A NIST CSF assessment comprehensively evaluates your cybersecurity posture and identifies areas for improvement across five fundamental functions. It's a valuable asset for organizations that want to disclose to stakeholders what security measures it’s taken and what risks it faces.
The new SEC Cybersecurity Disclosure Rule requires public companies to disclose their cybersecurity risks and practices. It requires companies to assess their cybersecurity risks, annually report on their cybersecurity program, and disclose material incidents. NIST CSF can help. With appropriate implementation of the Respond (RS) function, NIST CSF helps support compliance with adequate response measures in place to disclosure incidents in a timely manner.
If you are an organization that is required to comply with the SEC Cybersecurity Disclosure, or if you are simply interested in improving your cybersecurity posture, then a NIST CSF assessment can help you. A NIST CSF assessment can help you to:
Our team provides three separate and flexible solutions for organizations seeking to be evaluated against the NIST CSF:
Indicates that your organization has a limited awareness of your cybersecurity risk management practices and that you have not implemented the majority of the subcategories in the NIST CSF framework.
Indicates that your organization has a partial understanding of your cybersecurity risk management practices and that you've implemented only some of the subcategories in the NIST CSF framework.
Indicates that your organization has a good understanding of your cybersecurity risk management practices and that you've implemented most of the subcategories in the NIST CSF framework.
Indicates your organization has an advanced cybersecurity program that features a comprehensive understanding of your cybersecurity risk management practices and complete implementation of all of the subcategories in the NIST CSF framework.
Jeff Schiess is a Managing Director with Schellman. Having worked with Fortune 1000 and publicly traded companies across a wide range of industries—including Software-as-a-Service and data center hosting providers, as well as cybersecurity, financial, insurance claims processing, and information technology firms—Jeff is now focused on governance, risk, and compliance (GRC), SOC 1 and 2, HIPAA, ISO 27001, and NIST CSF assessments.
Companies are often challenged by the need to address customer requirements while ensuring a return on compliance investment.
The most important factor in scoping a potential assessment is understanding what deliverable the recipient (i.e. your customer or partner) is expecting.
Once we have scoped your environment and needs, there are several factors that contribute to Schellman’s pricing: