Peer-Driven Insights

Security Frameworks (NIST, CIS, CSF)

About this topic

Security frameworks (NIST, CIS, CSF) refer to industry-standard models and best practices for establishing, managing, and improving cybersecurity programs. They provide structured guidance to strengthen security posture and ensure compliance.

Community Posts

If you’ve used the NIST incident response plan as a template, what elements required the most customization to suit your org?

Relative to phishing and ransomware. How confident is your organization, that the security controls you have place today will protect you?

Read More Comments

Updated NIST password guidelines — what do you think of the recommendation to include emojis as acceptable characters?

Very positive – Offers more flexibility & personalization19%

Somewhat positive – Could enhance security if used correctly48%

Neutral – I doubt it will significantly impact security25%

Somewhat negative – May lead to predictable patterns7%

Very negative – Complicates password creation without much benefit

View Results

Are compliance checklists an effective way to improve cyber hygiene?

Read More Comments

What are organizations lacking in their cybersecurity posture?

Read More Comments

What are your thoughts on CMMC 2.0?

What are your views on the CIS Controls framework?

Read More Comments

What are some critical NIST controls to focus on when building a cyber program for a new software startup?

I'm looking for a tool to manage application security requirements for our organization. The requirements need to include both regulatory requirements (healthcare) and threat-based requirements through a lightweight threat modeling component. So far, SD Elements looks like a lone winner in this market segment. Does anyone have experience with them or one of their competitors? SD Elements is intriguing as it would also help us track compliance to the requirements thereby helping to measure progress and outcomes.

Does anyone have experience standing up a central organization that is responsible for resolving findings from audits? I am tasked with intaking findings from audits, organizing remediation projects/programs/teams to remediate those findings and track remediation to completion.

Read More Comments

What IS program evaluations is everyone using to evaluate their cyber-hygiene?

Read More Comments

My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms. Is this something many companies do?

Read More Comments

What is the top data governance issue?

Limited resources11%

Siloed data40%

Lack of leadership23%

Poor data quality & context18%

Lack of data control5%

Other (please explain in the comments)

View Results

We are looking at implementing role-based access controls on some of our SaaS platforms due to entry into emerging markets. Does anyone have best practices to share?

Read More Comments

NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Read More Comments

Which of these resources have you used to design cybersecurity programs?

Control frameworks18%

Program frameworks38%

Risk frameworks22%

Consultant services11%

Managed security service providers (MSSPs)5%

Other outsourcing services3%

Other

View Results