Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

GET: NIST CSF Report

Avatar
Ingrid
Follow

⇤ Companies

https://api.bitsighttech.com/companies/company_guid/regulatory/nist

This provides a high-level summary of an organization’s alignment with the US National Institute of Standards and Technology’s cybersecurity Framework (NIST CSF) using Bitsight risk vectors and existing data as evidence. The NIST CSF report can be used to self-report security posture and improvements or for evaluating a third party’s cyber security posture.

Parameters

See query parameters for details on the format (values: json) parameter.

*Required.

Parameter Description Values 
company_guid
Path		 Identify the company to query. [String] Company unique identifier [entity_guid]. See GET: Portfolio Details.

Example Request

curl 'https://api.bitsighttech.com/companies/company_guid/regulatory/nist?format=json' -u api_token:

Example Response

{
  "requested_by": {
    "company_guid": "a940bb61-33c4-42c9-9231-c8194c305db3",
    "company_name": "Saperix, Inc."
  },
  "company": "Saperix",
  "functions": [
    {
      "nist_grade": "A",
      "name": "Identify",
      "categories": [
        {
          "nist_grade": "A",
          "description": "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.",
          "subcategories": [
            {
              "supported": false,
              "name": "ID.AM-1",
              "description": "Physical devices and systems within the organization are inventoried."
            },
            {
              "nist_grade": "A",
              "name": "ID.AM-2",
              "supported": true,
              "summary": "Using Bitsight Security Ratings, an organization can confirm the effectiveness of its policies by quantifying the organization’s security posture.",
              "risk_vectors": [
                {
                  "risk_type": "requirements",
                  "value": "Bitsight Security Ratings"
                }
              ],
              "description": "Software platforms and applications within the organization are inventoried."
            },
            […]
            {
              "supported": false,
              "name": "ID.AM-6",
              "description": "cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers,customers, partners) are established."
            }
          ],
        }
      ]
    }
  }
}

Related articles