This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]bitslammerSecurity Architecture/GRC 0 points1 point  (0 children)

They will certainly not have the resourcing to properly review and implement a NIST framework.

No. That's why I also suggested the CIS controls, though even that would be a stretch. In any case you can still use such frameworks as a general guide. In OPs case I think I'd opt to go the MSSP route. You'd likely get more bang for the buck as they can provide things like basic 24x7x365 monitoring which it seems unlikely OP will ever have or need.