Cavirin Adds the NIST Cybersecurity Framework to its Hybrid Cloud Security Assessment and Remediation Platform

October 6, 2017 Off By David
Grazed from Cavirin Systems

Cavirin Systems, Inc. offers continuous security assessment and remediation for hybrid clouds, containers, and data centers, via the most comprehensive curated library of industry guidelines, control frameworks, and best practices.

Cavirin today announced support for the NIST Cybersecurity Framework on its Hybrid Cloud Security Platform. The Framework outlines the best risk management practices and principles that organizations should apply to improve the security and resilience of their critical infrastructures. It helps organizations avoid the failures in processes and policies that are the source of many of today’s breaches. To create this guidance, the NIST Framework leverages current standards and guidelines, such as ISO, COBIT, CIS, and other NIST documents.

Cavirin unifies and automates continuous cybersecurity risk management for hybrid infrastructures prevalent in the enterprise. Cavirin’s customers can select the NIST Cybersecurity Framework as one of the Platform’s many control frameworks for assessing their infrastructure against the framework requirements, prioritizing and remediating any open issues found, thereby enhancing their security and risk posture. Cavirin’s security team has analyzed this draft NIST document and translated the guidance into a set of technical controls that help organizations automatically align to the document’s recommendations. A detailed description of Cavirin’s NIST support is available on the NIST Industry Resources page. Cavirin’s NIST Framework primer is here.

The Cybersecurity Framework was published in February 2014 following a collaborative process involving industry, academic, and government agencies, as directed by a presidential executive order. The 2017 draft Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 incorporates feedback since the release of framework version 1.0, and integrates comments from the December 2015 Request for Information as well as comments from attendees at the Cybersecurity Framework Workshop 2016 held at the NIST campus in Gaithersburg, Maryland.

"NIST is a comprehensive cybersecurity-based control framework that integrates various security technologies and mechanisms into an integrated framework," said Pravin Goyal, Cavirin Director of Information Security and Compliance Engineering. "Given our expertise in cybersecurity, we have interpreted the framework and translated it into a set of automated controls that are easy to implement and automate for any sized business. This is a huge win for any business that is looking to implement the NIST Cybersecurity Framework to holistically manage its cybersecurity risk."

Cavirin already supports the following NIST standards:

  • NIST 800-53r4 – Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST 800-171 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations