NIST Compliance

NIST Cybersecurity Framework:
Gap Assessment & Implementation Support

The National Institute of Standards and Technology (NIST) promotes a Cybersecurity Framework (CSF) to enable organizations to better manage and reduce cybersecurity risk. The framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity risk. It is also common to use the NIST Cybersecurity Framework to augment regulations like HIPAA to ensure thorough security practices.

The NIST CSF consists of five core functions – Identify, Protect, Detect, Respond, and Recover. These five core functions are subdivided into categories for ease of use. One of the key features of this framework is to assess an organization’s ability to respond to and recover from a data breach or other cyber incident.

Our Services for NIST CSF Compliance

We assess organizations against the five core functions and their categories (see chart below). This assessment reveals gaps between the framework and the client’s actual security program. Addressing these gaps enables clients improve their cybersecurity posture by implementing a robust, comprehensive cybersecurity framework.

Our gap assessment and implementation support services include:
  • Formal NIST CSF gap assessment
  • Information security program improvements
  • Review of existing policies and procedures
  • Identification of additional policies and procedures needed
  • Review of IT and security controls and practices
  • Delivery of detailed report of findings, constructive feedback, and actionable recommendations.
  • Assistance with framework implementation, on request.