Example Cybersecurity Documentation

We are proud of the documentation that we produce for our clients and we encourage you to take a look at our example cybersecurity documentation. We encourage you to take some time to read through the PDF examples and watch the product walkthrough videos for our products. Just scroll down to find the product example you want to view. The products are grouped based on the following diagram to help you find what you are looking for:

product-selection-2018.1-example-cybersecurity-documentation.jpg

 

 1 - Cybersecurity Policies, Standards & Procedures 

Digital Security Program (DSP)

The Digital Security Program (DSP) is a hybrid, "best in class" approach to cybersecurity documentation that covers dozens of statutory, regulatory and contractual frameworks to create a comprehensive set of cybersecurity policies, standards, controls and metrics. To understand the differences between the DSP and WISP, please visit here  for more details.

2018.1-digital-security-program.jpg   download-example-dsp-digital-security-program.jpg  download-example-dsp-digital-security-program-mapping.jpg

 

NIST 800-53 Written Information Security Documentation (WISP)

This version of the Written Information Security Program (WISP) is based on the NIST 800-53 rev4 framework. It contains cybersecurity policies and standards that align with NIST 800-53 (including NIST 800-171 requirements). To understand the differences between the NIST 800-53, ISO 27002 and NIST CSF versions of the WISP, please visit here for more details.

2018.1-written-information-security-program-nist-800-53-written-it-security-policy.jpg   download-example-wisp-nist-800-53-rev4.jpg  download-example-wisp-nist-800-53-mapping.jpg

 

ISO 27002 Written Information Security Documentation (WISP)

This version of the Written Information Security Program (WISP) is based on the ISO 27002:2013 framework. It contains cybersecurity policies and standards that align with ISO 27001/27002. To understand the differences between the NIST 800-53, ISO 27002 and NIST CSF versions of the WISP, please visit here for more details.

2018.1-written-information-security-program-iso-27002-written-it-security-policy.jpg   download-example-wisp-iso-27002.jpg download-example-wisp-iso-27002-mapping.jpg

 

NIST Cybersecurity Framework Written Information Security Documentation (WISP)

This version of the Written Information Security Program (WISP) is based on the NIST Cybersecurity Framework (CSF) framework. It contains cybersecurity policies and standards that align with NIST CSF. To understand the differences between the NIST 800-53, ISO 27002 and NIST CSF versions of the WISP, please visit here for more details.

2018.1-written-information-security-program-nist-cybersecurity-framework-written-it-security-policy.jpg   download-example-wisp-nist-csf.jpg download-example-wisp-nist-csf-mapping.jpg  

 

NIST 800-171 Compliance Criteria (NCC)

The NIST 800-171 Compliance Criteria (NCC) is more than a NIST 800-171 checklist. The NCC is a "consultant in a box" that provides detailed breakdowns of both the Controlled Unclassified Information (CUI) and Non-Federal Organization (NFO) controls found in Appendices D and E of NIST 800-171 rev1. You can also use the NCC as a Plan of Action & Milestones (POA&M) to track any control deficiencies you have to manage.

2018.1-nist-800-171-compliance-criteria-ncc-.jpg   download-example-ncc-nist-800-171-compliance-criteria.jpg  

 

Standardized Operating Procedures (CSOP) Template - NIST 800-171 Version

The Cybersecurity Standardized Operating Procedures (CSOP) is a template for your procedure statements. We've done the heavy lifting for you and you simply need to customize these procedure statements specific to your organization. The CSOP is designed to work closely with the WISP or DSP for your policies and standards, as well as the System Security Plan (SSP).

2018.1-cybersecurity-standardized-operating-procedures-csop-nist-800-171-procedures.jpg   download-example-csop-cybersecurity-standardized-operating-procedures.jpg download-example-csop-cybersecurity-standardized-operating-procedures-mapping.jpg  

 

System Security Plan (SSP) Template

The System Security Plan (SSP) is a straightforward template that you can use to document your Controlled Unclassified Information (CUI) environment, which is a requirement of NIST 800-171. You just need to follow the instructions and fill in the information with the specifics, as it applies to your unique CUI environment. We also include a Plan of Action & Milestones (POA&M) template as part of this product.

