Sep 08 2023

NIST Gap Assessment Tool

Category: NIST CSF,NIST Privacydisc7 @ 1:23 pm

The NIST Gap Assessment Tool will cost-effectively assess your organization against the NIST SP 800-171 standard. It will help you to:

  • Understand the NIST SP 800-171 requirements for storing, processing, and transmitting CUI (Controlled Unclassified Information)
  • Quickly identify your NIST SP 800-171 compliance gaps
  • Plan and prioritise your NIST SP 800-171 project to ensure data handling meets U.S. DoD (Department of Defense) requirements

Get started with your NIST SP 800-171 compliance project

The DoD requires U.S. contractors and their subcontractors to have an available assessment of their compliance with NIST SP 800-171. As part of a national movement to have a consistent approach to cybersecurity across the U.S., even organizations that store, process, or transmit unclassified and/or sensitive information must complete an assessment.

ITG NIST Gap Assessment Tool provides the assessment template you need to guide you through compliance with the DoD’s requirements for NIST SP 800-171. The tool lays out all 14 categories and 110 security controls from the Standard, in Excel format, so you can complete a full and easy-to-use assessment with concise data reporting.

What does the tool do?

  • Features the following tabs: ‘Instructions’, ‘Summary’, and ‘Assessment and SSP (System Security Plan)’.
  • The ‘Instructions’ tab provides an easy explanation of how to use the tool and assess your compliance project, so you can complete the process without hassle.
  • The ‘Assessment and SSP’ tab shows all control numbers and requires you to complete your assessment of each control.
  • Once you have completed the full assessment, the ‘Summary’ tab provides high-level graphs for each category and overall completion. Analysis includes an overall compliance score and shows the amount of security controls that are completed, ongoing, or not applied in your organization.
  • The ‘Summary’ tab also provides clear direction for areas of development and how you should plan and prioritize your project effectively, so you can start the journey of providing a completed NIST SP 800-171 assessment to the DoD.

This NIST Gap Assessment Tool is designed for conducting a comprehensive compliance assessment.  NIST SP 800-171 Assessment Tool.

The Complete DOD NIST 800-171 Compliance Manual: Comprehensive Controlled Unclassified Information (CUI) Marking & Handling Section

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: NIST Gap Assessment Tool, NIST SP 800-171

Aug 03 2022

NIST Gap Assessment Tool

Category: NIST CSFDISC @ 2:48 pm

NIST 800-171a/CMMC 2.0 Self-Assessment Guide

NIST Cybersecurity Framework – A Pocket Guide

DISC InfoSec

#InfoSecTools and #InfoSectraining



Ask DISC an InfoSec & compliance related question

Tags: NIST 800-171, NIST Gap Assessment Tool

Feb 21 2022

New Version of the NIST CSF Tool

Category: NIST CSF,NIST PrivacyDISC @ 9:32 am

By John Masserini


I am quite thrilled to announce that the long-overdue update to my NIST CSF tool V2.0 is finally done. While this new version generally looks the same as the prior one, there are substantial changes underneath which will make updating it in the future far easier.

Originally released in January of 2019, it has become the most popular page on the site, with almost 20,000 downloads. To get a full understanding of the tool, you can read the original post here which goes into great detail about why it was developed and how to use it.

After numerous requests, I have also added the NIST Privacy Framework to the tool as well. The same logic has been applied here as to the CSF side – it’s just as, or perhaps even more, important to measure what you do (your practices) against what you say you do (your policies) when it comes to Privacy as it is Security.

As always, I welcome suggestions and feedback. The email to reach me is in the worksheet.

You can find the new version on the Downloads page.

NIST Cybersecurity Framework: A pocket guide 

Tags: NIST CSF Tool

Jan 12 2022

NIST Cybersecurity Framework (CSF)

Category: Information Security,NIST CSFDISC @ 10:34 am

NIST Cybersecurity Framework – A Pocket Guide

NIST Cybersecurity Framework - A Pocket Guide

Tags: CSF, NIST Cybersecurity Framework

Mar 11 2021

Get More Value from NIST CSF, MITRE ATT&CK and COSO ERM with RiskLens

Category: Attack Matrix,NIST CSFDISC @ 11:13 pm

MITRE ATT&CK matrices

MITRE ATT&CK is a tool to help cybersecurity teams get inside the minds of threat actors to anticipate their lines of attack and most effectively position defenses. MITRE ATT&CK works synergistically with FAIR to refine a risk scenario (“threat actor uses a method to attack an asset resulting in a loss”).

