NIST CSF reference tool anyone use it?

TheFORCETheFORCE Senior MemberMember Posts: 2,298 ■■■■■■■■□□
Has anyone used the NIST CSF reference tool here? it's basically a small application with all the NIST Cybersecurity framework.  

I have downloaded the tool and I'm trying to add some more columns for my own comments so it is easy for me to find how my internal controls are mapped but I'm having some issues.  Getting errors "your access privileges do not allow you to perform this action."

Anyone able to get this working?

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,933 Admin
    Is this a free tool? Have a link?
  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    @JDMurray yes its a free tool. You can find the windows application and IOS application here
    https://www.nist.gov/cyberframework/csf-reference-tool

    I'm trying to map our policies against that so its easier to organizer and easier to find info. Many times external vendors or auditors they bring up these controls so it would be nice tp enter a new colum next to the control and reference my internal policies so when they come and say show me evidence for AC.P 1.1  i can go to that control and find my policy, evidence and other documents. 
  • NavyMooseCCNANavyMooseCCNA CCNA R&S, ITIL, Security+ ZZ9ZZAMember Posts: 544 ■■■■□□□□□□
    Most of this information is available on the Excel spreadsheet you can get from the CSF site. I use that and columns for various this. I would prefer to use the CSET tool, but my manager overruled me.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,232 Mod
    I haven't used it but I used another proprietary one, they're all similar. Make sure you customise the interview questions, and just use the tool for scoring
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
Sign In or Register to comment.