The NIST Cybersecurity Framework was first published in 2014 for operators of U.S. critical infrastructure and is now the de facto cybersecurity framework for a wide range of businesses and organizations across industries. Organizations link their cyber approaches to the Framework’s core functions of Identify, Protect, Detect, Respond and Recover to manage their cybersecurity strategy and identify areas for improvement.
Once aligned, an organization can use the NIST Cybersecurity Framework as evidence when seeking certifications or shopping for cyber insurance. Good cyber risk practices will result in a less expensive premium for cyber insurance services.
NIST hosted a Cybersecurity Risk Management Conference from November 7-9 in Baltimore, MD to discuss the current state of cybersecurity risk management and approaches being employed to strengthen quality and resiliency in the software development lifecycle and supply chain. Marc Jones, CISQ Director of Public Sector Outreach, presented on the automated quality characteristic measures developed by CISQ for measuring software Security, Reliability, Performance Efficiency and Maintainability to industry-supported standards.
The slide below depicts how the coding standards from CISQ map to various steps in the NIST Cybersecurity Framework. Download the presentation deck, Measuring the Cybersecurity Risk of Software-Intensive Systems, to learn more.
CISQ’s global private sector and government membership appreciates the continued support and input provided by NIST leadership over the last 6 years to support impactful and measurable automated software risk standards.