Tag Archive: NIST

How to Map PCI DSS to the NIST Cybersecurity Framework

Written by

Organizations face an increasing number of compliance metrics. Risk management is of paramount importance and is feeding the need for governance. Terms like PCI DSS and NIST CSF are two frameworks that help enhance data security and manage risk.  Often, it is the confusion on where businesses need to start that prevents them from taking action at all. It is important first to understand what PCI and NIST do, how they are related to each other, and how they are different to prevent analysis paralysis. What Is PCI DSS? The Payment Card Industry Data Security Standards (PCI DSS) were created to standardize the way all organizations that accept, process, transmit, and store credit card information securely. The requirements mandated by…

Tags: , ,
Categorized in: ,

NIST CSF Categories and Framework Tiers

Written by
Identifying the key steps to becoming NIST compliant

NIST CSF stands for the National Institute of Standards and Technology Cybersecurity Framework. The NIST CSF consists of best practices, standards, and guidelines to manage cybersecurity program risk.  This voluntary framework is divided into three primary parts: the framework core, profiles, and tiers. The NIST CSF core comprises five functions, where each function are further broken down into categories and subcategories. There are currently 23 categories and 108 subcategories in the NIST CSF.  Below you will find a detailed assessment of the NIST CSF functions and categories: Identify Function Identify the risk to critical infrastructure, information systems, people, assets, and data. Asset Management: Inventory and manage all company assets, including people. It is important also to understand Bring You Own…

Tags:
Categorized in:

NIST and FedRAMP: A Brief Overview

Written by
differences and similarities between NIST and FedRAMP

NIST and FedRAMP: A Brief Overview   If you’re new to the world of compliance in the US Federal Government, there can be some tricky terms to navigate. Here’s a quick primer on the similarities and differences between NIST and FedRAMP. NIST Background The National Institute of Standards and Technology (NIST) produces, among other things, a series of documents known as Special Publications (SP). The NIST SP 800 series deal with computer security, and NIST 800-53 revision 4, Security and Privacy Controls for Federal Information Systems and Organizations details information security/privacy controls which must be in place for information systems in the US Federal government. There are other 800-series documents which cover elements of information security including risk management (SP…

Tags: , ,
Categorized in: , ,

August Standards Updates: FedRAMP Seeks Help, HIPAA Concerns, ISO “Landmark” and NIST Developments

Written by

FedRAMP Needs Feds to Help Refine High Impact Baseline The standards set forth by the High Impact Baseline will allow commercial cloud service providers to host sensitive information in their systems. Considering the potential that this Baseline has to shape the FedRAMP program going forward, officials are working hard to ensure that they get the standard right. After receiving public comments on their draft of the High Impact Baseline, FedRAMP is looking for help from federal employees to revise the standards set forth. FedRAMP plans to create “The Tiger Team,” which will consist of federal IT managers who can facilitate and oversee the revision process and prepare a final draft of the Baseline, which is scheduled to be finished prior…

Tags: , , ,
Categorized in: