Cybersecurity risk management is a much more popular topic today than it was several years ago. A great example of that is in the attendance numbers at the National Institute of Standards and Technology (NIST) Cybersecurity Framework Workshop 2017, in which attendees are seeking more knowledge about NIST’s recently developed Cybersecurity Framework (CSF). This specific yet flexible CSF is a set of voluntary industry standards and best practices that help organizations manage cybersecurity risks in an accessible and easy-to-understand format for both IT professionals and boardroom executives.

Here are some key factors that demonstrate the power of NIST’s CSF:


From its flexibility to its constantly evolving framework, the accessibility of the NIST CSF allows organizations to tailor its basic principles to cater to their specific needs. The framework’s core five functions (Identify, Protect, Detect, Respond, and Recover) are not static, but rather can be performed in a continuous or evolving manner to effectively addresses an organization’s cybersecurity risks.


Automation tools like BALLAST can help organizations become accustomed to the NIST CSF without expensive costs to maintain compliance.  Since BALLAST does not lock users into any single framework, organizations are taking advantage of that flexibility to build the NIST CSF into their risk assessment methodology.  Through an intuitive reporting dashboard and tracking system like BALLAST, organizations can implement and maintain an ongoing cyber risk management process, providing the data needed to prove security achievement objectives and efforts to create solutions.


The growing adoption of the NIST CSF contributes to a common acceptance and understanding of cybersecurity strategies across multiple organizations. As of 2015, 30 percent of organizations in the United States have adopted the NIST CSF, and the numbers continue to grow, leading to the federal government also taking notice and adopting as well. This broader adoption movement of the NIST CSF will help form a universal language across organizations and government entities.

LBMC Information Security’s team members have extensive experience in a variety of industries with security and compliance mandates. We help you achieve compliance while providing the insights your leaders and stakeholders need to make better business decisions. Whether you are just getting started with federal compliance or have been navigating regulations for years from another provider, our experts can help you maintain NIST compliance in a complex landscape. Contact us today.

Mark Fulford

Mark Fulford

Mark Fulford, CISSP, CISA, ABCP, CRISC, is a Shareholder in the risk services division of LBMC, PC. With nearly 25 years of experience in information security audit and compliance, Mark understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his expertise includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, HITRUST compliance, as well as providing assurance to clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, his focus has been on helping organizations identify and manage information security risks through both guided and automated risk assessment techniques.