A cost-effective way to benchmark your cybersecurity approach to leading standards and the NIST Cybersecurity Framework.
Measures maturity of controls against the NIST Framework and provides a tailored roadmap for improvements.
Scalable to use across an enterprise and with third party partners.
How it Works
CREATe Leading Practices for Cybersecurity builds on existing business processes. The service features:
1. Robust Assessment
The comprehensive online assessment covers the NIST Framework’s 98 subcategories of controls that define effective cybersecurity. The assessment includes questions designed to determine the maturity of the current approach. Maturity is measured on a scale of 1 to 5 (most mature). Scores are generated immediately and benchmarked against the scores of other organizations that have taken the assessment. This provides an immediate picture of cybersecurity strengths and weaknesses and how the approach aligns to the NIST Framework.
2. Enabling Technology Platform
The CREATe technology platform provides a user-friendly interface for taking the assessment; and enables the ability to manage dozens, or even thousands of cybersecurity assessments. It also offers efficient record-keeping; the ability to integrate independent verification into the workflow; and robust reporting capabilities including the ability to view assessment answers in a ‘NIST Framework’ view or a CREATe view that is aligned with how companies plan, budget and implement cybersecurity programs.
3. Guidance & Improvement
A CREATe expert conducts an independent evaluation of the assessment results. The process includes an interview and review of documents, and generates a second set of scores and benchmark reports. CREATe provides an actionable road map with the experts’ observations, recommendations and a path to achieving more effective internal controls. A specific improvement project will also be identified and implemented. CREATe supports implementation through ongoing assistance and access to guides, tools and resources.