Contents x
    NIST CSF Assessment Instructions
    • 1 Minute to read
    • Print
    • PDF
    Contents

    NIST CSF Assessment Instructions

    • 1 Minute to read
    • Print
    • PDF
    Article summary

    1. Introduction

    The NIST Cybersecurity Framework helps organizations begin or improve their cybersecurity program. It draws upon established practices with proven effectiveness, enabling organizations to elevate their cybersecurity stance. The framework promotes communication among various stakeholders within and outside the organization, fostering a collaborative approach to cybersecurity. In the case of larger organizations, it facilitates the integration and alignment of cybersecurity risk management with broader enterprise risk management processes, as outlined in the NISTIR 8286 series. For more information, refer to the official NIST publication.

    2. Assessment Methodology

    The NIST CSF recommends utilizing Framework Implementation Tiers to evaluate security requirements. These tiers serve as a perspective through which one can assess an organization's approach to risk, specifically how the organization perceives cybersecurity risk and the measures in position to mitigate such risk.

    SAFE understands the NIST CSF framework implementation tiers as follows:

    • Tier 1 - Partial: Indicates 15% implementation progress

    • Tier2 - Risk Informed: Indicates 40% implementation progress  

    • Tier3 - Repeatable: Indicates 80% implementation progress

    • Tier4 - Adaptive: Indicates 100% implementation progress

    SAFE risk estimation considers the implementation progress percentage to attribute risk accordingly.

    Each security requirement has its help text to guide the user in the assessment.

    Additionally, the following assessment is supported:

    • Not Applicable: This indicates the requirement does not apply to the organization.

    • Not Implemented: This indicates 0% implementation

    3. Assess NIST CSF Questionnaire

    You can assess the NIST CSF Questionnaire as follows:

    • Upload CSV of the NIST CSF Questionnaire in SAFE.

    • Assess NIST CSF Questionnaire on SAFE UI.

    3.1. Upload CSV

    Refer to NIST CSF Questionnaire Upload Instructions.

    3.2. Assess NIST CSF Questionnaire on SAFE UI

    To assess the NIST CSF Questionnaire:

    1. Navigate to Groups.

    2. Click on the Group for which the NIST CSF Questionnaire needs to be assessed.

    3. Click the Questionnaire tab and then click NIST CSF Questionnaire.
      If the NIST CSF Questionnaire is not available for a group, it means that you did not include it during the group's creation. You can edit and add the NIST CSF Questionnaire to a group.

    4. On the NIST CSF Questionnaire page, read the Findings carefully.

    5. Select an appropriate Finding Option for each finding one by one. SAFE autosave your selection.

      NIST%20CSF%20Assessment(1)

    6. Click a finding to navigate to the finding details page. 

         

    Was this article helpful?
    What's Next