CREATe Leading Practices for Cybersecurity

A service that aligns with the NIST Cybersecurity Framework

CREATe Leading Practices for Cybersecurity enables companies to assess and improve the maturity of an organization’s cybersecurity approach. Aligned to the NIST Cybersecurity Framework, the service offers a practical way to identify the weaknesses of internal controls – or that of your supply chain and business partners – and implement a road map for improvement.

A cost-effective way to benchmark your cybersecurity approach to leading standards and the NIST Cybersecurity Framework.

Measures maturity of controls against the NIST Framework and provides a tailored roadmap for improvements.

Scalable to use across an enterprise and with third party partners.

How it Works

CREATe Leading Practices for Cybersecurity builds on existing business processes. The service features:

1. Robust Assessment

The comprehensive online assessment covers the NIST Framework’s 98 subcategories of controls that define effective cybersecurity. The assessment includes questions designed to determine the maturity of the current approach. Maturity is measured on a scale of 1 to 5 (most mature). Scores are generated immediately and benchmarked against the scores of other organizations that have taken the assessment. This provides an immediate picture of cybersecurity strengths and weaknesses and how the approach aligns to the NIST Framework.

2. Enabling Technology Platform

The CREATe technology platform provides a user-friendly interface for taking the assessment; and enables the ability to manage dozens, or even thousands of cybersecurity assessments. It also offers efficient record-keeping; the ability to integrate independent verification into the workflow; and robust reporting capabilities including the ability to view assessment answers in a ‘NIST Framework’ view or a CREATe view that is aligned with how companies plan, budget and implement cybersecurity programs.

3. Guidance & Improvement

A CREATe expert conducts an independent evaluation of the assessment results. The process includes an interview and review of documents, and generates a second set of scores and benchmark reports. CREATe provides an actionable road map with the experts’ observations, recommendations and a path to achieving more effective internal controls. CREATe supports implementation through ongoing assistance and access to guides, tools and resources.

More CREATe Leading Practices Services:

IP Protection

A service to assess and then improve the intellectual property protection controls in your organization or that of your supply chain and other business partners.

Learn more

Trade Secret Protection

A service to help companies measure and build the internal controls to prevent theft and misappropriation of business critical information.

Learn more


A service aligning with the ISO 37001 anti-bribery management systems standard and providing actionable guidance to build or improve an anti-corruption program.

Learn more