CASE STUDY:
NIST FRAMEWORK ASSESSMENT

NIST Cyber Security Framework Assessment

In February 2014, the National Institute of Standards and Technology (NIST) released the Framework for Improving Critical Infrastructure Cyber Security in response to Executive Order 13636, which called for the development of a voluntary risk-based Cyber Security Framework.

Delta Risk developed and executed a methodology for applying the Framework to assess the cyber security of counties and other critical infrastructure providers that support the National Capitol Region. The assessment was based on answers provided in a comprehensive self-reported survey conducted online.

We developed a report providing insights into organizations’ current security profile – as defined in the NIST Framework – which is used as a general indicator of how robust or rigorous cyber security activities are implemented as part of the organization’s overall risk management processes. We aligned and presented the results within the security activities of the Framework “Categories.” Our report provided recommendations based on the Category results and in comparison to a representative Target Profile. The Target Profile was generated by Delta Risk’s recommendation based on the organization’s characteristics and purpose. In keeping with the intended approach of the NIST Framework, a single overall assessment “rating” of the organization was not determined or provided.