NIST’s Cybersecurity Framework (CSF) is a comprehensive approach to cybersecurity (link to NIST CSF web page). It can be used by firms in the private sector to evaluate and help to manage risk associated with cyber crime. It not only creates a basis for a common description of cybersecurity actions but it helps to break cybersecurity into more manageable pieces, from function to category and then to sub-categories with their informative references. Watkins recognized that in order to more easily benefit from the breadth of the framework, an Excel-based solution to track cybersecurity risk management at the sub-category level could be helpful. Therefore, we have created and posted an Excel workbook that puts the NIST Cybersecurity Framework into action by helping you to record your cybersecurity activity for each sub-category, and then rolling up that activity by category and function. The workbook can help create a snapshot in time which can be used for gap analysis or historical comparisons.
This workbook is free for use and can be downloaded from our website—link to the NIST CSF Excel workbook web page.