NIST CSF v1.1 Assessment and Reporting Capabilities

Raiffeisen Schweiz Genossenschaft (one of our customers) was looking for NIST CSF (CyberSecurity Framework) v1.1 assessment & reporting capabilities in the tool.

Based on the discussions with the customer, we realize that the below are gaps.

Assessment List of Values changes based on Plan Category (NIST CSF v1.1 Category shows the 5 Maturity Levels instead of the Designed Effectively, Operating Effectively options within the drop-down)

Objectives Target Score - A Target score definition for the Category (Objective Library) needs to be defined, a configuration field to help the customer define their target score on the Objective form and report on it will be useful.

Reporting output partially available

List Report (Test Executions) showing maturity levels by Requirements, Controls available

Objectives based Reporting of Consolidated Scores needed

Spider Diagram Report Output

Further details in the slides attached which we reviewed with the customer and he (Robert) agreed were accurate in terms of our understanding. He was keen to choose Option 1 (with no changes/extensions) - and was not keen to go with Option 2 (Survey functionality).

The NIST CSF v1.1 assessment as a component will help Partner Delivery/Velocity teams delivering OOTB pre-packaged products to customers on their Cyber security maturity journey - The content is already available free and loaded for customer asks, the requirement here is to support the assessment and reporting pieces also.