Tools to help with new NIST framework

Promontory provides tools to exploit the new US cyber-security standards that help financial businesses defend against third party risks

A new Web-based tool to assist companies in using a new cyber-security framework released by the National Institute of Standards and Technology (NIST) has just been announced by the Promontory Financial Group.

The company, headquartered in the USA capital, Washington, D.C., claims to be the world’s foremost expert in financial risk, regulation, and compliance. It helps companies and governments around the world manage complex risk and meet their regulatory challenges.

“Regulators have recently noted the potential for third-party vendors to represent a weak link in an institution’s overall information-security system”

The `Framework for Improving Critical Infrastructure Cyber-security’ was developed by NIST as directed in a February 2013 executive order in the USA that called for a voluntary, risk-based framework incorporating industry-leading practices and standards. Supervisors are likely to draw upon the framework when conducting examinations and updating their examination procedures.

It is widely expected to become a critical component of any rigorous cybersecurity program in both financial and nonfinancial institutions.

"Many firms with high-performing cyber-risk management functions are already using elements of the framework internally,” said Earl Crane, a senior principal at Promontory. “However, they are now starting to use the framework to communicate their requirements and hold accountable their vendors, third-party service providers, and outsourced operations.”

The flexible, Web-based Cyber-risk Assessment Tool allows financial institutions to identify, manage, and report on cyber-security risk, consistent with existing regulatory frameworks. The software, designed by industry experts and former compliance examiners, can be used to guide a company as it uses the NIST framework to improve its cyber-risk management programs and assess the cyber-security of third parties.

“Regulators have recently noted the potential for third-party vendors to represent a weak link in an institution’s overall information-security system,” Crane said. “We believe this is the first tool to use the framework to manage vendor cyber-risk and reduce third-party risk exposure.”

Though the NIST cyber-security framework is voluntary, it is already seen as emerging as one of the most important blueprints for cyber-risk management in regulated and non-regulated companies. Its existence helps companies use the framework in a robust, well-documented, and user-friendly way.

The EU Data Act is pushing SMEs and MSPs towards a multi-cloud, multi-vendor approach to mitigate...
Almaviva partners with OVHcloud to enhance compliant and sovereign digital solutions across...
Rebranding to Hammer Distribution, the company renews its commitment to distinguished service and...
Gcore introduces AI Cloud Stack, enabling CSPs and enterprises to deploy scalable, profitable AI...
Datadog surpasses 1,000 integrations, enhancing its platform's observability across diverse...
The numbers are in, and they paint a picture of transformation at unprecedented scale. As MIT's...
Alcatel-Lucent Enterprise introduces Rainbow Hospitality, a cloud solution transforming...
In a strategic move for growth, Open Line announces plans to join Conscia Group, furthering their...