A practical framework that organizes security activities into six functions, useful as a structure for your WISP and risk assessment.
The NIST Cybersecurity Framework (CSF) 2.0 organizes security activities into six functions: Govern, Identify, Protect, Detect, Respond, and Recover. NIST CSF is not legally required for CPA firms, but mapping your WISP and controls to its functions creates a coherent structure that aligns with FTC Safeguards Rule requirements and translates well for insurance carriers and enterprise clients. NIST publishes a Small Business Quick Start Guide tailored for firms without dedicated security staff.
Insurance carriers and enterprise clients increasingly ask whether your firm uses NIST CSF. A firm that has mapped its existing FTC-required controls to NIST CSF functions can answer yes without rebuilding anything. NIST CSF is also useful for prioritizing improvements: most small firms are stronger on Protect and weaker on Detect and Respond, which the framework makes visible.
A structured list of all security controls your firm should have in place, mapped to regulatory requirements, with testing status and evidence.
A documented set of policies and procedures describing how your firm protects sensitive client data.
A systematic process of identifying threats to your firm's data and evaluating the effectiveness of your security controls.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy