NIST-Based Cybersecurity Resilience Assessment

Addressing Cybersecurity Risk for Critical Sectors

According the US Department of Homeland Security, the national and economic security of the United States depends on the reliable functioning of its critical infrastructure, which includes the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, or national public health or safety.

To better address cybersecurity risk across all critical infrastructure sectors, Presidential Executive Order 13636, called for the development of a voluntary risk-based Cybersecurity Framework. The National Institute of Standards and Technology (NIST) was chosen to design the Cybersecurity Framework.

Sage’s Collaborative Approach

The NIST Framework for Improving Critical Infrastructure Cybersecurity uses business drivers to guide control activities. The framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improve security and business resilience.

The Framework Core consists of five concurrent and continuous process-driven security domains:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

Sage’s NIST Cybersecurity Resilience Assessment is designed to provide organizational context for cybersecurity risk and the processes in place to manage that risk. The outcome of the assessment will include identified gaps against the framework’s objectives, the cybersecurity risk posed by those gaps, as well as a roadmap to close those gaps in order to increase maturity in each of the framework’s five functional areas.

Reports and Recommendations

The outcome of the Sage’s NIST Cybersecurity Resilience Assessment includes:

  • Documentation of cybersecurity controls.
  • Assessment of the maturity (tier) of the organization’s information security/cybersecurity program. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe an increasing degree of rigor and sophistication in cybersecurity management practices.
  • Gaps are identified for each tier with recommendations for increasing cybersecurity maturity.


The Sage Cybersecurity Lifecycle

The Sage Data Security Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More