The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is one of the leading frameworks for private and public sector cybersecurity maintenance and used by organizations of all sizes. The Framework helps to secure information systems and guide key decision points about risk management activities through the various levels of an organization from senior executives, to business and process level, and operations.

NIST has issued special publications focused on improving Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM), however this isn’t a light read. With 5 functions, 23 categories, and 108 subcategories, identifying the NIST CSF security controls applicable to cyber supply chain risk management is a daunting task. On this CPE webinar we will address the specific security controls for third-party information security management and explain how to align risk management processes against these requirements, including how to:

  • Prioritize and assess third-parties using a cyber supply chain risk assessment process,
  • Develop processes for continuously monitoring third-party security postures, and determining control effectiveness,
  • Identify security gaps and conduct response action plans with suppliers and third-party providers,
  • Track the progress of implementing the NIST framework through a 4-tier maturity scale.