NIST Framework Assessment

 NIST 800-53 Assessment

There are many cybersecurity frameworks (models) to which organizations can align to assess their current state of security readiness. LCM Security uses the NIST 800-53 Cybersecurity Framework, which provides a straightforward and educational approach to managing security in any organization.

The NIST Framework provides a common language for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders. The NIST Framework can be used to help identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk. It can be used to manage cybersecurity risk across entire organizations, or it can be focused on the delivery of critical services within an organization.

Get Started on Your NIST Framework Assessment

Approach to NIST Assessment

The NIST assessment will uncover the gaps between what is in place and what the framework suggests you need. The missing controls will not, in every case, need to be implemented. This will vary depending on budget, resource availability and applicability to a business. A maturity rating will be applied in order to understand how well the existing controls have been implemented. LCM recommends that this assessment be completed in six phases:

  1. Review the Cybersecurity Framework

  2. Kick-off Meeting & Data Gathering

  3. Analyze All Gathered Data Information

  4. Prepare Documentation

  5. Draft Review

  6. Final Submission of Deliverables

The following controls are evaluated as part of LCM's NIST assessment process:

  1. Access Control

  2. Audit and Accountability

  3. Awareness and Training

  4. Configuration Management

  5. Contingency Planning

  6. Identification and Authentication

  7. Incident Response

  8. Maintenance

  9. Media Protection

  10. Personnel Security

  11. Physical and Environmental Protection

  12. Planning

  13. Program Management

NIST Assessment Deliverables

Four documents will be created as a result of our activities:

  • Gap Summary: Including executive summary and a list of identified gaps and recommendations.

  • Cybersecurity Strategy Roadmap: Aligned with the NIST 800-53 framework.

  • Roadmap Proposal: A prioritized, project-based approach to remediation, based on the findings from the Gap Summary, that also satisfy budgetary requirements.

  • Implementation Plan: Mapped to the roadmap, including high-level activities, required resources (people), time estimates to complete, tools/technologies where appropriate, priority, recommended order of implementation.

NIST Assessment Delivery Team

  • Lead Assessor: A seasoned Information Security expert with over 10 years of professional experience in the industry, possessing various certifications and a degree in information security. The assessor has conducted numerous NIST assessments for customers of various sizes across North America.

  • Virtual CISO: An Information Technology leader with over 20 years of experience in Cyber Security consulting and Managed Security Services, with CISA and CRISC certifications.

  • Report Writers: Will develop final reports based on the findings of the assessment.

Connect with Our Experts to Start Your NIST Assessment