Key Takeaways from NIST’s Updated Guidance for Reducing Cybersecurity Risks

The National Institute of Standards and Technology recently published its updated guidance for reducing cybersecurity risks in supply chains. The update was in response to an executive order by President Joe Biden to improve cybersecurity in the United States. 

  

The updated guidance is directed at government agencies but can be applied to all organizations. Unfortunately, it is a very long, 326-page document. So, if you do not want to read through it, you can read about some key takeaways here. 

  

Read Appendix A – Here’s where we can help 

Even if you do not want to read the entire document, you should take the time to read Appendix A. Here you will find the guideline’s extensive list of security controls, which include safeguards and countermeasures. This section received the highest number of edits from the previous iteration.  This updated list will directly drive updated compliance requirements that we can help you understand and meet.    

 

Automation Is Essential 

NIST is trying to move cybersecurity towards complete automation. Most of their guidelines outline the importance of businesses automating their risk management workflow.  

  

Supply Chains Are at Risk 

Another emphasis in the updated guidance was the risk supply chains face. In a global marketplace, different components for a single product are produced by different organizations around the world. A cybersecurity issue with any of those organizations could cause problems for the entire supply chain. As a result, supply chains need to operate with the same cybersecurity plan. 

  

Customization Is Crucial – We can help here too! 

NIST also emphasizes the importance of customization. All agencies are different, and as a result, they cannot operate identically. Organizations are encouraged to adapt NIST guidelines to fit their business model. 

  

Prioritization Is Key 

Unfortunately, it is impossible to protect every aspect of an organization equally. So, businesses are encouraged to prioritize their high-value assets. To properly prioritize, organizations can use risk prioritization tools to assess which aspects of their business are exposed to the highest risk. 

 

Contact GSec with Any Questions 

If you have any questions, please do not hesitate to contact us. The list of controls can be daunting, that’s why you hire an expert. We will be more than happy to help! 

 

By: Alex O’Reilly 

 

Sources: https://securityintelligence.com/articles/nist-supply-chain-guidelines-ten-takeaways/ 

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf 

 

InformationAmanda AdamsComment