NIST’s Cybersecurity Framework (CSF) version 1.1 is a comprehensive approach to cybersecurity (link to NIST CSF web page). It can be used by organizations in the both the public and private sector to evaluate and help to manage risk associated with cyber crime. It not only creates a basis for a common description of cybersecurity actions but it helps to break cybersecurity into more manageable pieces, from function to category and then to subcategories with their informative references. Watkins recognized that in order to more easily benefit from the breadth of the framework, an Excel-based solution to track cybersecurity risk management at the subcategory level could be helpful. Therefore, we have created and posted an Excel workbook that puts the NIST Cybersecurity Framework into action by helping you to record your cybersecurity activity for each subcategory, and then rolling up that activity by category and function. The workbook can help create a snapshot in time which can be used for gap analysis or historical comparisons.
We have updated our free Excel workbook from NIST CSF version 1.0 to version 1.1; our Excel workbook,version 4.02, was posted on 9/12/2018.
This workbook is free for use and can be downloaded from our website—link to the NIST CSF Excel workbook web page.
As always, we value your suggestions and feedback. We have incorporated your suggestions into the workbook and everyone benefits.