Contact us
PCI-GO
  • Dashboards
  • PCI eBook
  • Blog

Comparison NIST - Cybersecurity framework against PCI DSS 3.2

6/13/2017

6 Comments

 

NIST Cybersecurity framework 

​The United States depends on the reliable functioning of the Nation’s critical infrastructure. To reduce the inherent risks this president Barak Obama published an executive order – Improving critical infrastructure cybersecurity. The order dated February 2013 directs the National Institute of Standards and Technology (NIST) to lead the development of a Cybersecurity framework intended to provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risks. NIST released the first version of the Framework for Improving Critical Infrastructure Cybersecurity on February 12, 2014. In January 2017, NIST released an updated version of this framework.
 
The NIST - Cybersecurity Framework includes a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. It identifies cross-industry standards and technology neutral best practices. 
​Adoption of this framework by owners and operators of critical infrastructures and any other interested entities is voluntary. There is no compliance/regulation associated. 

The Cybersecurity framework 1.1 and PCI DSS 3.2

I endeavoured to compare the Cybersecurity framework against PCI DSS 3.2.  The below picture provides the overall outcome of this gap analysis for each category of the Cybersecurity framework. For detailed insights please review the here attached spreadsheet which provides the matching requirements as well as an indication of the level of matching for each function, category and sub-category of the cybersecurity framework.  
Picture
cybersecurity_v1.1_vs_pci_dss_3.2.xlsx
File Size: 53 kb
File Type: xlsx
Download File

What next? Community review

The outcome of this analysis is based on my own experience of PCI and Cybersecurity framework. It is now subjected to the community review. Any objection, suggestion ? please comment this blog. 
6 Comments

    Archives

    October 2023
    September 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    April 2020
    July 2019
    February 2019
    January 2019
    August 2018
    May 2018
    February 2018
    January 2018
    December 2017
    October 2017
    July 2017
    June 2017
    April 2017
    February 2017
    January 2017
    December 2016
    July 2016
    June 2016
    May 2016
    April 2016
    February 2016
    January 2016
    October 2015
    August 2015
    January 2015
    July 2014

    RSS Feed

Powered by Create your own unique website with customizable templates.