NIST Resources
A list of references and resources for cybersecurity and IT professionals.NIST Resources
| Resource | Description |
| Guide to NIST 800-30 Methodology | Embark on your Cyber Risk Quantification (CRQ) journey with our comprehensive guide to implementing NIST 800-30. This guide offers step-by-step instructions and insights into best practices for effective CRQ. |
| The NIST Cybersecurity Framework Guide | Using the NIST CSF guide, you can inform your risk management strategy, determine who should have access control, and build or enhance your information security program in a cost-effective way. |
| NIST CSF Implementation Tiers Overview | This guide serves as your roadmap through the NIST CSF implementation tiers, helping you elevate your cybersecurity framework strategically. |
| NIST Risk Management Framework | The NIST management framework is a culmination of multiple special publications (SP) produced by the National Institute for Standards and Technology (NIST) the 6 NIST RMF Steps. |
NIST Privacy and Security Topics
| Topic | Resources |
| Cryptography | |
| Cybersecurity Supply Chain Risk Management | Cybersecurity Risks to Consider in Supply Chain Management |
| General Security and Privacy |
Aligning Security and Privacy Using the NIST Risk Management Framework |
| Identity and Access Management | NIST Cybersecurity Framework (CSF) Core Explained |
| Privacy | Aligning Security and Privacy Using the NIST Risk Management Framework |
| Risk Management | What is a Risk Management Framework? |
| Security and Behavior | How Cyber and IT Risk Quantification Tools are Evolving for the Digital Age |
| Security Measurement | How Risk Quantification Improves Security Posture |
| Security Programs and Measurement | How Modern Cybersecurity Risk Management Programs Have Evolved |
| Systems Security Engineering | The CIS Top 20 Controls Explained |
| Zero Trust | Zero Trust Security – A Quick Guide |
NIST Publications
| Abbreviation | Description | Resource |
| FIPS | Federal Information Processing Standards | NIST SP 800-53 Control Families Explained |
| SP | NIST Special Publications | What is NIST SP 800-53? |
| IR | NIST Interagency or Internal Reports (NIST IR) | Ultimate NIST Cybersecurity Framework Guide - Unpack the NIST CSF in 10 Minutes or Less |
| CSWP | NIST Cybersecurity White Papers | NIST Cybersecurity Framework (CSF) Core Explained |
| Project | Project Descriptions from the National Cybersecurity Center of Excellence (NCCOE) | NIST Cybersecurity Framework (CSF) Core Explained |
| ITL Bulletin | NIST Information Technology Laboratory (ITL) Bulletins (1990-2020) | The Top 10 Cybersecurity Dashboard Metrics Every CIO Needs to Know |
| AI | Artificial Intelligence: Al series reports that are focused on cybersecurity and privacy. | Deep Dive: Artificial Intelligence-Driven Digital Transformation |
| TN | Technical Notes: Studies or reports that are very restrictive in their treatment of a subject. | The Complete Guide To Integrated Risk Management |
NIST Crosswalk Resources
Overview
Crosswalks mapping the provisions of laws and regulations, standards, and frameworks to Subcategories can help organizations prioritize activities or outcomes to facilitate conformance.
Note: These crosswalks are intended to help organizations understand which Privacy Framework Functions, Categories, and Subcategories may be most relevant to addressing the provisions of the source document. Organizations should not assume that implementing these Privacy Framework activities or outcomes means that they have met the provisions of the source document. There may be other activities that organizations need to undertake.
Laws and Regulations Frameworks
CyberSaint offers automated crosswalking through our AI engine, saving you time and effort compared to manually mapping controls in a spreadsheet, offering greater accuracy with our Natural Language Processing (NLP) to improve the accuracy of control mapping between frameworks by understanding the intent behind the control descriptions
Important Reminder: Spreadsheets rely on manual entry, making them prone to errors.
Note: CyberStrong integrates crosswalking with our cyber risk management platform, allowing you to leverage your crosswalked data for assessments and reporting.
Standards
| Standards | Resource |
| ISO/IEC 27701 Crosswalk by Microsoft | ISO/IEC 27701 Crosswalk |
Frameworks
NIST Spreadsheets
| Spreadsheet | Reference |
| Control Catalog Spreadsheet | NIST SP 800-53, Revision 5 Security and Privacy Controls for Information Systems and Organizations |
| Control Baselines Spreadsheet | NIST SP 800-53B Control Baselines |
| Analysis of updates between SP 800-53 Rev. 5 and Rev. 4 | Analysis of updates between NIST SP 800-53 Rev. 5 and Rev. 4 |
| NIST Cybersecurity Framework and NIST Privacy Framework | Cybersecurity Framework/Privacy Framework to NIST Special Publication 800-53, Revision 5 Mapping |
| ISO/IEC 27001 | ISO/IEC 27001 |
| NIST SP 800-171r2 Security Requirements Spreadsheet | NIST SP 800-171r2 Security Requirements Spreadsheet |
| Draft Cybersecurity Framework v1.1 Core | Draft Cybersecurity Framework v1.1 Core (xlsx) |
| NIST CSF 2.0 Organizational Profiles | NIST CSF 2.0 Organizational Profiles |
| NIST SP 800-53 Revision 5 | NIST SP 800-53 Revision 5 |
LEARN ABOUT THE NIST CYBERSECURITY FRAMEWORK
Download the NIST CSF Guide
