Blog Events federal government

Getting the NIST of Conversations Surrounding The First Half of 2024

2024 has proven to be a busy year for the National Institute of Standards and Technology (NIST). They introduced new initiatives, such as the 2.0 version of their Cybersecurity Framework, and had a heavy presence at recent events and global conferences from RSAC to AFCEA TechNet Baltimore. In this article, we recap some of the most important discussions, regulations, and initiatives surrounding the agency.

NIST Cybersecurity Framework (CSF) 2.0

In February, NIST introduced updated guidance to their Cybersecurity Framework to provide additional direction to all organizations in managing cybersecurity risks. Key updates from NIST included features highlighting the importance of governance and supply chains. The Cybersecurity Framework Core of NIST CSF 2.0 involves six functions intended to align with those managing their organization’s risk framework:

  • Govern (GV) – NIST created a CSF Govern Function (GV) specifically designed to incentivize planning in organizations to manage privacy, supply chain, AI, Internet of Things (IoT), and operational technology (OT) risks. The Govern function looks to provide context and oversight to these organizations facing these threats. DomainTools SOAR integrations can help map to these functions by using leading domain intelligence for targeted action to remediate prioritized events.
  • Identify (ID) – The Identify function enables risk management strategies, including identifying how policies, plans, processes, procedures, and practices can support the cybersecurity risk management efforts mentioned in the GV function. The DomainTools Risk Score can accelerate adherence to this function by predicting how likely a domain is to be malicious; enabling a prioritization risk governance strategy. Discovering connected domains and tying them together would not be possible without connected-domain data and the additional context provided by Domain Risk Scoring helps increase confidence on whether a domain is malicious.
  • Protect (PR) – The Protect function is a safeguard to support asset security while preventing or lowering the chance or impact of a cybersecurity incident. This function also seeks to cover outcomes related to identity management, authentication, access control, awareness and training, data security, and platform security.  
  • Detect (DE) – The Detect function seeks to enable timely discovery and analysis of indicators of compromise (IOCs) and other potentially adverse events that hint at the threat of cybersecurity attacks. Iris Detect or Newly Observed Domains or Newly Observed Hostnames to identify domains that spoof particular keywords such as the organization’s name, or its close associates or vendors, to flag risky infrastructure before it is weaponized (i.e. before it has a chance to appear in the protected environment).
  • Respond (RS) – The Respond function covers support for actions relating to containing cybersecurity incidents through management, analysis, mitigation, reporting, and communication. When identifying an incident using any of the functions above, there are several options security teams can take to adhere to the RS function. Looking at responses to domain-related incidents in Iris Investigate, this could include:
    • Setting a recurring query with the Iris Investigate API
    • Creating alerts for any traffic from the protected environment to any of the domains
    • Creating blocking rules for the domains and/or the IP addresses associated with them
    • Sharing the domains and/or IP addresses with a trust group and/or law enforcement
  • Recover (RC) – The Recover function is an essential contribution that covers the restoration of all assets and operations impacted by a cybersecurity incident. A key in this stage that is emphasized by NIST is the enablement of appropriate communication during recovery efforts. Organizations and individuals are advised to regularly back up their data on an external drive that is secured and offline. This can at least take some of the urgency out of the incident response process and leave less in need of recovery.

NIST at RSAC

It’s no surprise that NIST made its presence felt at the largest cybersecurity conference in the world, RSAC. I had the opportunity to attend an incredible session that showcased how the standards and initiatives of this agency were put into practice to unite two segments that often find themselves at odds with each other in most organizations.

“How Sworn Enemies Found a Truce (Sort of) to Achieve NIST Compliance” took a look through the lens of a SaaS company that took NIST initiatives for 3rd party compliance for NIST 800-53 and NIST 800-171 into a step-by-step process that focuses on building understanding between engineering and security teams.

  • Pick a framework
  • Determine the requirements
  • Commit to a plan
  • Determine the Gaps
  • Audit

Jonall Cobble and Jason Luce did a fantastic job of representing both perspectives and driving a message that empathy is essential to bridging the gap between security and engineering. Just like there are love languages, there are also work languages: figure out what language works with your prospects and speak to them in a way that resonates. View the slides for the full presentation here or if you have an RSAC pass, login to watch the session on demand.

NIST at TechNet Cyber

If you’re attending TechNet Cyber 2024 in Baltimore this year, look out for “SIGNAL Innovation Showcase: Navigating the Risks: Strengthening DoD Supply Chains Against AI-Induced Vulnerabilities.” Jeremy Newberry, Cybersecurity Solutions Architect at Merlin Cyber, will dive into the rapid integration of Artificial Intelligence (AI) and related technologies in the Department of Defense (DoD) and how to pivot robust remediation strategies that will adhere to stringent NIST frameworks and tailor to the needs of the defense sector.

Meet DomainTools Federal at AFCEA TechNet Cyber

DomainTools Federal will also be at AFCEA TechNet Cyber, so please visit us at booth #2973 or schedule a conversation to discuss mapping toward NIST compliance. We’ll see you soon in Baltimore!