{"id":11151,"date":"2018-08-02T17:07:22","date_gmt":"2018-08-02T16:07:22","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=11151\/"},"modified":"2020-01-02T11:27:31","modified_gmt":"2020-01-02T10:27:31","slug":"nist-fsscc-team-up","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/","title":{"rendered":"NIST and FSSCC Team Up for Financial Services Cybersecurity"},"content":{"rendered":"<p>The NIST Cybersecurity Framework (CSF) is widely recognized as a landmark in the evolution of the cybersecurity industry. Given the rapidly-changing cybersecurity landscape, it is vital to keep up-to-date with new developments. To this effect, NIST recently released the long-awaited version 1.1. However, more needs to be done.<\/p>\n<p>In response to industry feedback, including Wavestone\u2019s continuous involvement in the framework development (see our most recent contributions\u00a0<a href=\"https:\/\/www.nist.gov\/sites\/default\/files\/documents\/2018\/01\/31\/2018-01-19_-_wavestone.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.nist.gov\/sites\/default\/files\/documents\/2017\/04\/21\/2017-04-10_-_wavestone.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>), NIST is now working hard to allow the guidelines to more easily apply to organizations, thanks to sector-specific \u201cProfiles\u201d (e.g.,\u00a0<a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2017\/NIST.IR.8183.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Manufacturing Profile<\/a>\u00a0released in September 2017).<\/p>\n<p>The Financial Services Sector Coordinating Council (FSSCC) recently held a workshop hosted by NIST in Washington, D.C., to further develop the Financial Services Profile of the framework. It gathered not only industry members but also regulators such as the FED and the OCC. While it is still preliminary, here are few takeaways\u2026<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>A new risk-tiering methodology<\/strong><\/h2>\n<p>First and foremost, the profile introduces the concept of risk tiering similar to that of the FFIEC\u00a0<a href=\"https:\/\/www.ffiec.gov\/cyberassessmenttool.htm\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cybersecurity Assessment Tool<\/a>\u00a0(CAT), but with qualitative rather than quantitative criteria. It proposes thirteen questions to determine the organization\u2019s criticality level from 1 (Critical) to 4 (Relevant) based on criteria such as systemic importance, as well as geographical and geopolitical considerations. This criticality level then determines applicable \u201cdiagnostic statements\u201d to assess.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"post-11152 media-11152\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-11152 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image-1-1.png\" alt=\"\" width=\"1355\" height=\"311\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image-1-1.png 1355w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image-1-1-437x100.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image-1-1-768x176.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image-1-1-71x16.png 71w\" sizes=\"auto, (max-width: 1355px) 100vw, 1355px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<p>The methodology aligns well with industry best practices and is tailored to financial services. However, the sequence of questions to determine an organization\u2019s inherent risk is likely to have most if not all financial institutions rated at Level 1 or 2. For example, any organization collecting and\/or managing end-consumer Personally Identifiable Information (PII) would be designated a Level 2: Significant risk. While coverage of PII and privacy in general is welcome in a context of increased privacy concerns, it may not be so relevant from an inherent risk perspective.<\/p>\n<p>Qualitative assessments, such as the one proposed here, are relevant for smaller institutions, but bringing cybersecurity risk management practices closer in maturity to those of credit and market risk management would require leveraging quantitative assessment methodologies. The recent paper\u00a0<a href=\"https:\/\/www.imf.org\/en\/Publications\/WP\/Issues\/2018\/06\/22\/Cyber-Risk-for-the-Financial-Sector-A-Framework-for-Quantitative-Assessment-45924\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment<\/a>\u00a0from an IMF economist points in that direction.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Significant changes to the Framework Core and diagnostic statements<\/strong><\/h2>\n<p>The profile builds on to the Framework Core with two new functions: \u201cGovernance\u201d and \u201cSupply Chain\/Dependency Management.\u201d These additions put more emphasis on key areas, but at the cost of changing the well-known \u201cIdentify-Protect-Detect-Respond-Recover\u201d structure, which is helpful for communicating with business and senior management.<\/p>\n<p>The profile does not stop here, as it also increases the number of Categories and Subcategories, +8 and +20 respectively. While these additions are mostly relevant, they are not specific to Financial Services and could therefore be added to the Framework Core itself.