Implementing the NIST Cybersecurity Framework with PAM
The NIST Cybersecurity Framework helps organizations develop and implement a cost-effective cybersecurity strategy that is aligned with their unique goals. The National Institute of Standards and Technology (NIST) publishes the Framework for Improving Critical Infrastructure Cybersecurity, which includes:
- Industry standards & best practices
- A core set of guidelines
- Tiers to help organizations understand their current state of security
- Recommendations to achieve a satisfactory cybersecurity profile
Implementing an effective strategy across an organization can be challenging. However, privileged access management (PAM) is a practical solution that can significantly speed up the implementation process.
The NIST Cybersecurity Framework is adaptable to an organization’s unique needs, assisting them in the planning and implementation of an organization-wide strategy.
Understanding the NIST Cybersecurity Framework
Overview
The NIST Cybersecurity Framework can be adapted to suit an organization’s specific needs. The overarching goal is the planning and implementation of an organization-wide cybersecurity strategy.
Profiles
Enterprises must understand their Framework profile to align cybersecurity activities with business requirements, resources, and risk tolerances. Understanding your profile can help identify opportunities for improvements in your cybersecurity posture.
Tiers
The Framework tiers are a rating system to help organizations understand how they are currently managing cybersecurity risk and improve these processes. There are four tiers that range from informal processes to advanced formal processes:
- Tier 1 – Partial: This includes companies that may have some informal cybersecurity processes or practices in place. This leads to a limited awareness of risk and results in a disjointed cybersecurity infrastructure. Organizations in tier 1 may take security seriously but just don’t have the high-level of sophistication and coordination needed to support a successful cybersecurity strategy.
- Tier 2 – Risk-Informed: Tier 2 organizations have risk management processes approved by upper management while the IT management is decentralized, making it difficult implement the approved processes organization-wide.
- Tier 3 – Repeatable: Organizations in tier 3 have an established cybersecurity strategy implemented organization-wide. Policies and procedures are well-defined and can be repeated as needed based on security issues. As the organization grows, these repeatable processes can be implemented in new business units. In addition, organizations have tools in place to monitor compliance and the success of their strategies.
- Tier 4 – Adaptive: Tier 4 organizations can adapt security policies and practices based on lessons learned and predictive indicators. Security analysts can investigate recent incidents and newly revealed vulnerabilities to adapt organization-wide policies in remediation. With access to predictive indicators, they can proactively anticipate future threats and devise countermeasures.
The Framework Tiers help organizations understand how they are currently managing their cybersecurity risk.
Cores
The NIST Cybersecurity Framework Cores help organizations develop a robust and comprehensive cybersecurity posture.
The Framework includes dozens of guidelines, but breaks them down into five “cores” that reflect the basic cycle of cyber defense:
- Identify: The first core is intended to help organizations develop an understanding of how to best manage cybersecurity risk with a focus on prioritizing and aligning efforts with business needs.
- Protect: Next, organizations must do what they can to prevent attacks in the first place. The protect core ensures the delivery of critical infrastructure services using appropriate safeguards to limit or contain the impact of an attack.
- Detect: If an attack occurs, organizations must quickly identify an incident and discover related data. This step often utilizes multiple systems like firewalls, Intrusion Detection Systems (IDSs), and Security Information and Event Management (SIEM) Systems.
- Respond: Organizations must be able to act quickly in the event of a security incident, ensuring quick containment to reduce business impacts.
- Recover: Lastly, organizations need to restore capabilities and services that were impaired and return to normal operations as quickly as possible.
PAM and the NIST Cybersecurity Framework
PAM provides organizations with comprehensive oversight of security within their organization. PAM can be implemented to indirectly support numerous aspects of the Framework. It can also be utilized to directly support the “protect” core of the Framework.
PAM is a cost-effective way to implement key aspects of the NIST Cybersecurity Framework.
The “protect” core is described in the Framework as:
“Identity Management and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access.”
PAM supports the following sub-categories:
| Sub-Category | Role of PAM in its implementation |
| PR.AC-1: Identities and credentials are issued, managed, revoked, and audited for authorized devices, users, and processes | PAM relies on identity management, either through its own identity store or by federation with identity management systems. For privileged accounts, PAM provides the controls recommended here, including issuing, managing, and revoking credentials and access. |
| PR.AC-3: Remote access is managed | A PAM solution can manage remote access by privileged users through access control and session monitoring. Some of the most serious cybersecurity risks come from malicious actors who impersonate privileged users and try to gain back-end access remotely. PAM mitigates this risk and helps enforce PR.AC-3 as it relates to administrative access. |
| PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties | The Discovery module of the WALLIX PAM solution can help administrators identify and detect existing vulnerabilities in privileged accounts and access, making it the first steps towards network visibility and control. A PAM solution also gives security managers a centralized interface to visualize privileges and organizational relationships that comprise separation of duties. It enables super-admins to grant and revoke privileges as people come and go, and the organization changes shape over time. |
| PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate | PAM is relevant to network integrity from the point of view of configuration management and user account management. If a malicious actor can get access to network administrative interfaces, he or she can cause extensive damage by exposing network segments to unauthorized external access. The malicious actor could also disrupt the organization by blocking regular network access through hacking and modification of network user accounts. PAM protects network integrity through reinforced password policies and practices, session monitoring, and access control. |
| PR.AC-6: Identities are proofed and bound to credentials, and asserted in interactions when appropriate | Identity verification and security assertions feed into PAM. PR.AC-6 covers all user identities, including privileged users. |
Download the complete whitepaper to learn how PAM can directly benefit the “Protect” core of the of Framework.
Interested in learning more about the WALLIX Bastion Solution? Contact us.