2018.1-nist-800-171-system-security-plan-ssp-template.jpg   download-example-ssp-nist-800-171-system-security-plan-template.jpg download-example-ssp-nist-800-171-plan-of-action-milestones-poam-template.jpg  

 

PCI DSS Cybersecurity Policy & Standards

The PCU DSS Cybersecurity Policy & Standards is focused entirely on PCI DSS v3.2 compliance. This contains a policy and supporting standards to address all of the PCI DSS v3.2 requirements for merchants.  

2018.1-pci-dss-v3.2-cybersecurity-policy-standards.jpg   download-example-pcidss-pci-dss-cybersecurity-policy-standards.jpg download-example-pcidss-pci-dss-cybersecurity-policy-standards-raci.jpg  

 

 

 2 - Risk Management 

Cybersecurity Risk Management Program (RMP)

The Risk Management Program (RMP) is program-level guidance on how your organization actually manages risk. This type of documentation is a common deficiency, since policies and standards, by themselves, are not sufficient to demonstrate how risk is managed.

2018.1-cybersecurity-risk-management-program.jpg   download-example-risk-risk-management-program.jpg    

 

Cybersecurity Risk Assessment (CRA) Template

The Cybersecurity Risk Assessment (CRA) is a template that enables you to create high-quality risk assessment reports. It can be purchased as a stand alone product or be paired with the Risk Management Program (RMP) document, since they are designed to work together.

2018.1-cybersecurity-risk-assessment-template-crat-.jpg   download-example-risk-cybersecurity-risk-assessment-template.jpg download-example-risk-cybersecurity-risk-assessment-worksheet.jpg  

 

 

 

 

 3 - Vulnerability Management 

Vulnerability & Patch Management Program (VPMP)

The Vulnerability & Patch Management Program (VPMP) is program-level guidance on how your organization actually manages technical vulnerabilities and patch management. This type of documentation is a common deficiency, since policies and standards, by themselves, are not sufficient to demonstrate how vulnerabilities are managed.

2018.1-cybersecurity-vulnerability-patch-management-program.jpg   download-example-vpmp-technical-vulnerability-patch-management-program.jpg    

 

 

 4 - Incident Response 

Cybersecurity Incident Response Program (CIRP)

The Cybersecurity Incident Response Program (CIRP) is program-level guidance on how your organization actually prepares for and responds to cybersecurity incidents. This type of documentation is a common deficiency, since policies and standards, by themselves, are not sufficient to demonstrate how cybersecurity incident response is managed.

2018.1-cybersecurity-inicdent-response-program.jpg   download-example-cirp-cybersecurity-incident-response-program.jpg    

 

 

 5 - Vendor Compliance 

Vendor Compliance Program (VCP)

The Vendor Compliance Program (VCP) is vendor-facing guidance on how your organization requires its third party service providers and partners to manage cybersecurity. This type of documentation is a common deficiency, since policies and standards, by themselves, are not sufficient to demonstrate how third party risk is managed. We offer two versions to better align with what your organization expects from its third parties: (1) NIST 800-53 and (2) ISO 27002.

2018.1-vendor-compliance-program.jpg   download-example-vcp-iso-27002.jpg download-example-vcp-nist-800-53.jpg  

 

 

 

 

 6 - Secure Engineering & Privacy By Design 

Security & Privacy By Design (SPBD)

The Security & Privacy by Design (SPBD) is focused on building in both cybersecurity and privacy principles into how an organization operates. This is immensely important with the European Union General Data Protection Regulation (EU GDPR) that is looming for 2018. The concept it implements is Cybersecurity for Privacy by Design (C4P) - it creates a "paint by numbers" approach to cybersecurity controls to ensure privacy principles are built by default using industry-recognized leading frameworks, such as NIST 800-160 and Generally Accepted Privacy Principles (GAPP).

2018.1-security-privacy-by-design-spbd-.jpg   download-example-spbd-security-privacy-by-design-program.jpg download-example-spbd-security-privacy-by-design-program-worksheet.jpg  

Sort by:

Sign up for our Newsletter!

×
×