CREATe Compliance Launches “CREATe Leading Practices for Cybersecurity” Aligned with the NIST Cybersecurity Framework

Share Article

New CREATe Leading Practices Service Enables Companies to Assess Cybersecurity against the NIST Cybersecurity Framework's 98 Sub-Category Outcomes, Leading Standards and Guidelines

"CREATe Leading Practices offers a practical, scalable and effective way to benchmark cybersecurity against the NIST Framework,” states Pamela Passman, CEO, CREATe Compliance

Organizations looking to mitigate the business, financial and reputational risks associated with cyber threats can now leverage a new service, CREATe Leading Practices for Cybersecurity, to benchmark against the Cybersecurity Framework from the National Institute of Standards and Technology (NIST) and other leading cybersecurity standards and guidance.

CREATe Leading Practices for Cybersecurity offers a practical, efficient way to benchmark cybersecurity in a consistent way across an enterprise and among third party partners. The service features:

  • A Robust Assessment to Calibrate Program Maturity against the NIST Framework: The assessment covers the NIST Framework’s 98 subcategories of outcomes; and features questions and answers using short descriptive statements that reflect the maturity of controls in place. When taking the assessment, respondents can link to guidance for each NIST Framework sub-category; directly reference relevant sections of other guidance (e.g., ISO 27001); gain input from another contributor or expert; and provide supporting documentation.
  • A Technology Platform Enabling Management of Multiple Assessments and Robust Reporting: To make it more scalable and usable with multiple touchpoints in an organization and with third parties, CREATe has launched an updated technology platform to complete the NIST assessment, improve recordkeeping, efficiently integrate independent verification into the workflow, and enable the ability to manage dozens, hundreds or even thousands of cybersecurity assessments. CREATe Leading Practices for Cybersecurity also enables organizations to:

− Benchmark the assessments by sector, size or other criteria
− View assessment results against target scores and minimum “red-flag” scores
− Compare self-assessment maturity scores with verified scores from independent experts
− Generate customized reports using a wide range of search criteria

  • Expert Guidance to Validate Results and Map Improvements: As part of the service, a CREATe expert can also conduct an independent evaluation of the assessment results. The process includes an interview and review of documents to evaluate the maturity of the cybersecurity controls in place. The independent evaluation generates a second set of scores and benchmark reports that can be compared to those produced in the self-assessment.

The service was developed with guidance from the CREATe Cybersecurity Framework Advisory Council, a group of senior executives with expertise in cybersecurity, compliance and risk management.

“Leaders today are turning to the NIST Framework for guidance in addressing the ‘people, process and technology’ necessary to defend against cyber threats. CREATe Leading Practices offers a scalable and effective way to benchmark cybersecurity and to link operational improvements,” stated Pamela Passman, President and CEO of CREATe Compliance. “The service also provides robust reporting to communicate the organization’s ‘state of cybersecurity’ with senior leadership, across groups and with third party partners.”

The new service complements additional CREATe Leading Practices services: CREATe Leading Practices for Anti-Corruption (aligned to the ISO 37001 Anti-Bribery Management Systems Standard); CREATe Leading Practices for Trade Secret Protection; and CREATe Leading Practices for Intellectual Property (IP) Protection. The CREATe Leading Practices services are based on best practices from global companies, international guidelines, academics and other experts.

To learn more about CREATe Leading Practices and request a demo, email: info(at)CREATeCompliance(dot)com.

About CREATe Compliance

CREATe Compliance works with enterprises to better manage internal and third party global risk by making leading practices in anti-corruption, cybersecurity, trade secret and intellectual property (IP) protection, practical, actionable and achievable.

CREATe Compliance helps companies embed a cycle of monitoring, measurement and improvement to build and strengthen effective compliance and risk management programs through its services:

  • CREATe Leading Practices for Anti-Corruption
  • CREATe Leading Practices for Cybersecurity
  • CREATe Leading Practices for Intellectual Property Protection
  • CREATe Leading Practices for Trade Secret Protection

This consistent ‘measure and improve’ approach across key risk areas enables benchmarking and sharing across the global supply chain, and puts organizations on a path to improvement.

CREATe Compliance is a wholly-owned subsidiary of The Center for Responsible Enterprise And Trade (

To learn more, email info(at)CREATeCompliance(dot)com, or visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Anne Walker
Follow >
Visit website