• We assist clients in implementing the NIST Cyber Security Framework
  • Our NIST CSF consulting practice combines industry best practices in risk assessment, implementation, documentation, training and measurement of controls leading to a successful cybersecurity governance program.
  • Our CSF program is designed for organizations of any size
  • Choosing the right NIST CSF Implementation partner goes a long way in establishing the right architecture for your organization
  • Contact us to get started

Start Your NIST CSF Journey Now!

SOC 1 Documentation
NIST CSF Consulting Engagement Phases
Here is a brief overview of al the phases involved in implementing NIST CSF.

Phase I - Understanding Business and Cyber Security Objectives

  • Every client is unique with its business model, customers, and cyber security requirements
  • In this phase, we determine and document the client’s business requirements for cybersecurity.
  • This is where we identify, key outcomes expected as part of the whole journey
  • Applicable sector from the list of 16 critical sectors

Phase II - Gap Analysis and Risk Assessment

Based on the outcome of phase I, a combination of approaches is applied by Coral NIST CSF consultants to conduct the gap analysis.

  • A session with each individual organization team to asses their current scope of work and their cyber security challenges
  • A Penetration test against their applications and network reveals their current state of controls
  • A threat model approach is applied to determine their current systems and their current controls
  • Depending on the network environment (on-prem, on-cloud or hybrid) Coral conducts a deep dive into the applicability and relevance of each NIST CSF, and comes out with the status of each control, to ascertain the current maturity level.
  • NIST CSF Gap analysis will reveal gaps in all applicable domains such as governance, Application development, IT operations, Cloud Operations, Supply Chain security etc.
  • Coral consultants will end this phase by providing gaps and their detail recommendations.

Phase III - Control - Design, Documentation, Training, Brainstorming Sessions and Risk Management

  • Design involves control allocation responsibility to organization stakeholders.
  • Documentation involves drafting, discussing and brainstorming 20+ policies and procedures across domains involving 6 domains.
  • Awareness Training involves bringing stakeholders on common issues.
  • Risks identified in the gap analysis are discussed and tracked toward decision-making and closure. Some risks are quick wins, whereas others may take longer to close.
  • Each documentation or risk undergoes brainstorming with staff to derive at a ‘best-fit’ solution for the organization.

Phase IV - Control - Measurement, and Scoring

  • Control Measurement involves testing the control effectiveness and providing stakeholders with an objective scoring.
  • Control Measurements are conducted for a duration of period which could be monthly for say a period of 3 to 6 months
  • The ideal score is 100%. If the score is less than 100% Coral consultants will provide justification and recommendations to close the identified weakness.

Phase V - Internal Audit and Management Review

  • Finally Coral conducts an Internal Audit that involves verifying the effectiveness of the implemented lifecycle controls through interviews with system verification of applicable controls,
  • A formal compliance report is published and shared with the management.


  • As a result of undergoing these phases, at this stage, Coral has assisted the client in setting up a successful NIST CSF program that included people, processes, technology and ongoing measurements.
  • Each of the NIST CSF requirements has been completed by a combination of one or more of policy, responsibilities, reports, records, technology, and automation.
  • The organization now has a plan that demonstrates its continued commitment like any other business function

At this stage the client has implemented the NIST CSF in completeness and has ongoing program to manage and maintain the governance framework.


Call or write to us at :
for proposal / roadmap / information
Would You Like To Speak To Our NIST - Cyber Security Framework Consultant?
Contact Us Now !