What is CSF, and do you need it?

Feb 4, 2021 | Blog, CSF, Cybersecurity

Over here at Duffy Compliance, we are all things security. But that doesn’t necessarily mean that you know many of the terms (or alphabet soup) that we throw around.

One term that has come up recently from some of our clients is “CSF,” formally known as NIST’s Cybersecurity Framework. CSF provides organizations a simple but effective methodology to better manage and reduce cybersecurity risk. The framework uses common language so that it can be easily understood by everyone, regardless their level of cybersecurity expertise.

The framework was originally created to protect critical industrial control systems (ICS) in the U.S., such as found in the water, electric, and energy industries. It was a framework separate from government security controls so organizations had a plan they could follow to help ensure all the security components were addressed in their infrastructure.

As the framework became better known in the industry, its guidance has been adopted by other industries. Smaller companies and organizations, including schools, can use CSF when they don’t have a security framework, or to supplement an existing risk management or cybersecurity program.

What makes the CSF so appealing is that it’s easy to follow, and helps an organization understand their current cybersecurity position, as well as identify missing or under-performing security controls. The aim is to guide an organization’s cybersecurity activities within the context of their own goals and objectives.

So why do you want to know anything about CSF? Because like it or not, cybersecurity is everyone’s responsibility, and threats to all of us are always persistent. You don’t need to be protecting classified information to need a robust cybersecurity program. Business and individuals alike can benefit from implementing sound cybersecurity practices both at work and at home. The Cybersecurity Framework can provide you the ability to bolster your cybersecurity posture. If you don’t have anything in place or if you’re not forced to follow another framework, CSF is a good option.

If you’d like to know more about how CSF can benefit your organization, or perhaps other turnkey solutions, please feel free to reach out to me or my staff.

Subscribe to Our Monthly Newsletter

Free education for cybersecurity.


Your personal information will not be shared and you are able to unsubscribe at any time.