Scoping the Effort
Posted 17 May 2017 - 05:19 AM
We did an assessment of CSF 1.0 using Common Controls Hub and came out with just over 1,000 specific requirements. Let us know if you have completed a Scoping assessment of 1.1.
The GRC Sphere
Posted 18 May 2017 - 08:14 AM
That's cool insight, Phil. It's great to be able to understand the derived requirements that result from a relatively simple outcome like "Data-at-rest is protected".
One point to consider that came up in this week's NIST workshop - some orgs have misinterpreted the Informative Reference column as required controls. Those are simply examples for inspiration, and one could find replacement or supplemental inspiration through GRCsphere and CCH. I don't know how that might impact the resulting derived controls, but I hope an organization wouldn't try to do ISA and ISO and COBIT 5 and RMF and CCS. That would be hard!
Thanks for bringing the question to CForum. After a great week at NIST with hundreds of friends and peers, I'd love to have conversations like this every day!
0 user(s) are reading this topic
0 users, 0 guests, 0 anonymous users