In May of 2017, President Trump issued an Executive Order for “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” which hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises.
Two key provisions of the executive order included:
- Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk.
- Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.
NIST Cybersecurity Framework Workforce Development & Certification
In partnership with itSM Solutions LLC and UMass Lowell, a NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R), New Horizons is proud to offer a new cybersecurity workforce development program based on the NIST Cybersecurity Framework (NCSF). This innovative, cybersecurity workforce development program is built around an NCSF Controls Factory™ model created by Larry Wilson, the CISO in the university President’s office. The itSM/UMass program teaches individuals and organizations the knowledge, skills and abilities to engineer, instrument, test, maintain, and continually improve an NCSF program.
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) nominee for Executive of the Year for North America, 2013
- ISE North America Project Award Winner I for the Academic and Public Sector Category, 2013
5 Practices of the NIST Cybersecurity Framework
In 2013, the U.S. National Institute of Standards and Technology (NIST) formulated a set of principles known colloquially known as the NIST Cybersecurity Framework. There are five main practices emphasized throughout this documentation, which has become a popular frame of reference for both the public and private sectors:
- Identify: Can the organization understand possible risks to its data, governance processes and IT systems?
- Protect: Are measures such as access controls and adequate training programs in place to defend against common threats?
- Detect: Is it easy to flag anomalies and unusual events via solutions such as continuous monitoring software?
- Respond: What procedures are in place for analyzing, mitigating and communicating about a security event?
- Recover: How resilient are the organization's operations and what could be done to the improve them?
The National Institute of Standards and Technology (NIST), the technical standards agency, has recently released the widely-referenced Cybersecurity Framework (version 1.1), incorporating input from industry and other stakeholders.
The Framework Now Includes:
- A new section on correlating cybersecurity risk management metrics to organizational objectives
- Expanded guidance for mitigating supply chain cyber risk, and underscores this new component by adding a Supply Chain Risk Management Category to the Framework Core
- Addresses vulnerability disclosures
- Refined language on authentication, identification, and authorization
- Treatment of the risks inherent in the Internet of Things (IoT), in addition to critical infrastructure.
Benefits of NIST Cybersecurity Framework (NCSF) Certification
All programs come with a certificate of completion and continuing education credits, such as PDU and CEUs. Candidates who successfully complete the certifications and meet university requirements may transfer credits and enroll in one of UMass Lowell’s master’s degree programs in information technology, such as network security or cybersecurity.
Get started today by reviewing the NCSF Certification levels and requirements below:
The NCSF Foundation Certification Course
This course outlines current cybersecurity challenges and explains how organizations that implement an NCSF program can mitigate these risks. This program is focused on candidates who need a basic understanding of the NCSF to perform their daily jobs as executives, accountants, lawyers or information technology professionals.
View the NCSF Foundation Certification Course Outline
The NCSF Practitioner Certification Course
This program is focused on candidates who need a detailed understanding of the NCSF to perform their daily roles as cybersecurity engineers, testers or operations professionals.
View the NCSF Practitioner Certification Course Outline