More than ever, organizations must balance a rapidly evolving cyber threat landscape against the need to fulfill business requirements. To help these organizations manage their cybersecurity risk, NIST convened stakeholders to develop a cybersecurity framework that addresses threats and supports business. While the primary stakeholders of the framework are U.S. private-sector owners and operators of critical infrastructure, its user base has grown to include communities and organizations across the globe. Read more
NIST is a trusted government affiliate that establishes baselines of controls and practices to build and successfully implement cyber readiness into any organization. NIST produces publications detailing how controls should be used and how they can be implemented. NIST produces federal standards that all federal agencies must abide by and provides resources to meet those standards.
The Center for Internet Security (CIS) is an independent, nonprofit organization with a mission to create confidence in the connected world. CIS published controls and baselines any organization can use to identify gaps in their controls and build a successful control framework around industry standard best practices.
The CIS Controls are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. CIS Controls v8 has been enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, work-from-home, and changing attacker tactics prompted the update and supports an enterprise's security as they move to both fully cloud and hybrid environments. Read more
The Texas Department of Information Resources (DIR) has put together information security resources for organizations to begin assessing cybersecurity infrastructure and build cybersecurity plans based on accepted standards for baseline cyber controls. This template, developed by DIR, was created through collaboration between government and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way, based on business needs, without placing additional regulatory requirements on agencies. Read more