4 New and Free Resources by NIST

I haven't used my LinkedIn Newsletter in a while. But, due to popular request, I'm giving it another shot.

You can find a full archive of all my articles right here: https://blog.grclab.com/

Read time:?2 minutes

Welcome to The GRC Lab, a weekly newsletter where I provide actionable advice to help you launch, grow and accelerate your career in Governance, Risk and Compliance

Today at a Glance

• New and free introductory courses by NIST
• NIST CSF 2.0 crosswalk to NIST SP 800-53

I was honoured to to be featured alongside Dan Lohrmann (Field CISO at Prescidio),?Norman Kromberg (CISO at NetSPI) and Girish Redekar (Co-Founder at Sprinto) in a panel discussion on?evaluating cybersecurity readiness ?

Watch now: https://app.livestorm.co

This week NIST has really exceeded my expectations.

Out of nowhere, they have launched a trio of self-guided, introductory online courses, for three of their publications.

Free Introductory Courses by NIST

The courses released cover the following publications:

• NIST SP 800-53: This course offers an in-depth look into the SP 800-53, Security and Privacy Controls for Information Systems and Organizations. You will explore the control catalog and delve into each control family, helping you to establish a fundamental understanding of how controls are used to manage risks.
• NIST SP 800-53A: Based on SP 800-53A, this course focuses on the methodologies for assessing the controls of NIST SP 800-53. It provides detailed insights into the structure of assessment procedures and the objectives of these assessments, empowering users with the knowledge to conduct thorough evaluations of security and privacy controls.
• NIST SP 800-53B: Centered on SP 800-53B, this course educates users on security and privacy control baselines and offers guidance on how to tailor these controls to specific organizational needs.

Each course is designed to last between 45-60 minutes, is available free of charge, and does NOT require registration. This is a great opportunity especially for beginners or people looking to transition into this field.

You can find the new courses here: https://csrc.nist.gov

Crosswalk NIST CSF 2.0 to SP 800-53

When NIST released version 2.0 of its popular Cybersecurity Framework (CSF) a couple of weeks a go, many have been questioning where to find a crosswalk to NIST SP 800-53. To my, and many others surprise, no crosswalk was available - until now.

Where to find it?

The crosswalk can be found in the Computer Security Resource Center.

1. Access: https://csrc.nist.gov/projects/cybersecurity-framework/
2. Open Filter

3. Select SP 800-53 Rev. 5.1.1

Categories and subcategories are now extended by the relevant security and privacy controls of NIST SP 800-53, which can be very helpful when determining an action plan to improve the cybersecurity posture of an organization.

Whenever youre ready, there are 3 ways I can help you:

1. ISO 27001 Lead Implementer Course : Join 8,500 students in mastering ISO/IEC 27001:2022. This comprehensive 8 hour course will teach you a proven 12-Step methodology with ready-to-use templates, saving you and your organisation hundreds of hours.
2. ISO 27001 Starter Kit : Simplify your Path to Compliance with a customizable Project Plan, a set of reference processes and supporting resources.
3. BPMN 2.0 for Enterprise Architects : Learn how to model business processes with BPMN 2.0