Nice post here Matt. I think it's not a question of the Framework itself as much as it is utilizing the proper tools to help enable it's implementation at an the organization . Automated assessment and rating against the Framework through a SaaS delivery model, for instance, might make sense to organizations of all sizes, but they need to know that there are tools out there available that have been specifically designed to help accommodate getting started with NIST Cybersecurity Framework implementation. Education and awareness of course is key, so training courses need to be developed and provided to organizations of all sizes across a number of industry verticals to start down this path the right way. Another consideration is whether this will eventually become a regulation or not, a hot topic that is already being actively discussed within the security field.
