Wave #4
Approved OLIRs and Podcast Appearance
Good afternoon fellow wave seekers, here’s the latest news on the STLLC front:
First and foremost, our community outreach program continues to make progress in supporting a more connected cybersecurity risk management ecosystem. Our OLIR, which formalizes ISO/IEC 27001 to the NIST CSFv1.1 mapping in the CSF Core, has cleared the public comment period and is now final. For more information on the NIST OLIR program, see our previous blog post here. In going final, this OLIR stands as the only reference to directly link the two documents in a NIST approved format. Users can now go to the NIST OLIR Derived Relationship Mapping page and get a tabular view of the data within the OLIR compares to other documents.
STLLC is committed to moving the community towards a more open, transparent, and connected data ecosystem. While this particular resource is just once piece of a much, much bigger puzzle, there is value in creating avenues for automation in any section of the ecosystem. We are actively working with NIST on their new data initiative, the Cybersecurity and Privacy Reference Tool (CPRT). Stay tuned for more tools that implement CPRT in the near future. We are interested in working with NIST as well as others (send us an email!) to continue bringing these disparate data sets into the next stage of cybersecurity risk management automation.
In other good news, STLLC Founder and CEO, Matthew Smith, was recently featured on the CISO Stories Podcast with host Todd Fitzgerald. This podcast highlights CISOs and their experiences with cybersecurity risk management. In years previous, Matthew and Todd worked together on the CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers where Matthew was featured in an article detailing the use of the NIST CSF in international settings. The podcast builds on that topic as well as highlights uses, benefits, and opportunities for improvement of the CSF. Have a listen and let us know if you can think of other ways to use the NIST CSF!