Free NIST 800-171 Guides & Tools
At ComplianceForge, we pride ourselves on the level of educational material we provide to clients, so that they have a firm understanding of their requirements. We provide these resources at no-cost, so you are free to download them. If you have any questions, please contact us.
CISOs are often not at a loss for a plan, but executing these plans often fall short due to disconnects between strategic, operational and tactical components in the planning and implementing processes. Where the rubber meets the road, Individual Contributors (ICs) need to know (1) how they fit into business planning, (2) what their priorities are and (3) what is expected from them in their duties. When looking at it from an auditability perspective, the evidence of due diligence and due care should match what the cybersecurity business plan is attempting to achieve.
The central focus of any cybersecurity business plan should be a Capability Maturity Model (CMM) target that provides quantifiable expectations for People, Processes and Technologies (PPT), since this helps prevent a “moving target” by establishing an attainable expectation for “what right looks like” in terms of PPT. Generally, cybersecurity business plans take a phased, multi-year approach to meet these CMM-based cybersecurity objectives. Those objectives, in conjunction with the business plan, demonstrate evidence of due diligence on behalf of the CISO and his/her leadership team. The objectives prioritize the organization’s service catalog through influencing procedures at the IC-level for how PPT are implemented at the tactical level. Those Standardized Operating Procedures (SOPs)not only direct the workflow of ICs, but the output from procedures provide evidence of due care.
ComplianceForge has simplified the concept of operationalizing cybersecurity planning in in the following downloadable diagram to demonstrate the unique nature of these components, as well as the dependencies that exist:
There are no products listed under this category.
-
NIST 800-171 R2 to R3 Transition Guide
Sooner, rather than later, the US Government's global supply chain will have to transition to NIST 8...
-
NIST 800-171 R3 Kill Chain
The CMMC 2.0 & NIST 800-171 R2 version of the CMMC Kill Chain introduces the theory of constrain...
-
NIST 800-171 R3 In A Nutshell
It is worthwhile to take a look at NIST 800-171 R3 through a People, Process, Technology, Data &...
-
NIST 800-171 R3
NIST 800-171 Rev 3 was released on 14 May of this year, and it contains significant changes from the...