Skip to main content

You are here

ACT-IAC White Paper: Agency Assessment of NIST Controls and Monitoring

 

Must be logged in to download this document.

You must be logged in to view and download this document.

  • Government employees:  If you have an account, log in by clicking on login button at top of page.  If you don’t have an account, click here to create your free account.
  • Industry employees:
    • If your company is an IAC member and you have an account, log in by clicking on login button at top of page.
    • If your company is an IAC member and you don't have an account, click here to create an account.
    • If your company is not an IAC member, contact April Davis for information about membership ([email protected] or 703-208-4800 ext. 202).
  • Nonmembers:  If you have an account, log in by clicking on login button at top of page.  If you don’t have an account, click here to create your free limited-access account.
 

Abstract

Continuous Monitoring: Agency Assessment of NIST Controls and Monitoring
Developed by the ACT-IAC Cybersecurity Community of Interest
Date Released: August 10, 2020

This paper is an exploration of the NIST Cybersecurity Framework (CSF) and its overall usefulness to a government agency, specifically when it comes to evaluating continuous monitoring. In general, this paper aims to provide key insights into the NIST CSF and offer new ideas on how to improve upon existing or new frameworks within any organization. This paper includes:

  • Benefits and drawbacks of the framework and how it might apply to the agency.
  • Criticality and volatility scores given to subcategories within CSF and assessment of the helpfulness of those scores.
  • Examination of specific subcategories of the framework and recommendations on solutions and metrics to help determine the effectiveness of those subcategories as they relate to an agency.

 

This paper was written by Master of Science in Information Systems students at the Indiana University Bloomington in partnership with the ACT-IAC Cybersecurity COI and MITRE. 

 

Document Date: 
Aug 10, 2020
 
Author (organization): 
ACT-IAC Cybersecurity Community of Interest
 
Document type: 
ACT-IAC Report
 
Interests: 
Cybersecurity