2021 Cyber and Technology Risk Management Forum

Frameworks

NIST CSF

 Designed for managing and reducing cyber risk in critical industries, the NIST Cybersecurity Framework (CSF) is the overarching guidance CSBS uses for all systems.  Organized into five key Functions – flexible and can be adapted to accommodate more prescriptive frameworks, like FISMA, CJIS, and SOC.

Frameworks FISMA & CJIS

The Federal Information Security Modernization Act (FISMA) mandates following the current version of NIST SP800 ‐ 53, currently Rev 5, for Federal Systems. FISMA is much more detailed and prescriptive than CSF and includes Privacy ‐ specific controls. It is applied by CSBS to NMLS, SES, and CRM. The Criminal Justice Information Service (CJIS) Security Policy is similar to FISMA in prescriptive controls but applies to Criminal History Record Information (CHRI) and is overseen by the FBI. CJIS is applicable to NMLS and the Background Check Automation System (BCAS) subsystem managed by Fieldprint.