If the agency already has an existing cybersecurity lead (CISO, SISO, Cybersecurity Director, etc.), please click the Implementation Steps button below. If the agency does not have a cybersecurity lead and they need help figuring out what experience and expertise they need, please click the “Why & What is a Cybersecurity Lead?” button below. Quite often someone within the agency will have the necessary skillsets, and if they don’t they can help a new hire or consultant through their familiarity of their agency’s systems and cybersecurity program.
The NIST Framework is the core of this implementation/enhancement tool and as such familiarity with NIST itself is key to its use. Having familiarity with other cybersecurity frameworks (COBIT, ISO 27001, etc.) will help with the understanding of the NIST security controls, as they are similar in their composition.