NIST Cybersecurity Framework is a voluntary framework standard that assists all businesses with an outline of best practices to better understand, manage, and protect your organization’s networks and data. Though it is a voluntary framework, it is mandatory for federal agencies and necessary for companies conducting business with the government as a contractor, partner, or vendor to comply with the standards. The NIST CSF improves cybersecurity risk management and critical infrastructure cybersecurity by providing a comprehensive view of the life cycle for managing cybersecurity risk over a period of time using five key functions - identify, protect, detect, respond, and recover. NIST CSF can conform to the organization in line with specific business practices by determining activities that are important to critical business services. Many variables influence the effort required to prepare a system for audit and authorization.
HanaByte can automate and implement compliance services and is able to conduct multiple NIST CSF workshops tailored to your organization to guide related personnel through the processes before submission to a formal third party audit. At your option, we can coach you on selecting an audit and certification firm appropriate for your business.
Perform workshops on NIST CSF processes and authorization – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
Deliverables
Delivery of a variety of workshops covering NIST CSF processes/authorization paths including topics of security continuous monitoring and response planning
Regular remote meetings to track progress that best fits your schedule
Personnel
Security Consultant(s) will be assigned to the engagement for a flat fee
Customer Responsibilities
Provide access to related documentation and in-scope systems
Guidance in assessing your existing services and its control implementations, infrastructure, detection and response policies, recovery procedures, and relevant documentation against the NIST CSF
Guidance through NIST CSF processes and authorization – educating key stakeholders, technical personnel, and support teams on a variety of topics.
Guidance on which key functions to prioritize in accordance with gaps in the organization.
Deliverables
Regular meetings to counsel NIST CSF processes and review paths including topics of key functions
Regular meetings to provide recommendations with third party companies
Personnel
Security Consultant(s), billed hourly as needed for the engagement
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing services and its control implementations, infrastructure, detection and response policies, recovery procedures, and relevant documentation in order to perform a gap analysis to the NIST CSF
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress
Personnel
Security Consultant(s), billed 5 days full-days per week for the engagement
Expected full NIST CSF launch turnaround time of engagement to be 4-6 weeks depending on organization size and infrastructure
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing services and its control implementations, infrastructure, detection and response policies, recovery procedures, and relevant documentation in order to perform a gap analysis to the NIST CSF
Perform workshops on NIST CSF processes and authorization – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls
Delivery of a variety of workshops covering NIST CSF processes/authorization paths including topics of security continuous monitoring and response planning
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress
Personnel
Security Consultant(s), billed 5 days full-days per week for the engagement
One or more HanaByte Security Consultant may travel to your organization’s site to conduct hands-on assessment and workshops
Expected full NIST CSF launch turnaround time of engagement to be 4-6 weeks depending on organization size and infrastructure
Gap assessment and workshops may be conducted concurrently for a reduced turnaround time in the case of assignment of multiple HanaByte Security Consultants
Customer Responsibilities
Provide access to related documentation and in-scope systems
