The challenge of responding to an ever-evolving digital landscape is not new. However, the pace of evolution – of cyber adversaries, technology, and compliance mandates – has surged in recent years leaving CISOs struggling to keep up. To remain responsive, federal departments and agencies require a more flexible and adaptable cybersecurity strategy coupled with an iterative approach to assessing current state and driving cyber capability and process improvements.
The Gunnison Cyberagility Framework (GCF) is a methodology and approach for maintaining an adaptive cybersecurity strategy. GCF iteratively drives improvements in response to changes and challenges in the digital landscape – proactively, rapidly, and efficiently.
The term “CyberAgility” is an enterprise’s ability to adapt and respond quickly and effectively to changes and challenges in the digital landscape.
CyberAgility Profile
Uses the structure of the NIST CSF Core to align, integrate, and prioritize governing requirements (e.g., laws, regulations, binding operational directives) and controls, business objectives, risk tolerance, and resources (people, processes, technology) of the enterprise. Establishes baseline and target profiles.
Provides a common structure and language for organizing and assessing the agency’s unique enterprise risk and compliance program; Reduces compliance complexity by identifying overlapping and conflicting requirements.
CyberAgility Maturity Model Scorecard
Used to self-assess gaps between the baseline and target risk and compliance profile and assign maturity levels to cybersecurity capabilities implemented across the enterprise. Scorecard can be tailored to customer-defined maturity levels.
Promotes improved FISMA outcomes by incorporating current FY CIO and IG FISMA Reporting Metrics and IG evaluation guidance.
CyberAgility ActionPlan
Serves as the tactical roadmap for adaptive strategy implementation, a tool for planning, prioritizing, and implementing desired improvements. Captures gaps or weaknesses and associated risk and impact levels to support risk-based decisions.
Supports risk-based prioritization and planning of efforts, allocation cybersecurity resources, and budget planning.
CyberAgility Dashboard
Uses your existing tools to provide clear and concise visual representation of cybersecurity program maturity, enterprise risk, CyberAgility Action Plan implementation status and other customer-defined information.
Helps CISOs and cybersecurity leaders understand the current state of cybersecurity within the enterprise. enabling data-driven decision-making.