The NIST Cybersecurity Framework: Security Checklist And Best Practices

Emily Heaslip
July 16, 2021
The NIST Cybersecurity Framework: Security Checklist And Best PracticesThe NIST Cybersecurity Framework: Security Checklist And Best Practices
Emily Heaslip
July 16, 2021
On this page

The National Institute of Standards and Technology (NIST) is part of the US Department of Commerce and was founded in 1901. NIST was originally established to help the U.S. industry become more competitive with economic rivals and peers, such as the UK and Germany. NIST prioritizes developing measurements, metrics, and standards for technology used in different industries. 

NIST is a non-regulatory agency, and as a result, NIST compliance is not mandatory. However, NIST works with many commercial sectors and government agencies to create policies and standards that will benefit technology development. The NIST cybersecurity framework is considered standard best practice for many in the industry. It’s estimated that more than 30% of U.S. companies use the NIST Cybersecurity Framework as their standard for data protection. 

This guide breaks down the NIST cybersecurity framework, best practices, and a high-level checklist to implement NIST recommendations at your enterprise.

What's the purpose of a cybersecurity framework?

Before discussing NIST, it makes sense to first evaluate what the purpose of a cybersecurity framework is. In many cases security practitioners use frameworks like the NIST cybersecurity framework as a template of sorts to inform how their security program should be structured. Here's cybersecurity industry veteran Ty Sbano talking about the role NIST has played for him.

What is the NIST cybersecurity framework?

The NIST cybersecurity framework was created in collaboration between industry leaders and the government. It contains standards, guidelines, and best practices to protect critical IT infrastructure. The approach emphasizes flexibility, cost-effectiveness, and practices that are iterative. 

“The NIST Cybersecurity Framework gives your company a set of guidelines that are easily prioritized and customizable to best suit the needs of your organization,” wrote FTP Today. “It can help your organizational leadership and your employees understand the risks of cybersecurity threats and determine the actions you should take to ensure you’re not susceptible to these risks.”

There are three main components to the framework: the Core, Implementation Tiers, and Profiles. 

  • Core: helps organizations manage and reduce security risks with emphasis on working with existing cybersecurity and risk management strategies and tools. 
  • Implementation Tiers: help organizations discern the right level of “rigor” needed for their cybersecurity program. For instance, organizations regulated by HIPAA will have different standards than those not. 
  • Profiles: help organizations identify and prioritize opportunities for improving cybersecurity.

Usually, when people talk about the NIST cybersecurity framework, they’re referring to the Framework Core:

Image Source

NIST security standards: The Core

The Core of the framework consists of five functions: Identify, Protect, Detect, Respond, Recover. These NIST security best practices make up the lifecycle for managing cybersecurity. 


The first step in the NIST framework is to identify all critical software solutions and systems that need protection. This step brings transparency to what tools, platforms, and solutions are utilized at your organization and helps lay out steps to protect critical systems first. In this phase, some activities include: 

  • Identifying important assets and processes; 
  • Documenting information flows; 
  • Creating and updating an inventory of hardware and software; 
  • Establishing roles, responsibilities, and policies for security; 
  • Identifying vulnerabilities, threats, and risks 

Understand what you need to protect, the threat landscape, and begin developing a strategy that prioritizes business-critical infrastructure. 


Next, the organization should take steps to reduce the number of attacks, incursions, or leaks that could happen, as well as to limit the damage that could occur in the event of a successful hack. Develop and implement safeguards to ensure that your business is prepared (and has a plan to respond if these safeguards fail). Some activities include: 

Some best practices recommended by NIST overlap with HIPAA and other security regimes. Make sure you understand what your compliance responsibilities are while implementing security protections.


Despite best efforts, you may still have to remedy a security incident, whether it’s a zero-day exploit or some other vulnerability. It’s important to be constantly monitoring your system for a data security breach. In 2016, more than 25% of data breaches were undiscovered for more than a month; 10% of breaches went undetected for more than an entire year. Here are some ways you detect an issue: 

  • Implement cloud DLP with machine learning 
  • Maintain and monitor logs to identify anomalies
  • Stress-test your security system 
  • Monitor industry trends and keep up to date with best practices

Nightfall AI is integral to detecting an issue. Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data in the cloud by integrating directly on the API level. We leverage machine learning to scan data and its surrounding context, covering both structured and unstructured data with high levels of accuracy. Nightfall has over 150+ detectors that can scan over 100+ file types to identify instances of improper data sharing. Nightfall can then redact, quarantine, and delete text, strings, messages, or files containing sensitive tokens.


The fourth phase, respond, covers the processes and guidelines that a company will follow in the event of a cyber attack. While it can be hard to predict a response when the type of attack is unknown, having protocols in place makes it easier to minimize damage and assign responsibilities in an emergency. Activities in this phase will include: 

  • Testing response plans
  • Keeping response plans up to date
  • Coordinating with stakeholders to ensure everyone is on board

Good communication is a critical part of the respond phase. 


Finally, recover is a phase that plans for business continuity. What steps will your company take in the aftermath of a cybersecurity attack? Planning in this phase include things like: 

  • Communicating with stakeholders
  • Keeping recovery plans up to date
  • Developing an approach for external communication and reputation management.

[Read more: Business Continuity: How to Plan for the Worst

NIST security checklist

The Framework is designed to be used by businesses of all sizes in virtually every industry. That said, one company’s approach to implementing the Core Framework will look different from another company’s approach. Nevertheless, this NIST security checklist can ensure you’re implementing the Core best practices. 

  • Do you have a clear understanding of your critical IT processes and assets?
  • Do you have tools and processes for user identity access management? 
  • Do you have network, endpoint, and cloud DLP solutions in place? 
  • Do you have a strong password policy? 
  • Do you encrypt data and perform regular backups?
  • Are your employees trained to recognize phishing attempts? 
  • Do you regularly test your system for vulnerabilities?
  • Do you have a business continuity plan? 
  • Are you regularly updating your NIST framework to respond to the changing threat landscape? 

Learn more about how Nightfall can keep your data secure by scheduling a demo at the link below.

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo