NEW YORK - Oct. 23, 2019 - The Information Security Forum (ISF) has been working with the United States National Institute of Standards and Technology (NIST) as part of a pilot project to create Online Informative References (OLIRs) between information security standards and the NIST Cybersecurity Framework (CSF). As part of this pilot scheme, the ISF has produced an OLIR between the ISF's Standard of Good Practice for Information Security 2018 (The Standard) and the NIST CSF Version 1.1.

"Many security practitioners are overwhelmed with recommendations on how to provide cyber security from the media, vendors, standards bodies and more," said Steve Durbin, Managing Director, ISF. "The ISF, the Standard and this OLIR provides a practical and clear path in how to adopt and use the CSF and, in doing so, tackle many other challenges associated with cyber security and information risk management. ISF Members can demonstrate to business executives, supply chain partners, customers and other parties how adoption and implementation of the Standard both meets, and exceeds, the requirements set out in the CSF."

The CSF has received growing attention as a tool for tackling cyber threats. The OLIR between The Standard and the CSF links 87 of the 131 Information Security topics found in The Standard to all 108 subcategories in the CSF. These links are designed for practitioners who currently utilize or are considering The Standard and would like to understand how the activities that they undertake can help them achieve the outcomes described by each subcategory. The remaining 44 topics in The Standard that are not linked to CSF subcategories cover areas of Information Security not directly found within the CSF, such as system development criteria or audit processes.

"The ISF maintains an Informative Reference between the NIST Cybersecurity Framework 1.1 and The Standard – a respected resource that is already implemented by many global organizations," continued Durbin. "This latest update provides security professionals with assurance of how implementing The Standard meets the expectations of the CSF, as with other international and industry standards and frameworks."

The ISF will be launching the latest edition of The Standard in 2020. The most recent version addresses topics such as Agile development, Industrial Control Systems and the EU General Data Protection Regulation (GDPR). For more information on The Standard or any aspect of the ISF, please visit the ISF website (http://www.securityforum.org/).

About the Information Security Forum

The ISF is an independent, not-for-profit association of leading organizations from around the world. The ISF is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members. For more information on ISF membership, please visit https://www.securityforum.org/.

Contact
John Kreuzer