Cybersecurity Audit Programs

Several standard audit programs and assessment tools have been developed to provide guidance and structure during cybersecurity audits.  These audit programs are a starting point and not really a simple step by step approach for completing an engagement, but they do provide input into the ultimate, customized audit program that CTSA will design for your engagement.

ISACA NIST Cybersecurity Audit Program

ISACA has developed an audit/assurance program based on the NIST Cybersecurity Framework to provide organizations with a formal, repeatable way to evaluate cybersecurity controls.  This audit program provides a direct link to the NIST Cybersecurity Framework and helps ensure appropriate audit coverage if the company has adopted NIST for the cybersecurity program.

FFEIC Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool to help institutions identify their risks and determine their cybersecurity preparedness. The assessment tool provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.

Baldridge Excellence Builder

The Baldridge Cybersecurity Excellence Builder self-assessment helps you understand and improve what is critical to your organization’s cybersecurity risk management. It is a voluntary self-assessment based on the more detailed Framework for Improving Critical Infrastructure Cybersecurity, managed by NIST’s Information Technology Laboratory, Applied Cybersecurity Division, and the Baldridge Excellence Framework, compiled by the Baldridge Performance Excellence Program at NIST.