When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.
Given the amount of effort that goes into creating a brand new toolkit, it’s not often that we at CertiKit view a standard to be of sufficient importance to make it worthwhile. However, we’ve been watching the development of the NIST Cybersecurity Framework (CSF) for some time and with the announcement of Version 2.0 of the CSF, we believe the time is right to apply the tried and tested toolkit formula to this popular American standard.
Our blog on the changes that are expected between version 1.1 and 2.0 of the Cybersecurity Framework, includes the history of the standard and its overall structure, so we won’t repeat that information here. What we will do however is try to give you a brief idea of the scope of the toolkit and how it will help an organization intent on adopting the CSF 2.0 as its main (or supplementary) framework for its cybersecurity defences.
Like the rest of our product range, the CSF 2 Toolkit is organized in folders that map onto the structure of the standard, giving a clear indication as to which documents relate to the various categories of the CSF, such as “Category GV-OC” (the Organizational Context category within the Govern function) and “Category ID-AM” (the Asset Management category within the Identify function). A full Toolkit Index shows in more detail how the one hundred and fifty or so documents in the toolkit relate to the specific subcategories of the CSF 2.0 and allow the user to meet the outcomes stated.
In addition to the Toolkit Index, the Implementation Resources folder contains tools to help organize your project, including a full Implementation Guide, Project Plan, Project Definition and Progress Report. The CSF Current and Target Profile spreadsheet tool provides a structured way to assess where your organization currently is in relation to the outcomes of the CSF, and where it wants to be, including consideration of the “tier” concept and actions needed to move from current to target profile.
The other six folders map onto the high-level functions – Govern, Identify, Protect, Detect, Respond and Recover, and within each of these folders is a set of subfolders for each of the categories. The documents and forms within these subfolders are created using standard Microsoft Word, Excel and PowerPoint and are carefully designed to provide the policy, process and procedural content appropriate to delivering the outcomes stated in the subcategories of the CSF. All of the provided content can be tailored and the look and feel of the documents (including fonts and colours) easily customized using themes.
The CertiKit NIST Cybersecurity Framework 2.0 Toolkit is a useful set of resources that can speed up the process of CSF 2 adoption and allow an organization to reap the benefits of a structured approach to information security in a managed way. So, if you need to get started with the latest version of the CSF as soon as possible, this toolkit could be for you.