Hi All,

I'm wondering if anyone has any experience with the NIST CSF Lead Implementer program listed on the NICCS.CISA.gov website, hosted by the company Certified Information Security, found here: #Certified NIST Cybersecurity Framework Lead Implementer (CSF LI) from Certified Information Security | NICCS (cisa.gov)

My company had their NIST CSF gap assessment early last year, same company was supposed to create and customize our IT documentation to fill said gaps but has fallen short on their deliverables. I was brought in to assist with documentation but have since taken over the project as our contract with the security firm has (thankfully) expired. While I have done a lot of research on my own in the last year, I would like some sort of formal education on the matter as we continue to attempt to resolve the mess we were left with. I'm not sure if this will matter, but once we are confident in our NIST CSF implementation, we plan to crosswalk over to ISO 27001.

We are a small financial firm with a very small IT department, and none of our employees have experienced this type of regulatory framework, though they are highly skilled in their respective areas. I hope to find decent training that can help me organize and direct our next phase of proper policy development.

Any and all feedback is welcome!