While not every industry is subject to compliance requirements, participating in a voluntary risk-based Cyber Security Framework is a great strategy to manage risks to systems, assets, data, and capabilities. The NIST Cyber Security Framework consists of five functions: Identify, Protect, Detect, Respond, and Recover, along with 23 categories and 108 subcategories of outcomes and security controls.
Many organizations are finding cyber security requirements written into the contracts they sign. Should those requirements not be implemented or if the organization is unable to provide “due care” reporting, the result may involve fines, loss of contract, or attorney fees. NIST CSF Compliance as a Service is a monthly subscription offering compliance process automation and proof of due care.
Note: Current pricing is for companies under 200 employees.