NIST Cyber Security Framework

What is NIST Cyber Security Framework?

NIST Cyber Security Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. The Framework not only helps organizations understand their cybersecurity risks, but how to reduce these risks with customized measures. The Framework also helps them respond to and recover from cybersecurity incidents, prompting them to analyze root causes and consider how they can make improvements.

IoT device security controls by NIST Cyber Security Framework

In 2019 NIST published NISTIR 8228 (Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks) to help organizations better understand and manage the cybersecurity and privacy risks associated with their individual IoT devices throughout the devices’ lifecycles. Based on the potential mitigation challenges of IoT security risks and the implications of those challenges, they suggested that the implementations of some of the Cybersecurity Framework Subcategories need adjustments so the organizational policies and processes adequately address cybersecurity risk throughout the IoT device lifecycle. Two of the most important subcategories are:

• ID.AM-1: Physical devices and systems within the organization are inventoried
• ID.RA-1: Asset vulnerabilities are identified and documented

Challenges with the current asset and vulnerability management tools

There are various IoT device assets in enterprise networks that are associated with information and information processing facilities such as surveillance cameras, switches, IP phones, video conferencing systems, etc which according to the framework need to be accurately inventoried and their vulnerabilities must be obtained and managed in a timely fashion. The accurate way of doing this task for IoT devices is by correctly identifying the manufacturer, model and firmware version and then accurately mapping the CVEs to the vulnerable firmware versions installed on the devices. This also facilitates the detection of outdated assets or discontinued assets. However, the current widely used asset and vulnerability management solutions have very limited coverage for IoT devices. There are a very limited number of IoT devices which can be detected at the granularity of the firmware version by those solutions. As such the correct identification of vulnerabilities without detecting the firmware version is not possible. They also do not provide any information regarding the outdated devices or devices that reached their end-of-life.

How can Firmalyzer help?

Firmalyzer provides an IoT device discovery and vulnerability assessment solution (IoTVAS) that brings in-depth visibility into IoT devices and their vulnerabilities. The solution can successfully check the subcategories ID.AM-1 and ID.RA-1 by:

• Detecting devices maker, model and firmware version
• Accurately detecting device and firmware CVEs
• providing in-depth firmware level vulnerabilities and associated risk scores
• detecting discontinued devices
• detecting devices with outdated firmware

The solution is offered as SaaS and API. The IoTVAS API can be easily integrated with existing network and vulnerability scanning tools.
IoTVAS vulnerability detection engine is specifically built for enterprise IoT/connected device security and is based on our global-scale proprietary firmware vulnerability knowledgebase that is constantly growing and evolving automatically as our analysis engine automatically collects and processes new device firmware binaries on behalf of device manufacturers and consumers. Through this knowledgebase, our vulnerability detection engine gains in-depth visibility into the applications running on a target IoT/connected device, their vulnerabilities and associated risks. IoTVAS also keeps tracking vulnerable devices as they change IP addresses or move around the network.