CRI understands the value of a thorough and cost-effective reporting assessment

The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) also known as the “NIST CSF” was published in February 2014 in response to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for a standardized security framework for critical infrastructure in the United States.

Information technology systems place significant focus on selecting and implementing policies and procedures grounded in a fundamentally sound, yet responsive, framework as well as demonstrating compliance with the selected framework, policies, and procedures.

But how do you demonstrate your compliance with the framework? Completing an independent assessment, including formal reporting, is the best way to demonstrate to your customers the effectiveness of your cybersecurity posture. Having a certified and qualified assessor is the best way to add value to your assessment process with relevant questions and testing with meaningful recommendations. Bringing on a high-quality, independent assessor that holds the requisite skills represents a crucial aspect of getting the most value from a NIST CSF assessment.

The Framework

Identify

  • Asset management
  • Business environment
  • Governance
  • Risk assessment
  • Risk management strategy

Protect

  • Access control
  • Awareness and training
  • Data security
  • Information protection and procedures
  • Maintenance
  • Protective technology

Detect

  • Anomalies and events
  • Security continuous monitoring
  • Detection process

Respond

  • Response planning
  • Communications
  • Analysis
  • Mitigation
  • Improvements

Recover

  • Recover planning
  • Improvements
  • Communications