Information Shield Simplifies US-CSF Compliance

Compliance platform update streamlines Tier 3 compliance with the US Cyber Security Framework

Information Shield – a leading provider of cyber security compliance software – today announced a new Control Baseline for the US Cyber Security Framework (US-CSF).   This new template dramatically reduces the time and cost of building and validating an information security program that addresses the CSF.

“Many small and medium business are adopting the CSF as a basis for cyber security,” said David Lineman, CEO of Information Shield.  “However, in practice, translating the CSF requirements into meaningful program elements is challenging.  Leveraging our Common Control Library (CCL), organizations can replace weeks of manual effort building a program that addresses all NIST CSF requirements.”

Challenges Using the NIST CSF

While the NIST CSF is often referenced as a solution for “small” non-government organizations, it still presents many practical challenges.  First, the framework language makes it difficult to translate CSF requirements into actual day-to-day security operations.  Second, implementation of the standard requires a level of program sophistication that is beyond most organizations.   Finally, the program requires a full suite of compliance documentation that most SMB organizations do not have.   For example, to achieve “Tier 3” implementation, organizations must be able to demonstrate a repeatable set of cyber practices driven by written security policies.

ComplianceShield helps address all of these issues by providing a compliance automation program supported by our leading Common Compliance Library (CCL).

Key Features to Enable NIST CSF

The following features enable organizations to streamline US-CSF program maturity to Tier 3 and Tier4:

  1. Complete NIST CSF Policy Library – The US-CSF requires organizations to adopt a complete set of written information security policies that are approved by management.  Examples include: program governance (GV), asset classification and management (ID); identity and access controls (AC); business continuity planning (RC); and many more.
  2. US-CSF Control Library Template – The new Compliance Template translates the US-CSF into a specific set of Controls that can be tracked, implemented and validated. Our Common Control Library has been updated with new mappings to support CSF V1.1
  3. Compliance Management Platform – The CSF requires “risk informed” decisions that require a formally managed program.  ComplianceShield enables full management accountability in a simple, streamlined platform.
  4. Secure Information Sharing – ComplianceShield enables secure sharing of program status and compliance evidence with third-parties.
  5. Vendor Risk Management – ComplianceShield contains policies, templates and functions for supply chain risk management.

A free trial of ComplianceShield is available by registering at the Information Shield web site.