NIST Cybersecurity Framework
NIST Cybersecurity Framework
Framework for Improving Critical Infrastructure Cybersecurity
Cyber Risk Management + Assessment Services
Initially intended to improve the safety of critical infrastructure, the NIST Cybersecurity Framework has seen wide adoption across many industries and countries. The 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure calls on federal government agencies to use the guidance in the NIST Cybersecurity Framework to manage cybersecurity risk, further extending its reach.
By design, the framework leverages existing standards, guidelines and best practices to help organizations better understand, manage and reduce cybersecurity risk. It also facilitates enhanced communication regarding risk and cybersecurity among stakeholders. Intended to be customized to meet each organization’s unique needs and risk profile, the framework is most effective when used in conjunction with more prescriptive risk management guidelines such as FISMA, ISO or COBIT.
Given the 100+ controls found in the NIST Cybersecurity Framework, agencies and organizations may find it challenging to know where to begin to understand their compliance with the framework. Starting with a mapping of existing controls in place against the NIST Cybersecurity Framework can enable you to find a foothold and expand your efforts, without duplicating work. For a comprehensive review of your organization’s compliance with the NIST Cybersecurity Framework, consider a gap analysis service.
A NIST Cybersecurity Framework Gap Analysis engagement from TalaTek starts with an assessment to determine what controls are in place, if they are implemented and operating correctly and whether they are meeting organizational goals. During the assessment, the TalaTek team examines all existing policies, procedures and processes against the NIST Cybersecurity Framework to identify gaps. The result is a TalaTek Benchmark Analysis Report which contains a thorough evaluation of the effectiveness of the existing security program and identification of gaps that should be addressed to adhere to the NIST Cybersecurity Framework. The engagement also includes a remediation plan with recommendations to reduce or eliminate identified deficiencies.
Unique to TalaTek, we’ll use our TalaTek intelligent Governance and Risk Integrated Solution (TiGRIS) cloud managed service to collect and analyze data and deliver your findings and action plan, including recommended workflows and risk metrics. With this critical information in place, you can leverage TiGRIS as the foundation of your Integrated Risk Management program. TiGRIS integrates all risk, compliance and IT security data into a single system of record to provide a true enterprise view of your risk status against the NIST Cybersecurity Framework and any other frameworks or guidelines you choose.