Although NIST does not have its own certification program for the Cybersecurity Framework, NIST does recognize and actually encourage third party programs that provide a “confidence mechanism” for an organization’s implementation of the Framework, which also includes conformity demonstrations such as certification. While it cannot endorse any commercial approach, NIST goes on to state it “will continue working with those who manage confidence mechanisms programs to assist industry in further leveraging these resources; and private and public-sector entities that have a need for conformity demonstration, to help understand how these organizations can leverage existing programs.”
More information on NIST’s position on confidence mechanisms like the HITRUST certification program can be found at https://www.nist.gov/sites/default/files/documents/2017/12/05/draft_roadmap-version-1-1.pdf.
Post your comment on this topic.