Blog

What is the difference between a policy and a standard? The differences are: 1.Granularity / specificity of requirements; and 2.Scope. A policy is a high-level statement of management’s intent … read more

The NIST Cybersecurity Framework (NIST CSF) is commonly used “cybersecurity best practice” for organizations that tend to be unregulated and need to align with a reasonable set of cybersec … read more

Cybersecurity Supply Chain Risk Management (C-SCRM) is the process of identifying, assessing and mitigating risks in an organization's supply chain that could impact the security and integrity of an o … read more

Determining the scope of controls (e.g., assessment boundary) is different than determining control applicability. Do you know the difference?The Unified Scoping Guide (USG) is a free resource to make … read more

NIST 800-171 focuses on protecting Controlled Unclassified Information (CUI) anywhere it is stored, transmitted and processed. These controls are directly linked to NIST 800-53 and are a subset of the … read more