Hi All,
The ACT-IAC Cybersecurity COI developed a paper exploring the NIST Cybersecurity Framework (CSF) and its overall usefulness to a government agency, specifically when it comes to evaluating continuous monitoring. In general, this paper aims to provide key insights into the NIST CSF and offer new ideas on how to improve upon existing or new frameworks within any organization. This paper is an exploration of the
NIST Cybersecurity Framework (CSF) and its overall usefulness to a government agency, specifically when it comes to evaluating continuous monitoring. In general, this paper aims to provide key insights into the NIST CSF and offer new ideas on how to improve upon existing or new frameworks within any organization. This paper includes:
- Benefits and drawbacks of the framework and how it might apply to the agency.
- Criticality and volatility scores were given to subcategories within CSF and assessment of the helpfulness of those scores.
- Examination of specific subcategories of the framework and recommendations on solutions and metrics to help determine the effectiveness of those subcategories as they relate to an agency.
------------------------------
Michael Roza CPA, CISA, CIA
------------------------------