Welcome to CSF Tools! You may be wondering what all this stuff is and why I put it here. Like so many things in life as a technologist, this all started with me trying to find ways to visualize the NIST Cybersecurity Framework for a PowerPoint presentation. I wasn’t really happy with the stuff I found, so decided to start building a library of visualizations linking that CSF to different control sets.
What is here so far is just the beginning. I have many ideas regarding new visualizations, control sets, and features to increase flexibility of presentation. Check back in periodically — you never know what you might find!
Thanks for the useful content! Working on compliance issues using the CSF is a lonely exercise. The documents themselves are lengthy, formal, and obscure. At many organizations – especially smaller ones – compliance work is often up to just one person. It’s great to have this friendly resource available!
Glad you found it useful!
Thanks. Your efforts are appreciated. This is a useful association of several standards and frameworks.
Thanks for the amazing work with this, helping to reduce complexity and introduce simplicity. Also looking forward to seeing what other updates are added in the future.
Thank you again
By far the best site to visualize and cross reference controls across multiple standards.
Appreciate the awesome work put into this site.
Hi there csftools: I stumbled across your excellent website by happenstance searching for completely unrelated subject matter. I’m impressed by the visualizations and – although I’ve been accessing the NIST et al collateral for several years at institutional websites – I have happily referred some of my other disciplines architect colleagues (solutions, application, technical, and enterprise) to your website to ensure they have all the necessary regulatory requirements information at their fingertips. As a bonus, it is a well-designed UX which attracts the user. Now all I need to do is convince my architect colleagues that ‘design-for-security (D4S)’ / ‘security by design (SBD)’ / ‘SecCM (secure configuration management)’ – by whatever name we refer to the approach – is the way to go for more secure web apps. Thanks again