Details on NIST CSF usecase accelerator framework Plugin

Ishaan Mishra
Tera Contributor

Hi Community,

 

I have a few queries on NIST CSF Use case accelerator plugin, I am very new to understand the NIT framework and wanted to ask few questionsbefore suggesting anyhting to stakeholders.

 

1. Upon installing the NIST plugins do we get Control Objectives and Risk Statements which are issued by NIST, if yes then does that mean that those objectives can be updated with new releases of the NIST framework(if the framework is updated by NIST)?

2. What all are the workflow that gets enabled when we install the NIST framework plugin

 

I have already gone through the ServiceNow documents but could not found any solid base to answer such queries.

Please respond to my post, quick help is much appreciated.

 

Thanks

2 REPLIES 2

naveenkaush
Tera Contributor

Sure, I hope the below clarify these points for you:

 

  1. Control Objectives and Risk Statements: When you install the NIST CSF Use Case Accelerator plugin, you do get pre-configured control objectives and risk statements that align with the NIST Cybersecurity Framework (CSF). These objectives and statements are based on the latest version of the NIST CSF at the time of the plugin's release.

If NIST updates the framework, ServiceNow typically updates the plugin to reflect these changes, so you would need to update the plugin to get the latest control objectives and risk statements.

  1. Workflows Enabled: Installing the NIST CSF Use Case Accelerator plugin enables several workflows within the ServiceNow Governance, Risk, and Compliance (GRC) applications. These include:
    • Policy and Compliance Management: Helps in defining and managing policies and compliance requirements.
    • Risk Management: Facilitates the identification, assessment, and mitigation of risks.
    • Audit Management: Supports the planning, execution, and reporting of audits.
    • Framework Core and Profiling: Provides structured ways to define and execute risk and cybersecurity management actions in accordance with the NIST CSF.

If you have any more questions or need further clarification, feel free to ask.

Thanks a lot Naveen, this helps