When we are discussing major networks, we think of a large system that had to be fixed that is like many organizations, both public and private. Their network had been patched together by many different businesses over the years, and the system was fragile at best. All this is because their network used the cheapest components from the lowest bidder, and they had zero redundancy and almost zero backups. Think about this scenario because it is probably your own system. So how do we fix this problem. Not by buying another band aid software. It comes by adopting the NIST CSF and writing the criteria into Service Contracts. That way when a new subsystem is installed, it is built and tested to the Zero Trust Security Model, the new national standard. That means government agencies, schools and hospitals are steering the vendors and third-party contractors into the direction they need to be going. If your organization uses a CMMC style defense strategy, then your entire supply chain will be cybersecurity compliant. Eventually everyone in the US will be CSF compliant, the question is who will be last.

Related article: Why automated pentesting won’t fix the cybersecurity skills gap – Help Net Security

At TechR2, we lead from the front in our industry with diverse world recognized certifications in CSF, quality, and safety. As you build your cyber defense, who do you protecting your business?