Narrow by location

Are You Considering a NIST CSF Assessment for Your Organization?

Business

From Carr, Riggs & Ingram

In February of 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” was introduced as a means of sharing cybersecurity threat information. The goal was to build a framework around standardized security for the United States to reduce potential risks to critical infrastructure. One year later, the National Institute of Standards and Technology released version 1.0 of their Cybersecurity Framework (CSF) which served as a source of voluntary guidelines based on existing standards and practices for organizations with critical infrastructure to more efficiently manage and reduce cybersecurity risk.

“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” —Executive Order 13636

Since it was first released, the NIST CSF has become the standard framework for evaluating the cybersecurity practices of organizations ranging from small business to large enterprises.

Choosing the Right Assessor

Although the NIST CSF tool remains free to all organizations, it is essential to be able to demonstrate framework compliance. It is recommended that any company, regardless of size, should engage in an independent assessment completed by a Certified Information Systems Security Professional (CISSP). Assessor skills represent a crucial aspect of getting the most value from a NIST CSF assessment and preventing the aggravation of your IT department dealing with assessors with limited IT skills. Choosing the right organization with certified security professionals and standards for quality control and consistency to perform this assessment allows your business to feel confident in the assessment being provided, while also ensuring that you are meeting the proper standards designated within the Framework.

When it comes to demonstrating the effectiveness of your organization’s cybersecurity posture to your customers, undergoing an independent assessment ensures that your current cyber practices are meeting or exceeding NIST standards. Having an assessment done not only offers your clients peace of mind in regards to their data but also improves the lines of internal communication within your firm. Combining relevant questions with the appropriate recommendations is one of the best ways to add value to your assessment process.

CRI is Ready to Help

The Certified Information Systems Security Professional (CISSP) credential has remained one of the most rigorous credentials to obtain and maintain for CSF assessors. Having this credential available provides a standard measure of assessor capability and can help you decide which firm is right for you. If you’re considering an independent CSF assessment, talk to a CRI CISSP to start building an assessment plan for your organization.

Creative Legislative Solutions To Bond Off Mechanic’s Liens

By David K. Taylor, from Bradley Whether you are the owner or the general contractor, dealing with mechanic’s... »

What Does Coinsurance Mean on a Property Insurance Policy? Let Us Explain.

From Thompson Insurance, Inc. blog Coinsurance can be a tricky thing, and it’s hard for many people to... »

Show Me the Money! Have You Reviewed Your Incentive and Bonus Programs Lately?

By Kristin White, from Fisher Phillips blog Over the last couple of years, employee incentive programs have been... »

Construction Insurance Coverage: 5 Policies You Should Never Be Without

From Thompson Insurance, Inc. blog There’s no denying it. If you’re in construction, you’re in a high hazard... »

LEAVE YOUR COMMENT

Your email address will not be published. Required fields are marked *