The standards are vendor-neutral and cover a wide variety of cybersecurity postures known as Tiers (ranked 1 through 4) to determine where your organization is today (Current Profile) and where you want to be (Target Profile). This same organization designs the mandatory standards 800-53, Recommended Security Controls for Federal Information Systems and Organizations and 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (required for Federal agencies and Federal contractors).ĭevelopment of the CSF is for the other 99% of businesses that operate in the United States to voluntarily-albeit recommended-secure their environments from cyber-attacks.
One of the most popular cybersecurity best practice guides is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). There are many cybersecurity best practices of different scopes, sizes, and industries, but it can be difficult to choose which is best for your organization or your customer’s environment. What is the difference between the NIST Cybersecurity Framework and CIS Controls 7.1?
It was informational and did not deep dive into each standard or best practice.
This article covers the Center for Internet Security’s Controls 7.1 and how to create a review using myITprocess.Ī while back, I wrote a Community Post of templates to use when performing a cybersecurity assessment.