The President’s New EO Gets the Gist of NIST

President Trump introduced his long-awaited Cybersecurity Executive Order last month. While some focused on its similarities to EO 13636 issued by the Obama administration more than four years earlier, we were more concerned with, and quite frankly, excited by, the fact that it (rightly) cast a renewed spotlight on the National Institute of Standards and Technology (NIST) Framework.

Developed in 2014, the NIST Framework “enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure.” According to NIST, “the Framework provides organization and structure to today’s multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively in industry today.”

Notably, the new EO takes a holistic approach to improving critical infrastructure by leveraging the risk assessment and risk management principles of the NIST Framework. Built around five core functions – Identify, Protect, Detect, Respond and Recover – the NIST Framework is designed to enable agencies to gain a better understanding of their risk profiles and what may be preventing them from implementing risk mitigation best practices.

As champions of NIST, Forum Systems welcomes this news. We believe it’s (finally) time for government organizations to adopt its foundational principles. For our part, we have adhered to NIST from the very beginning, architecting our flagship Forum Sentry API Gateway according to its core tenets.

Security in Mind and By Design

Unlike other products, security was the fundamental design concept of Forum Sentry. While others were focused on features or integration (and then retrofitted security capabilities later on), we built our award-winning API Security Gateway from the ground up as a NIST security device. Today, we’re proud to say that Forum Sentry is the industry’s only API Security Gateway to have achieved FIPS 140-2 Level 2 and NIAP NDPP certification for enabling secure connectivity between users, applications, and the cloud.

Here’s how NIST’s five Framework Core Functions map to Forum Sentry functionality:

  • Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities – e.g., an API strategy helps to define and map access points to systems, assets, and data.
  • Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services – e.g., an API Security Gateway delivers information assurance protection of API communications among systems, assets, and data.
  • Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event – e.g., an API Security Gateway features policy triggers for API payload anomaly detection.
  • Respond – Develop and implement the appropriate activities to take action regarding a detected cyber security event – e.g., an API Security Gateway’s event workflow capabilities for detecting anomalies include dashboard alerts, dynamic access restrictions (block/throttle), quarantine, auditing and big data analytics.
  • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security event – e.g., an API Security Gateway features dynamic access control for ensuring continuity of communications from sources that are not deemed vulnerable.

Next week, we’ll be showcasing Forum Sentry at the AFCEA Defensive Cyber Operations Symposium, taking place at the Baltimore Convention Center in Maryland. If you’ll be attending, please stop by booth # 247. We’ll be giving away handy postcards that detail Forum Sentry’s industry-leading certifications. Here’s an advance look:

FS Certifications

We hope to see you there!