ACT-IAC White Paper: Agency Assessment of NIST Controls and Monitoring

Continuous Monitoring: Agency Assessment of NIST Controls and Monitoring
Developed by the ACT-IAC Cybersecurity Community of Interest
Date Released: August 10, 2020

This paper is an exploration of the NIST Cybersecurity Framework (CSF) and its overall usefulness to a government agency, specifically when it comes to evaluating continuous monitoring. In general, this paper aims to provide key insights into the NIST CSF and offer new ideas on how to improve upon existing or new frameworks within any organization. This paper includes:

• Benefits and drawbacks of the framework and how it might apply to the agency.
• Criticality and volatility scores given to subcategories within CSF and assessment of the helpfulness of those scores.
• Examination of specific subcategories of the framework and recommendations on solutions and metrics to help determine the effectiveness of those subcategories as they relate to an agency.

This paper was written by Master of Science in Information Systems students at the Indiana University Bloomington in partnership with the ACT-IAC Cybersecurity COI and MITRE.