Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
0% helpful (0/1)

Frequently Asked Questions about the Archer NIST-Aligned Cybersecurity Framework App-Pack

KB-Sync1
Archer Employee
Archer Employee

on ‎2020-12-11 12:26 AM - edited on ‎2024-11-01 12:29 PM by

Article Number

000037850


Applies To


Product(s): Archer
Version(s): All Versions
Primary Deployment: On Premises/AWS Hosted/AWS SaaS

Description


This article provides answers to the frequently asked questions regarding the Archer NIST-Aligned Cybersecurity Framework App-Pack found on Archer Exchange.


Resolution


Question: Why is Cybersecurity Assessments an Application?
Answer: We used an Application because each Cybersecurity Assessment has multiple data points that could not be captured in a single question in a Questionnaire. One of most important parts of the Cybersecurity Framework is deciding which informative reference you are using. If this were in Questionnaire format, you could not link questions to informative references so the user experience and ability to report on the results would suffer.

Question: Why did you create a new Application, Cybersecurity Framework Library, to store the content for the Cybersecurity Framework and not use Authoritative Sources?
Answer: The reason this was built this way is that the bottom level of the Cybersecurity Framework, Informative References, need the ability to reference all levels of Authoritative Sources. Some Informative References point at the second level of an authoritative source while another might point at the fourth level.

0EMVM00000CD9GJ.png0EMVM00000CD9GJ.png


Question: How is the Cybersecurity Framework different than a traditional Satisfied/Not Satisfied Control Assessment?
Answer: The Cybersecurity Framework is not meant to be a Control Assessment, but rather an assessment of cybersecurity maturity. This is why the Cybersecurity Assessments Application asks the user to grade themselves on Tiers rather than a Satisfied/Not Satisfied control assessment. The tiers allow organizations to identify gaps in their desired cybersecurity posture.

For example, a company might have a Target Tier of 4 but their Current Tier is 2. This would identify where an organization might need to allocate resources. Additionally, you could end up with a Target Tier of 2, but a Current Tier of 4. This would mean that the organization is investing too much into a certain area. You can see this happen after data breach where an organization starts buying every single possible technology that could help solve the problem; even though, many of those technology’s functionality overlap or exceed the needed functionality.


Version history
Last update:
‎2024-11-01 12:29 PM
Updated by: