Resources
Case Studies
NIST CSF 2.0 Maturity Assessment

NIST CSF 2.0 Maturity Assessment

Leading Supplier to World-Leading Manufacturers of Footwear and other Apparel

The Challenge

To re-evaluate the supplier’s security posture against the new revision to the framework NIST v2.0.

Methodology and Approach

Xcina’s methodology and approach involved the following:

Conducting a maturity assessment of the client’s policies and technical controls around the NIST framework v2.0, using a Capability Maturity Model Integration (CMMI) scoring system.
Identifying any areas requiring remediation and advising on prioritised actions to address identified gaps or sub-optimal control coverage.
Carrying out a programme of structured workshops and targeted document review and analysis.
Bespoke tooling was used to provide individual and aggregated scoring metrics for function outcomes, categories and sub-categories.
Discussing findings throughout the assessment to ensure no surprises in the draft audit report
Drafting the assessment report and discussing it with the client, ensuring that all feedback is considered in the final report
Review the stakeholders’ comments on the draft assessment report, updating the report as required and issuing the final version
Arranging close-out meetings with all stakeholders

Results and Outcome

Xcina consultant facilitated a series of structured workshops with key stakeholders from the client to gather input and benchmark scoring data against the NIST Cybersecurity Framework v2.0 controls. All queries from the client around the wording of specific NIST categories were resolved during these sessions.

On the basis of material collated during the workshop meetings, a draft report for the client was prepared and submitted for feedback, before the final report was issued. The client was satisfied that they now not only had independent evidence of where improvements had been made in their information security posture, but also transparent advice on areas where improvements could still be made which could then be escalated upwards to top management.

What This Means for You

Whether you are at an early stage of your Cyber Maturity journey or looking for continuous improvement, Xcina delivers:

Independent benchmarking assessments against leading cyber maturity frameworks such as NIST, CAF, ISO27001, NIS2, DORA and TSA, identifying areas for improvement
Expert advice on complex security and resilience issues and best practices
Pragmatic implementation assistance to help strengthen your security and resilience posture
A long-term partnership throughout your journey, not just a point-in-time assessment

To find out more about how we can assist you, please refer to our Information Governance Consultancy Services at https://xcinaconsulting.com/services/information-governance/

Industry and sector:

Manufacturing

Solutions and service area:

Xcina’s objective:

While the client had previously been assessed against the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v1.1, we were engaged to support a re-evaluation of its security posture against the new revision to the framework, v2.0.

We’d love to hear from you

To discuss how the areas highlighted in this case study, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at info@xcinaconsulting.com. We’d love to hear from you.

David MacPhail

Information Security Senior Consultant

Speak to me directly by Email, or
Telephone: +44 (0)20 3745 7820