The NIST Cybersecurity Framework (CSF)-based Written Information Security Program (WISP) is a set of cyber security policies and standards that are suited for smaller organizations that do not need to address more rigorous requirements that are found in ISO 27002 or NIST 800-53.
This WISP product is ideal for organizations that control sensitive data and need to align with the leading cyber security best practices, but do not have multiple compliance, statutory, regulatory, and contractual obligations that require a more robust cyber security framework.
For this reason, the NIST CSF version of our WISP is very popular with insurance brokers, smaller financial organizations, law firms, and other small organizations. Apart from being completely customizable, it’s a fraction of the cost of writing one yourself or hiring an outside consultant to write one for you.
What does the NIST Cybersecurity Framework (NIST CSF)-based Written Information Security Program (WISP)?
- Customizable cyber security policies & standards in an editable Microsoft Word format.
- Each of the NIST Cyber Security Framework control is mapped to a standard within the WISP and each of those standards is mapped to a policy statement.
- The NIST CSF-based WISP covers version 1.1 of the NIST Cyber Security Framework.
- The WISP addresses the “why?” and “what?” questions in an audit, since policies and standards form the foundation for your cyber security program.
- The WISP provides the underlying cyber security standards that must be implemented and maintained, as stipulated by statutory, regulatory, and contractual requirements.
- The WISP communicates what is expected of employees from a cyber security perspective.
NIST Cybersecurity Framework (NIST CSF)-based Written Information Security Program (WISP) maps the following leading practices:
- NIST Cybersecurity Framework
- Federal Acquisition Regulation (FAR) 52.204-21
- Federal Financial Institutions Examination Council (FFIEC)
- Gramm-Leach-Bliley Act (GLBA)
- NY Department of Financial Services (NY DFS) 23 NYCRR 500
- MA 201 CMR 17.00
- Oregon ID Theft Protection Act (ORS 646A)
Benefits of a NIST CSF WISP:
- Decreased costs – less reactive IT support
- Compliance coverage
- Improved productivity – decreased distractions
- Less virus & malware outbreaks – decreased downtime & expense
- More efficient operations – better performing network & computers
- Increased accountability of assets & resources
- Educated & trained employees
- Proper documentation to remove liability