Critical Start adds multiple frameworks to Risk Assessments
Critical Start announced the expansion of the frameworks available in its Risk Assessments offering. These additions to the tool expand upon the initial offering, providing additional framework-based assessments for customers to achieve data-driven evaluation, articulation, and monitoring their overall cyber risk posture.
This expansion provides security leaders with more ways to identify gaps, demonstrate progress toward security maturity, rationalize investments, and most importantly, strengthen cyber defenses. Critical Start Risk Assessments also include peer benchmarking for selected Frameworks like NIST CSF and CIS Critical Security Controls, which provides customers with vital intelligence regarding how their security program compares with like organizations.
In this release, Critical Start adds supports NIST CSF 2.0, CIS Critical Security Controls v8, and NIST SP 800-171, broadening support for framework updates and additional frameworks giving more options for organizations to measure their security maturity and utilize Critical Start recommendations to further improve their security programs to reduce cyber risk.
For all available frameworks, users can securely attach documents to any question in the assessment as evidence and export an audit package of completed assessment with attachments to provide to third-party auditors.
With these new frameworks, all Risk Assessments Essentials customers gain immediate access to new templates at no additional cost. Customers also have access to data from completed assessments which will automatically crosswalk between framework templates.
For example, if a user has completed a NIST CSF 2.0 assessment and wants to start a CIS Critical Security Controls v8 assessment, existing data from their previous assessments will pre-populate where the fields match. This powerful feature enables security and governance teams to eliminate redundant work efforts and quickly pivot based on emerging organizational requirements.
“Risk assessments are the first and best step for organizations to measure their current risk posture and identify the immediate improvements they can implement to reduce their cyber risk,” said Chris Carlson, CPO at Critical Start. “The Critical Start Risk Assessments offering has been designed for organizations of all sizes to quickly and easily assess themselves and to prepare for third-party audits with no limit on the different frameworks or how many times a framework is used for an assessment.”
Additional benefits of Critical Start’s expanded Risk Assessments include:
- Assessment Import where new customers can import data from spreadsheet or paper-based assessments to continue building upon previous work
- Added and updated frameworks where Critical Start continuously adds/updates frameworks in the Risk Assessments platform to keep customers ahead of new regulatory and audit requirements
- Repeat Assessments where customers will have the ability to take or retake assessments as often as they need without incurring any additional costs so they can continually track security improvements
- Risk-Ranked Recommendations that give prescriptive next steps that customers can take to reduce risk
Multi-level framework assessment reports and dashboards provide deep insights into point-in-time and trend data, and artifacts of internally completed assessments can be shared with external auditors, ultimately reducing the time and cost of external audits.