New Feature: NIST CSF Mitigation Recommendations

Does your organization currently speak in the NIST framework language? Say bye-bye to manual mapping and say HELLO to filling out inputs in the NIST CSF framework. This new release helps security teams better align with the organization’s internal communications around security controls.

‍

Get Cybersecurity Recommendations Based on the NIST CSF Framework

‍

We know that staying consistent with the company’s terminology can better help you achieve your goals. The platform now supports maturity controls in the company sphere, provides mitigation recommendations with a dollar value and ROI calculations for prioritization all using the NIST CSF Framework.

‍

When setting up a new company, users can select their preferred security framework for input and mitigation recommendations, with NIST CSF as the default choice due to its widespread use among enterprise clients. NIST is ideal for board reporting, using natural language easily understood by non-technical stakeholders.

‍

All controls are mapped into 5 functions: Detect, Protect, Identify, Respond & Recover.

‍

The maturity level of each control is indicated using the CMMI Framework, with ranks 1-5 indicating increasing maturity.

‍

1. Initial. Processes are unpredictable and reactive. They increase risk and decrease efficiency.
2. Repeatable. Processes are planned and managed, but they still have issues.
3. Defined. Processes become more proactive than reactive.
4. Managed. Quantitative data is used to craft predictable processes that fulfill stakeholder needs based on more accurate measurements of adherence to business goals.
5. Optimized. The organization has a set of consistent processes that are constantly being improved and optimized.

To model companies with NIST CSF v1.1, create a new company and configure the proper framework under the ‘Compliance’ tab. Existing companies can not be migrated from framework to framework.

‍