Press Release


 How to Implement the US Cybersecurity Framework: New ISACA Guidance 

Rolling Meadows, IL, USA (12 August 2014)—The technology that supports and protects an organization’s information is increasingly advanced and connected. It is also increasingly under attack. Earlier this year, the National Institute of Standards and Technology released the US Cybersecurity Framework (CSF) to help critical infrastructure providers. Now, new guidance from ISACA, an association of 115,000 global technology and business professionals, helps organizations of all sizes and in all industries use the CSF.

The CSF, released in February 2014, included ISACA’s COBIT framework as a core reference. ISACA’s Implementing the NIST Cybersecurity Framework shows how organizations can implement the CSF guidance using ISACA processes. The publication maps to each of the CSF steps and activities, extending the CSF guidance with practical, measurable activities.

“Most organizations know they need to ramp up their security efforts, but they need a road map that helps them protect their business assets,” said Greg Witte, an author of the publication and senior security engineer for G2 Inc. “This guidance provides a proven approach and manageable processes that will help them achieve measurable improvement.”

Implementing the NIST Cybersecurity Framework answers the following questions:

  1. What are the core components of the CSF?
  2. How do COBIT principles align with the CSF?
  3. Should our organization align to the CSF?
  4. How do I create a profile for my organization?
  5. Where can I find sector-specific implementation information?
  6. Where can I find templates to help me implement the CSF?

 A supplementary tool kit provides those templates.

“Cybersecurity is a top priority for ISACA, and it is our mission to help enterprises improve their security efforts and develop their security workforces,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA. “As part of our Cybersecurity Nexus, we’ve issued this implementation guidance to help organizations take practical steps to improving their cybersecurity and protecting their information and infrastructure.”

The guide and toolkit are available as free downloads for ISACA members. Members can also purchase a print copy of the book for US $35. Nonmembers can purchase the PDF or print version for US $60.  



With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),   

Like ISACA on Facebook:



Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,