CSF 1.1 General Resources

Resources intended for general applications.

• AWS NIST Cybersecurity Framework (CSF) whitepaper 
  (A whitepaper that provides a detailed description of AWS cloud services to facilitate alignment with the NIST Cybersecurity Framework.)
• Axio360’s NIST CSF
• Baldrige Cybersecurity Excellence Builder
  (A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance.)
• Baldrige Cybersecurity Excellence Builder Webcast
  (Lessons Learned in Using the Baldrige Cybersecurity Excellence Builder with the Cybersecurity Framework)
• Better Business Bureaus'(BBB) 5 Steps To Better Business Cybersecurity Guide (A guide based on the Cybersecurity Framework designed to help provide an understanding of how best to  identify and protect vital data, technology assets, and how to detect, respond, and recover from a cybersecurity incident.)
• Cavirin's A Primer for Mapping and Automating Technical Controls for Operating Systems Whitepaper
• CFORUM's cyber.securityframework.org
  (NIST Cybersecurity Framework resources.)
• Cipher's Maturity Self-Assessment Survey
• Cloud Security Alliance's Draft Mapping of Cloud Controls Matrix to Cybersecurity Framework
• Cybersecurity Coalition’s Cybersecurity Framework Botnet Threat Mitigation Profile
• Cybersecurity Coalition’s Cybersecurity Framework DDoS Threat Mitigation Profile
• Department of Homeland Security's C³ Voluntary Program
  (The C³ Voluntary Program helps sectors and organizations that want to use the Framework by connecting them to existing cyber risk management capabilities provided by DHS, other U.S. Government organizations, and the private sector.)
• Department of Homeland Security's Cyber Resiliency Review (CRR): NIST Cybersecurity Framework Crosswalks 
  (The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT® Resilience Management Model (CERT-RMM), both developed at Carnegie Mellon University’s Software Engineering Institute)
• Expel's Interactive Tool to Track your CSF Implementation Progress
• Facility Cybersecurity Training Game
  (A cybersecurity game built upon NIST CSF and designed to train facility owners and operators in regard to effectively responding to cyber-attacks.)
• FAIR Institute's Quantifying and prioritizing cyber risk with the NIST CSF & FAIR
  (A comparison of the NIST Cybersecurity Framework and FAIR.)
• FINSECTECH's Cybersecurity Framework as a Service
  (A user friendly Framework management tool.)
• FTC's The NIST Cybersecurity Framework and the FTC
  (An explanation for the relationship between the Framework and FTC)
• G2, Inc's Threat Informed Risk Management: Getting Started Using the Cybersecurity Framework Whitepaper
• Google's Perspectives on Security for the Board
• Ian Simpson' Introduction to NIST CyberSecurity Framework 1.1
• IFSEC Global's Cyber Security Assessment
• Information Security Forum's Implementing NIST Cybersecurity Framework
• ISO/IEC 27110:2021 - The goal of this document is to ensure a minimum set of concepts are used to define cybersecurity frameworks to help ease the burden of cybersecurity framework creators and cybersecurity framework users
• National Association of Corporate Directors' Cyber-Risk Oversight Handbook
• (A handbook built around five core principles that are applicable to board members of public companies, private companies, and nonprofit organizations of all sizes and in every industry sector.)
• National Restaurant Association's Cybersecurity 201: A Toolkit for Restaurant Operators
  (A guide intended to give you a better understanding of the five core areas of an enterprise-wide cybersecurity program.)
• Nemertes and G2-Inc's Risk Management through the Framework
• NIST Cybersecurity Framework Quick Start Guide
  (Get started using the Cybersecurity Framework with this simple guide. Also translated into Portuguese and Spanish.)
• NIST’s Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing (PNT) Services
• OAS & AWS's NIST Cybersecurity Framework White Paper
  (Addresses the main advantages and opportunities offered by the NIST methodology for cyber risk management in all technology services.)
• Rivial Security's Vendor Cybersecurity Tool 
  (A guide to using the Framework to assess vendor security.)
• RSA Conference - NIST Cybersecurity Framework Podcast
  (An RSA Conference Podcast on the NIST Cybersecurity Framework. covering what the Framework is, how it can be applied and what's on the horizon relative to the Framework.)
• SDN Communication's NIST Cybersecurity Training Videos
  (SDN in conjunction with the South Dakota Telecommunications Association and Dakota State University hosted an event focused on the NIST Framework which provided a series of information videos.)
• Splunk and the Cybersecurity Framework for Industrial Security
  (A tech brief illustrating some of the ways Splunk can help to apply Framework guidance.)
• Tenable's NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation Whitepaper 
  (An automated assessment for the majority of the Framework controls.)
• Tenable's SecurityCenter Continuous View™ Support for the NIST Cybersecurity Framework – Dashboards and Assurance Report Cards (ARCs) Whitepaper
  (Insight into reporting requirements are supported by the NIST CSF Dashboards and ARCs supports.)
• The Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) Cyber Security Evaluation Tool (CSET) download, introductory CSET video, and walkthrough video of the Cybersecurity Framework approach within CSET
• The Open Group's Framework Implementation Guide
  (An implementation guide to leveraging open trusted technology providers in the supply chain.)
• University of Maryland Robert H. Smith School of Business Supply Chain Management Center's CyberChain Portal-Based Assessment Tool
  (Provides guidelines to measure and assess cyber supply chain risk.)
• Verity Security’s Enterprise Security Profile Model (ESPM)
• Watkins Consulting’s Cybersecurity Framework with 800-53 Controls Excel Workbook
• Wychwood Partners’ Cyber & Information Risk Officers (CIRO) Model