█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/NIST Cybersecurity Framework/Applying the NIST Framework
50 minAdvanced

Applying the NIST Framework

After this lesson, you will be able to: Apply all five (six) functions to a real scenario, and crosswalk to ISO 27001 / CIS Controls.

Capstone lesson. Take a fictional org, walk every function, identify maturity gaps, and translate to ISO 27001 + CIS Controls language for stakeholders who use those frameworks.

Prerequisites:Recover

Scenario

FinTech startup, 50 employees, processes payment cards. Recently moved to AWS. No formal security program. CEO wants 'something compliant'.

Walk the framework

  1. 1

    Identify. Asset inventory? Probably no. SaaS list? Maybe. Vendor list? Yes (procurement).

  2. 2

    Protect. MFA enforced? Probably partial. Patching? Auto in cloud, manual on laptops.

  3. 3

    Detect. Logs centralized? Often no. SIEM? Probably no.

  4. 4

    Respond. IR plan? Likely not.

  5. 5

    Recover. Backups? Probably yes (cloud-managed). Tested restore? Probably no.

  6. 6

    Govern. CISO? Probably not. Policies? Sparse.

💡 Crosswalks

NIST CSF maps to ISO 27001 (control by control), CIS Controls (CIS Top 18 subset), HIPAA, PCI-DSS. NIST publishes the crosswalk tables free.

Output: a roadmap

Quarter 1. MFA, asset inventory, IR plan draft. Q2. SIEM, patch SLA, vendor reviews. Q3. IR exercise, training program, SOC 2 readiness. Q4. SOC 2 Type 1, lessons learned.

Quick Check

Function MOST orgs skip first?

Pick.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Recover
Back to NIST Cybersecurity Framework
NIST CSF Job Readiness→