​

3. Detect
Picture
Monitor your computers for unauthorized personnel access, devices (like USB drives), and software.

Picture
Investigate any unusual activities on your network or by your staff.

Picture
Check your network for unauthorized users or connections.


4. Respond
Have a plan for:
  • Notifying customers, employees, and others whose data may be at risk.
  • Keeping business operations up and running.
  • Reporting the attack to law enforcement and other authorities.
  • Investigating and containing an attack.
  • Updating your cybersecurity policy and plan with lessons learned.
  • Preparing for inadvertent events (like weather emergencies) that may put data at risk.
Test your plan regularly

5. Recover
After an attack:
Picture
​Repair and restore the equipment and parts of your network that were affected.

Picture
Keep employees and customers informed of your response and recovery activities.

NIST CSF Function Examples

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
<
>
​Identifying physical and software assets within the organization to establish the basis of an Asset Management program
Identifying the Business Environment the organization supports including the organization's role in the supply chain, and the organizations place in the critical infrastructure sector
Identifying cybersecurity policies established within the organization to define the Governance program as well as identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization
Identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities as a basis for the organizations Risk Assessment
Identifying a Risk Management Strategy for the organization including establishing risk tolerances
Identifying a Supply Chain Risk Management strategy including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks
Protections for Identity Management and Access Control within the organization including physical and remote access
Empowering staff within the organization through Awareness and Training including role based and privileged user training
Establishing Data Security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information
Implementing Information Protection Processes and Procedures to maintain and manage the protections of information systems and assets
Protecting organizational resources through Maintenance, including remote maintenance, activities
Managing Protective Technology to ensure the security and resilience of systems and assists are consistent with organizational policies, procedures, and agreements
Ensuring Anomalies and Events are detected, and their potential impact is understood
Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities
Maintaining Detection Processes to provide awareness of anomalous events
Ensuring Response Planning process are executed during and after an incident
Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate
Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents
Mitigation activities are performed to prevent expansion of an event and to resolve the incident
The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities
Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents
Implementing Improvements based on lessons learned and reviews of existing strategies
Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident
Security Services
2021 Key Trends
​Copyright © 2023 Ingram Micro.  All rights reserved.