Unique Business Requirements
Compliance Challenge #6: Unique Business Requirements
Many organizations believe they can address compliance requirements using high-level frameworks including NIST's Framework for Improving Critical Infrastructure Cybersecurity or SANS Institute's Top 20 Critical Security Controls (which is actually 246 direct controls, not 20). High-level frameworks require organizations to fill in the blanks using more prescriptive controls from other authority documents, whether laws, standards, or contractual obligations like PCI.
Organizations must determine which implementation controls must be in place to meet their specific requirements. This can be done by leveraging a framework that aggregates all disparate cybersecurity regulations into one database, allowing them to create a concise, harmonized list of necessary compliance controls to implement.