Join Us for Jack Freund’s, PhD Office Hours

Blog Post

New Feature: NIST CSF Mitigation Recommendations

February 20, 2023

Table of Contents

Does your organization currently speak in the NIST framework language? Say bye-bye to manual mapping and say HELLO to filling out inputs in the NIST CSF framework. This new release helps security teams better align with the organization’s internal communications around security controls.

Get Cybersecurity Recommendations Based on the NIST CSF Framework

We know that staying consistent with the company’s terminology can better help you achieve your goals. The platform now supports maturity controls in the company sphere, provides mitigation recommendations with a dollar value and ROI calculations for prioritization all using the NIST CSF Framework.

When setting up a new company, users can select their preferred security framework for input and mitigation recommendations, with NIST CSF as the default choice due to its widespread use among enterprise clients. NIST is ideal for board reporting, using natural language easily understood by non-technical stakeholders.

All controls are mapped into 5 functions: Detect, Protect, Identify, Respond & Recover.

The maturity level of each control is indicated using the CMMI Framework, with ranks 1-5 indicating increasing maturity.

  1. Initial. Processes are unpredictable and reactive. They increase risk and decrease efficiency.
  2. Repeatable. Processes are planned and managed, but they still have issues.
  3. Defined. Processes become more proactive than reactive.
  4. Managed. Quantitative data is used to craft predictable processes that fulfill stakeholder needs based on more accurate measurements of adherence to business goals.
  5. Optimized. The organization has a set of consistent processes that are constantly being improved and optimized.

To model companies with NIST CSF v1.1, create a new company and configure the proper framework under the ‘Compliance’ tab. Existing companies can not be migrated from framework to framework.

Kovrr's CRQ platform demonstrates the average and maximum savings of a NIST control upgrade.
No items found.
Ask for a demo
By providing my contact information and ticking the box below, I agree to Kovrr's Privacy Policy and consent to communications from kovrr at the contact information provided.
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.
More Blog Posts
Explore All Blog Posts
Industry Recognition