Blogs & Resources

Theom delivers on NIST CSF Outcomes for enterprises!

Supreeth Rao

The National Institute of Standards and Technology (NIST) has long been the standard-bearer for the official federal government information security risk management frameworks. NIST publishes and manages the Cybersecurity Framework (CSF), enabling organizations of all sizes to discuss, address, and manage cybersecurity risks.  The framework references existing best practices through its Core functions:

  • Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
  • Protect – Develop and implement appropriate safeguards to ensure delivery of critical services
  • Detect – Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
  • Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
  • Recover – Develop and implement appropriate activities to maintain resilience plans and restore any capabilities or services that were impaired due to a cybersecurity incident.

Theom is working with multiple enterprises to deliver NIST CSF outcomes. ​​Theom is a fully-managed cloud security platform that discovers, monitors, and secures sensitive data in cloud environments across multiple Cloud Service Providers (CSPs, e.g., AWS) and Database-as-a-Service (DBaaS, e.g., Snowflake) vendors. Engineered to deploy quickly (under 1 hour for AWS), Theom delivers immediate value to businesses of any size by uncovering cloud data risks in real-time and providing remedial actions to protect against ransomware, data breaches, and accidental data loss.

Theom automatically discovers all the enterprise's cloud data stores, including the data stores’ content. Theom continuously monitors security and compliance risk while improving and communicating the cloud data security posture and compliance status. Theom estimates the financial value of every data store to the enterprise so that the impact of every risk to the business and the corresponding remediation can be quantified. The approach that Theom has taken toward cloud data security is in complete sync with the core functions and practices of the NIST CSF.

Theom empowers enterprise users to store, access, and leverage data with guardrails that don't interfere with business agility and operations. Theom harmonizes infrastructure and security controls across data stores, abstracting the complexity of dealing with best practices across data store technologies. Additionally, Theom delivers data security with no data leaving the customer's environment.

The NIST CSF Profiles and Tiers work with the Core to drive a simple yet effective cybersecurity risk management process that can plug into existing governance and risk management processes.

Notional Information and Decision Flows within an Organization

The Core comprises four elements, as depicted in Figure 1: 

  • Functions organize basic cybersecurity activities at their highest level. 
  • Categories are the subdivisions of a Function into groups of cybersecurity outcomes closely tied to programmatic needs and activities. 
  • Subcategories further divide a Category into specific outcomes of technical or management activities. They provide a set of results that, while not exhaustive, help support the achievement of each category's outcomes.  
  • Informative References are specific sections of standards, guidelines, and practices common among critical infrastructure sectors that illustrate a method to achieve the outcomes associated with each Subcategory.

Driving NIST CSF outcomes with Theom

The table below maps Theom’s capabilities to the NIST CSF outcomes.

To learn more about how Theom’s cloud data security solution can help your organization align with the NIST CSF, book a time to meet with one of our experts.