Simplify Adoption and Reducing Complexity
If your organization requires availability is the top priority start with a Continguency Plan (CP)
Align with business objectives
Step 2. Focus on primary controls as the foundations and limit your initial custom framework. Save time on creating detailed and custom controls such as testing, automation and extensive documentation.
Step 3. Implement NIST 800-171 covers approximately 80% with 20% meaning with fraction of the effort it will greatly improve security
Step 4. 5 NIST CSF Phases
-Identify risk to system,data and other assets must be able to effectively prioritize your focus
Fully understand governance and carry out accurate risk assessments
-Protect critical infrastructure / limit access to assets, train employees, securing and validating data integrity, implement protective procedures and systems and scheduling maintenance.
-Detect cybersecurity events that could be attacked
-Flag anomalies monitoring traffic
-identity suspicious behaviour
-Signatures, IDS tool
-Respond when detected, Response plan, Communication protocol (who to call) Fixed timeline
**after the response it should be analyzed and apply lessons learned
-Recovery the vital services and capabilities of the organization have a solid recovery plan constantly evolving approach strong communication
Step 5. Adopt a team sport
Cybersecurity Framework for the cloud
The NIST Cybersecurity Framework (CSF). This, in turn, makes the management of security more streamlined and easier to affect, and enables better information sharing.
For example, the document “Using Microsoft Azure to Enables NIST CSF Compliance: Recover Function” outlines specific guidance related to using the Azure platform to accomplish recovery goals. Presented in a more narrative format compared to the report from Amazon, the document likewise outlines features available on the Azure platform that support the intent of the CSF.
Microsoft’s documentation also discusses areas of shared responsibility between the customer and the service provider, which are areas where customers need to take action to accomplish their goals. These documents, available via the Documents section of the Microsoft Service Trust Portal, include an independent attestation from Kratos Defense of Azure’s alignment with the NIST CSF.