Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

GET: NIST CSF Report

Ingrid

⇤ Companies

https://api.bitsighttech.com/companies/company_guid/regulatory/nist

This provides a high-level summary of an organization’s alignment with the US National Institute of Standards and Technology’s cybersecurity Framework (NIST CSF) using Bitsight risk vectors and existing data as evidence. The NIST CSF report can be used to self-report security posture and improvements or for evaluating a third party’s cyber security posture.

Parameters

See query parameters for details on the format (values: json) parameter.

* Required.

Parameter Values 
company_guid

* [Path] Identify the company to query.

 [String] Company unique identifier [entity_guid]. See GET: Portfolio Details.

Example Request

curl 'https://api.bitsighttech.com/companies/a940bb61-33c4-42c9-9231-c8194c305db3/regulatory/nist?format=json' -u api_token:

Example Response

{
  "requested_by": {
    "company_guid": "a940bb61-33c4-42c9-9231-c8194c305db3",
    "company_name": "Saperix, Inc."
  },
  "company": "Saperix",
  "functions": [
    {
      "nist_grade": "A",
      "name": "Identify",
      "categories": [
        {
          "nist_grade": "A",
          "description": "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.",
          "subcategories": [
            {
              "supported": false,
              "name": "ID.AM-1",
              "description": "Physical devices and systems within the organization are inventoried."
            },
            {
              "nist_grade": "A",
              "name": "ID.AM-2",
              "supported": true,
              "summary": "Using Bitsight Security Ratings, an organization can confirm the effectiveness of its policies by quantifying the organization’s security posture.",
              "risk_vectors": [
                {
                  "risk_type": "requirements",
                  "value": "Bitsight Security Ratings"
                }
              ],
              "description": "Software platforms and applications within the organization are inventoried."
            },
            […]
            {
              "supported": false,
              "name": "ID.AM-6",
              "description": "cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers,customers, partners) are established."
            }
          ],
        }
      ]
    }
  }
}

Related articles

Feedback

0 comments

Please sign in to leave a comment.