ISF, NIST Partner to Create Online Informative References for Cybersecurity Standards, Frameworks
The Information Security Forum (ISF) and the National Institute of Standards and Technology (NIST) are partnering as part of a pilot project to create Online Informative References (OLIRs) between information security standards and the NIST Cybersecurity Framework (CSF).
As part of this pilot scheme, the ISF has produced an OLIR between the ISF’s Standard of Good Practice for Information Security 2018 (The Standard) and the NIST CSF Version 1.1. “Many security practitioners are overwhelmed with recommendations on how to provide cybersecurity from the media, vendors, standards bodies and more,” said Steve Durbin, Managing Director, ISF. “The ISF, the Standard and this OLIR provides a practical and clear path in how to adopt and use the CSF and, in doing so, tackle many other challenges associated with cybersecurity and information risk management. Current and potential ISF Members can demonstrate to business executives, supply chain partners, customers and other parties how adoption and implementation of the Standard both meets, and exceeds, the requirements set out in the CSF.”
The CSF has received growing attention as a tool for tackling cyber threats, says the press release.The OLIR between The Standard and the CSF links 87 of the 131 Information Security topics found in The Standard to all 108 subcategories in the CSF. These links are designed for practitioners who currently utilize or are considering The Standard and would like to understand how the activities that they undertake can help them achieve the outcomes described by each subcategory. The remaining 44 topics in The Standard that are not linked to CSF subcategories cover areas of Information Security not directly found within the CSF, such as system development criteria or audit processes. Additional details on the coverage of the CSF Subcategories can be found in the OLIR document.
“Managing risk is essential for organizations to deliver their strategies, initiatives and goals. Therefore, information risk management is relevant only if it enables organizations to achieve these objectives, ensuring it is well-positioned to succeed and is resilient to unforeseen events, such as those caused by advanced cyber-attacks,” continued Durbin. “The ISF maintains an Informative Reference between the NIST Cybersecurity Framework 1.1 and The Standard. This latest update provides security professionals with assurance of how implementing The Standard meets the expectations of the CSF, as with other international and industry standards and frameworks.”
The Standard addresses the rapid pace at which threats and risks evolve and an organizations’ need to respond to escalating security threats from activities such as cybercrime, ‘hacktivism’, insider threats and espionage. The ISF will be launching the latest edition of The Standard in 2020. To find out more, click here.