Home / Resources / ISACA Journal / Issues / 2020 / Volume 1 / The NIST Cybersecurity Framework Third Parties Need Not Comply


The NIST Cybersecurity Framework—Third Parties Need Not Comply

Author: Thea Janeway, CISA
Date Published: 12, February 2020

How can an organization make third parties comply with NIST?” This question haunts risk management professionals (and their lawyers) who are familiar with all five functions, 23 categories and 108 subcategories of the Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST). Achievement of all CSF objectives just does not seem possible. There is a good reason for that: The CSF is not intended to be “complied with.” In fact, according to the US regulator of consumer data protection laws, the CSF is...


Members, login to keep reading.

Not a member but want to read more?
Explore ISACA member benefits today.

language icon

Journal Translated Articles Are Currently Unavailable

We’re in the process of moving our translated Journal articles to our new platform. Please hold tight—they’ll be available again in mid-February.