The CSF is not a standard in the same sense as ISO/IEC 27001:2013 and other, similar security standards given the CSF is a derivative work based on such standards. However, the CSF provides a consensus-driven standard of due care and due diligence for the protection of electronic protected health information (ePHI), personally identifiable information (PII), payment card data, proprietary information and other sensitive information.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment