cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
russhensley
Viewer

IT Policies Library

Other than the SANS policy templates what are additional resources that others are using as baseline templates for SMB clients when implementing the NIST CSF or CIS Controls when no policies exist.    This is more of a sanity check to make sure I am not missing a resource out there. 

1 Reply
Titan
Newcomer I

I've heard interesting things about ComplianceForge, but I have not used them at length. 

 

If it helps, I'm currently assisting a small business right now with writing up a CSF aligned portfolio of policies.  Given how they operate, I'm writing the policies from scratch in the following manner:

 

1) One Policy Document Per CSF Category

 

2) For CSF subcategories, I'm using NIST 800-171 as the Informative Reference to write specific policy statements that elaborate further on a subcategory.  NIST 800-171 will likely be way too intensive for most small businesses, but my client has specifically requested to use this informative reference, so I'm doing it.  There is an official CSF to 800-171 crosswalk on NIST's website, even though 800-171 is not listed as an "Informative Reference" in Version 1.1.