0333 444 0881
0333 444 0881

NIST CSF Alignment Service

The NIST CSF was designed with the intent that individual businesses and other organisations use an assessment of the business risks they face to guide their use of the framework in a cost-effective way. The framework is divided into three parts: the Framework Core, Framework Implementation Tiers and Framework Profiles. The Framework Core is a set of activities, outcomes and references that detail approaches to aspects of cyber security.  The core comprises five functions, which are subdivided into 22 categories (groups of cyber security outcomes) and 98 subcategories (security controls). Framework Implementation Tiers are used by an organisation to clarify for itself and its partners how it views cyber security risk and the degree of sophistication of its management approach.  A Framework Profile is a list of outcomes that an organisation has chosen from the categories and subcategories, based on its business needs and individual risk assessments.

Cyber Smart Consulting will develop a profile that describes the current cyber security activities and their outcomes. A target profile can be developed, or a baseline profile adopted that has been tailored to better match the critical infrastructure sector or the type of organisation. Steps can then be taken to close the gaps between the current profile and the target profile.

  •  Executive and Programmatic Level: High-level strategic, roadmap and program development.
  • Specific technical recommendation for engineers.
  • Report on analysis of Clients cloud configuration violations against the CIS Cloud Benchmarks.
  • Prioritised recommendations for remediation and most impactful changes to cloud controls.

Service Description

This service develops a profile that describes current cyber security activities and their outcomes.  A target profile can be developed, or a baseline profile adopted that has been tailored to better match your organisation. Steps can then be taken to close the gaps between the current and the target profile.

The Five Core Functions Of The NIST Framework

  • Identify – Develop the organisational understanding to manage cyber security risk to systems, assets, data and capabilities.
  • Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
  • Detect – Develop and implement the appropriate activities to identify the occurrence of a cyber security event.
  • Respond – Develop and implement the appropriate activities to take action regarding a detected cyber security event.
  • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired because of a cyber security event.

Each function is divided into categories – groups of cyber security outcomes that relate to activities. Examples include ‘Asset Management’, ‘Access Control’ and ‘Detection Processes’. Subcategories further divide a category into specific outcomes of technical and/or management activities (security controls). Examples include ‘External information systems are catalogued’, ‘Data-at-rest is protected’ and ‘Notifications from detection systems are investigated’. For each subcategory, the CSF provides informative resources that cite specific sections of a variety of information security standards, including ISO 27001, COBIT®, NIST SP 800-53, ISA 62443, and the Center for Internet Security’s 20 Critical Security Controls.

Service Features

An organisation typically starts by using the framework to develop a profile that describes its current cyber security activities and their outcomes. It can then develop a target profile, or adopt a baseline profile that has been tailored to better match its critical infrastructure sector or the type of organisation. Steps can then be taken to close the gaps between its current profile and its target profile. We use the following seven steps to create a new cyber security programme or improve an existing one. These steps can be repeated as necessary to continually improve and assess your cyber security:

  • Step 1 : Prioritise and scope
  • Step 2 : Orient
  • Step 3 : Create a current profile
  • Step 4 : Conduct a risk assessment
  • Step 5 : Create a target profile
  • Step 6 : Determine, analyse and prioritise gaps
  • Step 7 : Implement action plan

Service Benefits

Develop and mature your organisations cyber RESPOND and RECOVER capability.

Gain insights and expert guidance to improve your security posture, and reduce your overall risk.

Satisfaction of contracted obligations flowed down the organisation.

Understand control gaps and priorities to drive security improvements.

Getting Started

During a Client engagement our Consultants pass through five key phases that form the anatomy of how we manage a typical consulting project.  We appreciate every assignment is different, so we have flexible processes in place to bring our experts onboard quickly and effectively without disrupting existing work programmes. We are happy to provide our services at any stage of the lifecycle.

Security Engagement Lifecycle

Pragmatic & Business Focused Security Consultancy Services

We deliver security capability at all levels of an organisation and are on hand to help ensure that your projects deliver solutions
that are appropriately aligned to your cyber security risk position and satisfy your regulatory compliance requirements.
Learn more about how we can help you achieve your critical priorities:

The Cyber Smart Consulting Team will respond within 48 hours.