Method Functional Safety

NIST Cybersecurity Framework

NIST Cybersecurity Framework

​The National Institute of Standards and Technology is a US governmental institution (part of the US Department of Commerce). The NIST Cybersecurity Framework was initially published in 2014 (v1.0) and updated in 2018 (v1.1, current).

The NIST Cybersecurity Framework was written to provided guidance to US Federal agencies and US operators of critical infrastructure on the management and reduction of cybersecurity risk within their organisations and is based on existing standards and guidance, notably the International Standard for Information Security (ISO 27001) and the International Standard series for Industrial communication networks - IT security for networks and systems (ISA/IEC 62443 series). While the origin of the framework is US-based it has seen widespread adoption, particularly in the financial and telecommunications business sectors.

The NIST Framework approach to cybersecurity is closely aligned with that taken by the EU Network and Information Systems (NIS) Directive (implemented in the UK as the NIS Regulations) for operators of essential services (OES) and digital service providers (DSP) with its 5 core cybersecurity functions of Identify, Protect, Detect, Respond and Recover being mirrored in the NIS Regulations requirements for Managing security risks, Protecting against cyber attack, Detecting cybersecurity events and Minimising the impact of cybersecurity incidents. The NIS Regulations objectives are supported by the UK National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) document.

Method Cyber Security Limited are well versed in current International Standards and best-practice guidance but advise the use of the National Cyber Security Centre Cyber Assessment Framework as the de facto UK standard for security assessment.


Title: NIST Cybersecurity Framework
Date: 2021-06-24
Published by: Method Cyber Security

[More Cyber Security news]

Free Seminar: Don't buy OT Cyber Security vulnerabilities

Method Cyber Security will be discussing Supply Chain Risks at the FREE CPD Seminar in April.


IChemE approved OT Cyber Security training course

The =Method Cyber Security Risk Management training course is approved by the IChemE.


NEW Live Online Introduction to OT Cyber Security Training Course

​ =Method has introduced a new 1-day Introduction to OT Cyber Security Training course.


If a system isn't Cybersecure, you can't rely on it to be safe

Throughout the operational life of a process plant controls and safety systems are designed and implemented to perform reliably, consistently and predictably but if a system isn't secure, you can't rely on it to be safe.


If it is not (cyber) secure, it is not safe - Mike StJohn-Green, CEng FIET, Technical Director, Method Cyber Security

The first reported cyber-attack on a Safety Integrated System demonstrates that systems important to safety need cyber security measures to avoid their safety arguments being invalidated. But there is a broader justification: cyber security risks arise as a direct result of the nature of networked digital technology, which renders existing safety analysis inadequate to mitigate those risks.


OT and IT Cyber Security combined training discount

Method is encouraging IT and OT Cyber Security teams to develop a common understanding of Cyber Security issues.


If It Is Not (Cyber) Secure, It Is Not Safe

Mike StJohn-Green and Dil Wetherill are presenting a paper on Cyber Security at Hazards 29.


What is the relationship between IT and OT Cyber Security?

The effective management of Cyber Security for Industrial Control systems requires cooperation between an organisations IT and OT functions.


What happens when you connect OT to IT Corporate Networks?

Organisations are connecting Operational Technology (ICS / IACS / Scada, PLCs, DCS) to corporate networks for good business reasons but this can expose legacy technologies to malicious attack from the internet.


E: T: 44 (0)1462 713313. W:

LinkedinMethod Functional Safety member of InstMC

Functional Safety + Process Safety + Cyber Security + Compliance Assessment + Competency Register + Software Solutions = Method Safety and Security

Address: Method Cyber Security Ltd. Method House, Davis Crescent, Hitchin, SG5 3RB
Phone: +44 (0)1462 713313 Email: Website:

Terms and Conditions | Privacy Policy. Registered In England 08453480. VAT No. GB 96 3453 69. Site © Copyright Method Cyber SecurityLtd 2024