The National Institute of Standards and Technology (NIST) cybersecurity framework (CSF) is a set of recommendations and processes that you can implement and follow to strengthen your organization's security posture against malicious attackers that also provides guidance on how to respond and recover from a security breach event.

The NIST CSF is considered a very high-standard risk management tool across the industry as it provides great value at any stage of your cybersecurity journey. The Risk360 service supports both versions of NIST CSF (1.1 and 2.0) in the Risk360 Admin Portal. You can use both versions of the framework to manage your organization's risk.

The NIST CSF is categorized into the following stages:

• Identify: Helps in defining how to identify the assets within your organization that require protection.
• Protect: Indicates misconfigurations and suggests appropriate reconfigurations to safeguard these assets.
• Detect: Implements security breach detection, alerting, and monitoring mechanisms.
• Respond: Suggests best practices on how to respond during an attack.
• Recover: Informs how to quickly recover with minimal impact to resume your organization's operations back normally.
• Govern: Informs and establishes the organization's risk management strategy, policy, and expectations while simultaneously monitoring them (applicable in NIST CSF 2.0).

Each stage helps you carry out the necessary processes and configurations to mitigate the chances and impacts of a cyber attack. The integration of the NIST CSF with Risk360 helps you achieve the preceding actions with in-depth insights.

To learn more, refer to the NIST CSF website.

Analyzing the NIST CSF Framework

The NIST CSF page (Frameworks > NIST CSF > v1.1 or v2.0) shows the NIST CSF framework with all the NIST control IDs and maps these IDs to your current Zscaler protections and provides you with a holistic, as well as in-depth analysis for each technique. The page also shows any misconfiguration of policies that are refraining you from covering a technique that can be reconfigured to strengthen your security stance.

Each tile shows the name of the technique and the NIST ID. When you click on a tile, it opens all the sub-techniques under it. The tiles highlighted in blue indicate that they are covered by Zscaler protection, and the green or red color at the right side of these tiles indicates whether the protection is configured correctly or not.

Overview

The Legend section provides the following overview:

• The pie chart shows the split between the number of techniques covered by Zscaler and those that are not. The center of the pie chart shows the total percentage coverage of the techniques.
• Configurations: This section shows the number of configurations or policies that are misconfigured and configured correctly for your organization.
• You can show or hide this section by using the arrow at the top right of this section.

Drawer View

Click on a technique or sub-technique to view the following information in a drawer view to the right side of the page:

Hover-Over View

Hover over a technique or sub-technique tile to view the following information:

• Whether the protections against these attack techniques are misconfigured or configured correctly and if Zscaler protects your organization against this attack technique.
• Zscaler Control: The Zscaler feature that is responsible for helping protect against these attack techniques.
• Related Risk360 Factors: The Risk360 Factors that are related to the attack.
• Licensed?: Whether or not you are subscribed to the Zscaler feature that protects against these attacks.
• Notes: Any notes that you added for the technique.