Following the NIST methodology
In this part, we will focus on the National Institute of Standards and Technology (NIST) methodology and how it shapes an organization. According to various experts, the NIST methodology is one of the most prominent methodologies used in the world today.
The Department of Defense (DoD) in the United States released version 1.0 of its NIST 800-171 Assessment methodology on November 7, 2019, because of a cyberattack on the DoD Navy submarine program in 2018, which caused a critical breach. Version 1.2 is the latest version at the time of writing and was released on June 10, 2020. Contractors first anticipated such a risk assessment methodology in January 2019, when Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, tasked the Defense Contract Management Agency (DCMA) with auditing the compliance of DoD contractors with the requirements of NIST 800-171. Of course, this was not the only reason why the DoD changed the NIST methodology...