Відео

We are a Registered Practitioner Organization (RPO) with Registered Practitioner (RP) and Certified CMMC Professional (CCP) on staff. Feel free to reach to Info@OpticCyber.com and we can provide you a POC to help!

We are a Registered Practitioner Organization (RPO) with Registered Practitioner (RP) and Certified CMMC Practitioner (CCP) on staff. Feel free to reach out to Info@OpticCyber.com and we can send you a POC to help!

We are not a C3PAO. Optic Cyber Solutions is an RPO and help companies prepare for certification. Reach out to info@OpticCyber.com and we can direct you!

Hello! We have an updated Rev3 SSP template on our Resources page under the NIST SP 800-171 section here: www.opticcyber.com/resources.html Hope this helps!

Hello, I apologize for the issues! Please try this link: 43828014.hs-sites.com/nist-cybersecurity-framework-2.0-do-i-measure-up It will take you to Hubspot, but should not require any sort of administrator's login.

Please email Info@OpticCyber.com requesting the slides and I'll get them right over!

Thanks! That's a great idea - I have some familiarity with the CRI Profile but haven't gotten to dig into the 2.0 update yet. I'll have to add that to my list!

While NIST doesn't provide "certification" criteria for the CSF, there are companies that provide training for individual certifications as well as others that conduct CSF program assessments. Optic Cyber Solutions would be happy to conduct a CSF assessment of your cybersecurity program - please reach to Info@OpticCyber.com for more information!

There are many Governance, Risk, and Compliance (GRC) tools that track cybersecurity governance against the CSF to help ensure you have appropriate coverage for the CSF. Additionally, they provide processes for helping align business risk to the CSF enabling you to ‘right-size’ your capabilities to properly manage risk. Additionally, CSF Profiles are a great way tool to help implement the CSF.

Looking from a preventative point of view, a few of the Subcategories that we typically consider when developing vulnerability management programs include: GV.PO-02 to establish the policy and plan, ID.RA-01 to identify vulnerabilities, ID.RA-05 to priorities them for remediation, ID-RA-06 to manage them, ID.IM-04 to plan for addressing exploited vulnerabilities, and PR.PS-02 to enable routine patching.

The Cybersecurity Framework v1.1 has been archived on NIST's website now that v2.0 has been released. NIST is recommending that companies use v2.0 moving forward; however, since the CSF isn't a compliance standard v1.1 can still be used if desired.

Yes, no problem. If you can send an email to Info@OpticCyber.com, we'll send the slides over!

The CSF is intended to be flexible for companies to implement in a way that works best for them. Therefore, you could choose to tailor the new Govern Function out; however, this area was expanded to emphasize the need for having a cybersecurity strategy to help manage cybersecurity risk and drive cyber resilience.

They haven't published a detailed mapping of how the Subcategories were moved around, but if you check out the Discussion Draft released last April, it will give you a starting point since it does include that level of detail (www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf). In the example you provided, ID.RA-06 is still included in the updated CSF 2.0, but has had some wording changes to expand it's outcome.

thank you for the response, also my mistake in my example I meant to use ID.AM, ID.AM jumps from -05 to -07@@OpticCyber

that doc is exactly what I needed, much appreciated!@@OpticCyber

@@herpderp1238Glad to help! In the case of ID.AM-06, it was removed and the concepts are now included under the new GV.RR.