- CFD Bundles are enterprise-class documentation bundles combining the CDPP and CSOP with 8 additional program-level documents.
- Four CFD bundles available, aligned with NIST CSF, ISO 27001/27002, NIST 800-53 Moderate, and NIST 800-53 High.
- Each CFD bundle includes 10 products: CDPP + CSOP + RMP + TPRM + C-SCRM + CRA + IIRP + COOP + VPMP + SBC + DPP (and variations).
- CFD Bundles bring the full documentation program together in one coordinated purchase instead of sourcing each product separately.
- CFD Bundles are the best choice for organizations building a complete documentation program from scratch, rather than augmenting existing documentation.
Enterprise-Class Program Documentation
Security, compliance & resiliency starts with strong fundamentals. Picking a cybersecurity framework is more of a business decision and less of a technical decision. Realistically, this should be driven by a fundamental understanding of what your organization needs to comply with from a statutory, regulatory and contractual perspective, since that understanding establishes the minimum set of requirements necessary to comply. This understanding makes it pretty easy to determine where on the "compliance spectrum" you need to focus for selecting a set of cybersecurity principles to follow that generally involves NIST Cybersecurity Framework, ISO 27002 or NIST 800-53 as a starting point. A key consideration for picking a cybersecurity framework comes down to the level of content the framework offers, since this governs what you can natively comply without having to bolt-on content to make it work. We currently offer framework-aligned bundles for the three most common "flavors" of cybersecurity frameworks:
As visualized in the graphic below, the core of our solutions are based on policies, standards and procedures. From there, we have program-level solutions to address (1) risk management, (2) vulnerability management, (3) incident response & crisis management, (4) supply chain risk management and (5) privacy & secure engineering. Our bundles provide significant savings and near-turnkey documentation solutions for your organization. If you have a unique need, please contact us since we might be able to work with you on your request.
We can also create customized templates for your specific needs. You can contact us or simply add the products you are interested in to your cart and submit a quote directly from the website.
Available CFD Bundles
Four CFD bundles, one per major framework. Select the bundle matching your primary compliance framework.
Comprehensive Coverage
Give us a call or send us an email - we are happy to help you find the right solution for your needs!
There are a lot of choices to pick from when selecting a cybersecurity framework. If you are not sure what works best for you, you can read more here. The most common frameworks are NIST 800-53, ISO 27002, the NIST Cybersecurity Framework and the Secure Controls Framework (SCF). To do NIST CSF, ISO 27002 or NIST SP 800-53 properly, it takes more than just a set of policies and standards. While those are foundational to building a cybersecurity program aligned with that framework, there is a need for program-specific guidance that helps operationalize those policies and standards (e.g., risk management program, third-party management, vulnerability management, etc.). It is important to understand what is required to comply with NIST CSF vs ISO 27002 vs NIST SP 800-53, since there are significantly different levels of expectation.
It is important to understand that picking a cybersecurity framework is more of a business decision and less of a technical decision. Realistically, the process of selecting a cybersecurity framework must be driven by a fundamental understanding of what your organization needs to comply with from a statutory, regulatory and contractual perspective, since that understanding establishes the minimum set of requirements necessary to:
- Not be considered negligent with reasonable expectations for cybersecurity & data protection;
- Comply with applicable laws, regulations and contractual obligations; and
- Implement the proper controls to secure your systems, applications and processes from reasonable threats, based on your specific business case and industry practices.
This understanding makes it easy to determine where on the "framework spectrum" (shown above) you need to focus for selecting a set of cybersecurity principles to follow. This process generally leads to selecting the NIST Cybersecurity Framework, ISO 27002, NIST SP 800-53 or SCF as a starting point.