Anyone managing Cybersecurity
Click here to access the templates
In February 2013, executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity directed the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
Created through collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
Click image to enlarge
Read more about why you should implement the NIST Cybersecurity framework here.
Here are the key benefits of the RequirementONE Compliance Solution.
Through being neutral, broadly applicable, vetted by industry, and engaging to stakeholders, the Framework can reduce time and expense of starting an information security program and also reduce risk within current programs by identifying areas for improvement.
The Framework creates a common language for the discussion of cybersecurity issues that can facilitate internal and external collaboration.
The Framework may become the standard for cybersecurity. Organizations that adopt the Framework at the highest possible risk-tolerance level may be better positioned to comply with future cybersecurity and privacy regulations.
Mapping Controls and Policies
Individual controls and policies may apply to numerous frameworks. These can be maintained as an interlinked set of procedures to avoid duplication of effort.
A Single Point of Truth
Each compliance element is stored as a record and can be updated, commented, controlled and audited individually. Data is accessible to all stakeholders with no version control issues.
All links and interfaces can be defined and maintained showing dependencies between various policies.
Track the progress of compliance projects. In-line analytics highlight gaps in compliance, traceability of changes and status of compliance efforts.
Internal and External audit teams benefit from a specialized interface with full visibility to review and evaluate procedures.
Typical Use Cases
Here is a typical, but not exhaustive, list of roles and associated use cases that would interact with this solution.
|Internal/ external auditor||
These apps and templates are used for the solution.
- Select an existing, or create a new project
- Click on the Solution Store, and select the NIST Cybersecurity Framework template(s)
- Once you have the templates, add your custom data.
The NIST Cybersecurity framework has links to the following:
- COBIT 5
- CCS CSC
- ANSI/ISA-62443-2-1 and -3-3
- ISO/IEC 27001
- NIST SP 800-53
These links are included as notes.
You may also like the NIST guide to Cybersecurity for Small Businesses.
- NIST guide to Cybersecurity for Small Businesses
- Wikipedia definition of Regulatory Compliance
- Compliance Solution Website
- Operationalize Compliance with RequirementONE
- All NIST Solution Templates in the Solution Store
- Why implement the NIST Cybersecurity framework
Questions or Comments?
Respond to this post if you want to comment on the template or ask the author a question.