Enter an asset into the MITRE ATT&CK knowledge base and it returns a list of likely threat actors and their methods to inform a risk scenario statement. It also helps to fill in color and detail for the FAIR factors, such as the relative strength of threat actors likely to go after an asset or the resistance strength of the controls around the asset, as well as the frequency of attack one might expect from these actors, based on internal or industry data (housed in the Data Helpers and Loss Tables on the RiskLens platform). All these are ultimately fed into the Monte Carlo simulation engine to show probable loss exposure for the scenario. The data we collect on our assets and threat actors can be stored in libraries on the platform for repeat use.

MITRE ATT&CK also suggests controls for mitigation efforts specific to attacks. As with the controls suggested by NIST CSF, we can assess those in the platform for cost-effectiveness in risk reduction in financial terms.

Finally, RiskLens + MITRE ATT&CK can help refine tactics for the first line of defense. With a clear sense of top risk scenarios generated by RiskLens, and a clear sense of attack vectors for those scenarios, the SOC can better prioritize among the many incoming alerts based on potential bottom-line impact.


Nov 18 2020

Senate passes bill to secure internet-connected devices against cyber

Category: NIST CSF,NIST PrivacyDISC @ 11:40 pm

The Senate this week unanimously passed bipartisan legislation designed to boost the cybersecurity of internet-connected devices.

The Senate passes a bill that would require all internet-connected devices purchased by the US government to comply with NIST’s minimum security recommendations

The Internet of Things Cybersecurity Improvement Act would require all internet-connected devices purchased by the federal government — such as computers and mobile devices — to comply with minimum security recommendations issued by the National Institute of Standards and Technology.

The bill would require private sector groups providing devices to the federal government to notify agencies if the internet-connected device has a vulnerability that could leave the government open to attacks.

The legislation, which the Senate advanced on Tuesday, was passed unanimously by the House in September. It now heads to President Trump for a signature.

“Most experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand,” Gardner noted in a separate statement. “We need to make sure these devices are secure from malicious cyber-attacks as they continue to transform our society and add countless new entry points into our networks. Ensuring that our government has the capabilities and expertise to help navigate the impacts of the latest technology will be important in the coming years and decades.”

Source: Senate passes bill to secure internet-connected devices against cyber

Dec 07 2019

NIST CyberSecurity Framework and ISO 27001

Category: Information Security,ISO 27k,NIST CSFDISC @ 6:54 pm

NIST CyberSecurity Framework and ISO 27001

[pdf-embedder url=””]

How to get started with the NIST Cybersecurity Framework (CSF) – Includes Preso

Written Information Security Program (WISP) – ISO 27002, NIST Cybersecurity Framework & NIST 800-53

What is ISO 27001?

Virtual Session: NIST Cybersecurity Framework Explained

Enter your email address:

Delivered by FeedBurner

Tags: iso 27001, NIST CSF, NIST RMF

Oct 14 2019

The best practice guide for an effective infoSec function

Building ISMS

The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization.

This comprehensive report is a must-have reference for executives, senior managers and folks interested in the information security management area.


Practice Guide

Open a PDF file The best practice guide for an effective infoSec function.

How to Build a Cybersecurity Program based on the NIST Cybersecurity Framework

Beginners ultimate guide to ISO 27001 Information Security Management Systems

Conducting a cybersecurity risk assessment

Subscribe to DISC InfoSec blog by Email

Tags: isms

Sep 21 2019

How to get started with the NIST Cybersecurity Framework (CSF) – Expel

Category: NIST CSF,Security ComplianceDISC @ 11:02 am

We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.

Source: How to get started with the NIST Cybersecurity Framework (CSF) – Expel

The CyberSecurity Framework Ver 1.1 Preso
[pdf-embedder url=”” title=”NIST CSF 1.1 preso”]

Virtual Session: NIST Cybersecurity Framework Explained

CSS2017 Session 14 SANS Training – NIST Cyber Security Framework

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certification | Edureka

Free PDF download: NIST Cybersecurity Framework and ISO 27001 | IT Governance USA

Subscribe to DISC InfoSec blog by Email