{"id":34171,"date":"2020-03-30T19:58:00","date_gmt":"2020-03-30T19:58:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/brandpost-how-to-prepare-for-your-next-cybersecurity-compliance-audit\/"},"modified":"2020-03-30T19:58:00","modified_gmt":"2020-03-30T19:58:00","slug":"brandpost-how-to-prepare-for-your-next-cybersecurity-compliance-audit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/brandpost-how-to-prepare-for-your-next-cybersecurity-compliance-audit\/","title":{"rendered":"BrandPost: How to Prepare for Your Next Cybersecurity Compliance Audit"},"content":{"rendered":"
<\/div>\n

Reading a list of cybersecurity compliance frameworks is like looking at alphabet soup: NIST CSF, PCI DSS, HIPAA, FISMA, GDPR\u2026the list goes on. It\u2019s easy to be overwhelmed, and not only because of the acronyms. Many frameworks do not tell you where to start or exactly how to become compliant. Cybersecurity best practices from the Center for Internet Security (CIS)<\/a> provide prioritized, prescriptive guidance for a strong cybersecurity foundation. And, they support your efforts toward compliance with the aforementioned alphabet soup.<\/p>\n

When developing your cybersecurity compliance plan, consider the elements below to ensure you have a solid foundation:<\/p>\n

    \n
  1. Prioritize your approach<\/strong>. Focus on foundational actions that will help your organization actualize maximum cybersecurity benefits while moving you toward compliance goals. Think about the ways one security action (such as implementing two-factor authentication) might work to support multiple frameworks.<\/li>\n
  2. Keep accurate records.<\/strong> How will you know when you\u2019ve reached compliance? Ensure your organization is on the right path by documenting efforts and measuring compliance activities. Automated tooling can help your organization manage this at scale.<\/li>\n<\/ol>\n

    Trusted, no-cost resources from CIS<\/strong><\/p>\n

    CIS offers multiple resources to help organizations get started with a compliance plan that also improves cyber defenses. Each of these resources is developed through a community-driven, consensus-based process. Cybersecurity specialists and subject matter experts volunteer their time to ensure these resources are robust and secure.<\/p>\n

    CIS Controls<\/strong><\/p>\n

    What they are: <\/strong>The CIS Controls<\/a> approach cyber defense with prioritized and prescriptive security guidance. There are 20 top-level CIS Controls and 171 Sub-Controls, prioritized into three Implementation Groups (IGs). The CIS Controls IGs prioritize cybersecurity actions based on organizational maturity level and available resources.<\/p>\n

    Related compliance frameworks: <\/strong>The CIS Controls are mapped to or referenced by several industry and legal frameworks, for example:<\/p>\n