My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Professional Services Proposal - Criminal Justice Information Security Compliance Gap Assessment – Crowe LLP
sbend
>
Public
>
Public Works
>
Board of Works Documents
>
2019
>
Agreements/Contracts/Proposals
>
Professional Services Proposal - Criminal Justice Information Security Compliance Gap Assessment – Crowe LLP
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
4/4/2025 2:31:24 PM
Creation date
12/23/2019 11:32:41 AM
Metadata
Fields
Template:
Board of Public Works
Document Type
Contracts
Document Date
12/19/2019
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
26
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
Proposal to Provide <br />CJIS Gap Assessment City of South Bend <br />CJIS Gap Assessment <br />Crowe Integrated Cybersecurity Framework <br />Determining an appropriate control framework for cybersecurity is challenging for even mature <br />organizations. The complexities and nuances with existing regulatory requirements (e.g. HIPAA) <br />combined with industry standards (e.g. NIST Cybersecurity Framework) make managing control <br />expectations nearly impossible. <br />To help address this challenge, Crowe has established the Crowe Integrated Cybersecurity Framework <br />(CICF). Defining a comprehensive cybersecurity risk and control framework that seamlessly integrates <br />with existing regulatory and industry guidance is integral for organizations looking to efficiently evaluate <br />and manage their cybersecurity risk. <br />The framework was established by <br />mapping controls across common <br />regulatory standards and industry <br />frameworks to correlate controls. <br />Controls could be categorized based on <br />like themes, and these themes were <br />utilized to create an integrated control <br />requirement. By correlating the controls, <br />this integrated control can be defined in <br />a way that includes a single test <br />procedure that allows the organization to <br />understand compliance with all common <br />control requirements across the different <br />standards. <br />For example, password policies are <br />addressed within the majority of <br />cybersecurity regulatory standards and <br />industry frameworks. Leveraging the CICF, Crowe will test this control one time, but be able to conclude <br />on organizational compliance across the different standards, allowing for an efficient, but comprehensive <br />evaluation process. <br />Crowe's framework includes: <br />• Regulatory requirements, such as the Criminal Justice Information Security Policy (CJIS), FFIEC <br />Cybersecurity Assessment Tool (FFIEC CAT), and the Health Insurance Portability and <br />Accountability Act (HIPAA) <br />• Industry frameworks, such as NIST 800-53 r4 and the NIST Cybersecurity Framework (NIST <br />CSF) <br />The CICF is a dynamic framework, continually being modified to accommodate changes in standards and <br />to incorporate additional standards as necessary. Currently, Crowe's CICF consists of fourteen unique <br />control domains defining a comprehensive cybersecurity risk and control universe. <br />(02019 Crowe LA F' www,crowre. cam <br />
The URL can be used to link to this page
Your browser does not support the video tag.