<\/p>\n<p>Based on this structure, the profile defines 300 diagnostic statements leveraging again the FFIEC CAT and other resources from NYS DFS, FSB, and CPMI-IOSCO.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-11154 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image2.png\" alt=\"\" width=\"1356\" height=\"848\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image2.png 1356w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image2-305x191.png 305w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image2-768x480.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image2-62x39.png 62w\" sizes=\"auto, (max-width: 1356px) 100vw, 1356px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>More precise assessment criteria<\/strong><\/h2>\n<p>When utilizing the NIST CSF, the FFIEC CAT, or any other generic framework or tool, most firms at some point end up defining specific potential answers to assessment criteria. Indeed, firms may have protection mechanisms in place, but they may not be consistently deployed across all assets. Similarly, while a measure may not yet be in place, a clear path forward may have been defined. Such scenarios are relevant to reflect an organization\u2019s cybersecurity maturity.<\/p>\n<p>The profile addresses this issue by proposing seven possible answers which successfully address common scenarios: \u201cNot Applicable,\u201d \u201cYes,\u201d \u201cYes-Risk Based,\u201d \u201cYes-Compensating Controls Used,\u201d \u201cPartial-Ongoing Project w\/Action Plan,\u201d \u201cNot Tested,\u201d and \u201cNo.\u201d This addition is certainly an important step toward more consistent framework use and a foundation for maturity measures across organizations and across industries.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>The need to think global<\/strong><\/h2>\n<p>The proposed profile is currently presented as U.S.-centric. Indeed, most questions in the risk-tiering section and most diagnostic statement references relate to U.S. references. While this focus would be helpful for initial adoption in the U.S. market, it could be a barrier to expansion moving forward. Country-specific references are helpful, but the Profile itself should be kept as generic as possible, with U.S. references provided as add-ons only. FSSCC peers could then develop other add-ons at the country or region-level.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-11156 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image3.png\" alt=\"\" width=\"1358\" height=\"167\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image3.png 1358w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image3-437x54.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image3-768x94.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/08\/image3-71x9.png 71w\" sizes=\"auto, (max-width: 1358px) 100vw, 1358px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Moreover, the proposed profile must further address the challenge of managing different maturity levels across geographies. Given the pervasive nature of cyber risk, shouldn\u2019t organizations ensure a consistent maturity across geographies unless sufficient segregation is ensured? As challenging as it sounds, the magnitude of risk certainly justifies this approach.<\/p>\n<p>As regulations are introduced worldwide and organizations are more and more global, managing complexity and avoiding inconsistencies necessitate a common framework. The Financial Services Profile as intended by the FSSCC has an important role to play in this respect. More than a pragmatic approach to leverage the NIST CSF, it aims at greater regulatory harmonization and streamlined regulatory compliance efforts. It is laudable and certainly long-anticipated by organizations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The NIST Cybersecurity Framework (CSF) is widely recognized as a landmark in the evolution of the cybersecurity industry. Given the rapidly-changing cybersecurity landscape, it is vital to keep up-to-date with new developments. To this effect, NIST recently released the long-awaited&#8230;<\/p>\n","protected":false},"author":1281,"featured_media":9905,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3268,2777],"tags":[3328],"coauthors":[2815,1177,3015],"class_list":["post-11151","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-for-financial-services-en","category-cybersecurity-digital-trust","tag-financial-services-cyber-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NIST and FSSCC Team Up for Financial Services Cybersecurity - RiskInsight<\/title>\n<meta name=\"description\" content=\"In response to industry feedback, NIST is now working hard to allow the guidelines to more easily apply to organizations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIST and FSSCC Team Up for Financial Services Cybersecurity - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"In response to industry feedback, NIST is now working hard to allow the guidelines to more easily apply to organizations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-02T16:07:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T10:27:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3873\" \/>\n\t<meta