The NIST





     Cybersecurity




     Framework







     In the Fall of 2018, the newly formed IT Security
     Department chose to follow the NIST (National Institute
     of Standards and Technology - created under the United
     States Commerce Department) framework.  The Framework
     is to assist us to be better prepared in identifying, detecting, and
     responding to cyber-attacks. It also includes guidelines on how to prevent
     and recover from an attack.

     Using the Framework, it will help the District to better understand, manage,
     and reduce its cybersecurity risks.  It will assist us in determining which
     activities are most important to assure critical operations and service
     delivery.  In turn, this will help to prioritize investments and maximize the
     impact of each dollar spent on cybersecurity.

     By following this framework, we can use this as a best practice in improving
     our District-wide computer security.

     There are five parts:

     1.  Identify - “Develop the organizational understanding to manage
        cybersecurity risk to systems, assets, data, and capabilities.
     2.  Protect - “Develop and implement the appropriate safeguards to
        ensure delivery of critical infrastructure services.”

     3.  Detect - “Develop and implement the appropriate activities to identify
        the occurrence of a cybersecurity event.”

     4.  Respond – “Develop and implement the appropriate activities to take
        action regarding a detected cybersecurity event.”

     5.  Recover -”Develop and implement the appropriate activities to
        maintain plans for resilience and to restore any capabilities or
        services that were impaired due to a cybersecurity event.”


                                                                                                                 Page 11