NIST Framework : Guide for SaaS Security Compliance NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework assists businesses of all sizes in better understanding, managing, and mitigating cybersecurity risk, as well as protecting their networks and data. The Framework is entirely voluntary. It provides an outline of best practices for your business to help you decide where to focus your time and money for cybersecurity protection. The NIST Cybersecurity Framework (CSF) was first released in 2014 and was most recently updated in 2018. The framework enables organizations to improve the security and resilience of critical infrastructure with a well-planned and easy-to-use framework. The continuing growth in SaaS, and the major changes to the work environment due to COVID-19 bring new security challenges. Despite the fact that the CSF was written and updated during the rise of SaaS, it is still geared toward the classic legacy critical infrastructure security challenges. Organizations, on the other hand, can better respond to new risks by adapting the CSF to modern, SaaS-based work environments.
Overview of NIST CSF The NIST CSF lays out five functions of security, then splits them into categories and subcategories. The subcategories contain the actual controls. For each subcategory, the CSF includes a list of cross-references to well-known standards and frameworks such as ISO 27001, COBIT, NIST SP 800-53, and ANSI/ISA-62443. These cross-references help organizations implement the CSF and map it to other frameworks. For example, security managers or other team members can use the