Continuum GRC Rolls Out NIST CSF 1.1 Compliance Module for IT Audit Machine (ITAM) Software

NIST Cyber Security Framework Ready

The latest update to the ITAM GRC software includes an easy-to-use module to walk enterprises through compliance with version 1.1 of the popular NIST Cybersecurity Framework.

Continuum GRC, a leading cybersecurity governance, risk and compliance (GRC) firm, today announced that its proprietary IT Audit Machine (ITAM) GRC software now supports version 1.1 of the NIST Framework for Improving Critical Infrastructure Cybersecurity.

The cloud-based ITAM integrates IT governance, policy management, risk management, compliance management, audit management and incident management. Its user-friendly self-help modules encompass the full spectrum of regulatory and industry data security requirements, including NIST 800-53, 800-66 and 800-171, FedRAMP, SOC 1 and SOC 2 COBIT, ISO 27001, 27002 and 27005, SOX, FFIEC, PCI, GLBA, HIPAA, CMS, NERC CIP, DFARS and other federal and state mandates.

Since ITAM already included compliance modules for NIST 800-53 and 800-171, NIST CSF was a natural and logical fit.

Michael Peters, CEO, Continuum GRC

The new ITAM update incorporates the latest version of NIST’s popular Framework for Improving Critical Infrastructure Cybersecurity, also known as the NIST Cyber Security Framework or NIST CSF. Version 1.1 of the NIST CSF was released in April and includes updates on authentication and identity, self-assessing cybersecurity risk, managing cybersecurity within the supply chain, and vulnerability disclosure. Compliance with the NIST CSF is voluntary. The framework offers guidance for organizations to better manage and reduce their cybersecurity risk, based on existing standards, guidelines and practices. Additionally, it promotes risk and cybersecurity management communications between internal and external stakeholders.

“While the NIST CSF was designed for companies that manage the nation’s critical infrastructure, a wide variety of private and public-sector enterprises utilize it,” said Michael Peters, CEO of Continuum GRC. “We continuously solicit feedback from our customers regarding what features and modules they’d like to see in ITAM and as the popularity of the NIST CSF grew, so did customer requests to include a module for it. We are pleased to be able to help enterprises utilize the NIST CSF for risk assessment and strategic planning.”

The NIST CSF is based on NIST 800-53 but is far more concise and uses less technical language, Peters explained. Many enterprises use it to obtain security buy-in from internal decision-makers who may not have technical backgrounds, as well as external partners and suppliers.

“Since ITAM already included compliance modules for NIST 800-53 and 800-171, NIST CSF was a natural and logical fit,” Peters noted.

Enterprises have three versions of ITAM to choose from: a DIY self-help version for companies that handle their compliance and risk management in-house; a Cybervisor-supported version, where organizations can obtain support from Continuum GRC’s compliance experts; and a full-service version, where Continuum GRC’s experts utilize ITAM to perform audits for customers. There is also an edition specifically designed for third-party assessors who want to use the software to service their own clients.

Peters reported that, on average, organizations that switch to ITAM speed up their GRC assessments and reporting processes by 180 percent as compared to traditional audit processes.

“ITAM speeds up GRC audits and reporting so that you can get back to running your business as quickly as possible, but without sacrificing accuracy or cybersecurity,” Peters said.

Source: Continuum GRC


Additional Images