property=\"og:image:height\" content=\"3873\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jean-Jacob Dreyfus, Baptistin Buchet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jean-Jacob Dreyfus, Baptistin Buchet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/\"},\"author\":{\"name\":\"Jean-Jacob Dreyfus\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/89a51f0c6f79e2946f594cbacdfad3d9\"},\"headline\":\"NIST and FSSCC Team Up for Financial Services Cybersecurity\",\"datePublished\":\"2018-08-02T16:07:22+00:00\",\"dateModified\":\"2020-01-02T10:27:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/\"},\"wordCount\":844,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"keywords\":[\"financial services cyber\"],\"articleSection\":[\"Cyber for Financial Services\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/\",\"name\":\"NIST and FSSCC Team Up for Financial Services Cybersecurity - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"datePublished\":\"2018-08-02T16:07:22+00:00\",\"dateModified\":\"2020-01-02T10:27:31+00:00\",\"description\":\"In response to industry feedback, NIST is now working hard to allow the guidelines to more easily apply to organizations.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"width\":3873,\"height\":3873,\"caption\":\"flat design for team work concept over yellow\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIST and FSSCC Team Up for Financial Services Cybersecurity\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/89a51f0c6f79e2946f594cbacdfad3d9\",\"name\":\"Jean-Jacob Dreyfus\",\"description\":\"Jean-Jacob Dreyfus is a Manager for Wavestone\u2019s U.S. Financial Services practice. He specializes in IT Strategy and Cybersecurity\/Data Protection. He leads the Wavestone U.S. Cybersecurity Regulatory Watch.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/jean-jacob-dreyfus\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIST and FSSCC Team Up for Financial Services Cybersecurity - RiskInsight","description":"In response to industry feedback, NIST is now working hard to allow the guidelines to more easily apply to organizations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/","og_locale":"en_US","og_type":"article","og_title":"NIST and FSSCC Team Up for Financial Services Cybersecurity - RiskInsight","og_description":"In response to industry feedback, NIST is now working hard to allow the guidelines to more easily apply to organizations.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/","og_site_name":"RiskInsight","article_published_time":"2018-08-02T16:07:22+00:00","article_modified_time":"2020-01-02T10:27:31+00:00","og_image":[{"width":3873,"height":3873,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","type":"image\/jpeg"}],"author":"Jean-Jacob Dreyfus, Baptistin Buchet","twitter_misc":{"Written by":"Jean-Jacob Dreyfus, Baptistin Buchet","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/"},"author":{"name":"Jean-Jacob Dreyfus","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/89a51f0c6f79e2946f594cbacdfad3d9"},"headline":"NIST and FSSCC Team Up for Financial Services Cybersecurity","datePublished":"2018-08-02T16:07:22+00:00","dateModified":"2020-01-02T10:27:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/"},"wordCount":844,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","keywords":["financial services cyber"],"articleSection":["Cyber for Financial Services","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/","name":"NIST and FSSCC Team Up for Financial Services Cybersecurity - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","datePublished":"2018-08-02T16:07:22+00:00","dateModified":"2020-01-02T10:27:31+00:00","description":"In response to industry feedback, NIST is now working hard to allow the guidelines to more easily apply to organizations.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","width":3873,"height":3873,"caption":"flat design for team work concept over yellow"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/08\/nist-fsscc-team-up\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"NIST and FSSCC Team Up for Financial Services Cybersecurity"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/89a51f0c6f79e2946f594cbacdfad3d9","name":"Jean-Jacob Dreyfus","description":"Jean-Jacob Dreyfus is a Manager for Wavestone\u2019s U.S. Financial Services practice. He specializes in IT Strategy and Cybersecurity\/Data Protection. He leads the Wavestone U.S. Cybersecurity Regulatory Watch.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/jean-jacob-dreyfus\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1281"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=11151"}],"version-history":[{"count":3,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11151\/revisions"}],"predecessor-version":[{"id":12550,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11151\/revisions\/12550"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/9905"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=11151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=11151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=11151"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=11151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}