NIST Cybersecurity
Framework Guidance

We help you improve your security posture by leveraging the “Critical Infrastructure Security” framework developed by the U.S. National Institute of Standards and Technology. Commonly known as the “NIST Cybersecurity Framework”, this comprehensive security standard providies a logical, organized set of controls to assess, establish or refine your cybersecurity program and chart future goals.


Our experienced team helps you align your cybersecurity plans with the NIST framework and industry best practices

Get expert guidance on NIST Implementation “Tiers” & planning your short, mid and long-term cybersecurity priorities

Our team helps you develop a standards-based security plan that will resonate with many partners and various regulatory bodies (including the SEC, FFIEC and more)

We deliver an assessment that identifies existing gaps among the 23 categories and 108 subcategories of the framework


LMG Security will use the NIST Cybersecurity Framework to evaluate your organization’s IT security program and controls to assess your security posture and provide recommendations for reducing risk. LMG’s team will:

  • Analyze your security program in the five core functions of the NIST Cybersecurity Framework: Identify, Protect, Detect, Respond and Recover
  • Produce a report identifying any gaps among the 23 categories and 108 subcategories of the framework
  • Provide actionable recommendations to help your team strengthen your security program and reduce risk
  • Capture top successes and top areas for improvement in the report’s executive summary, plus a visual “scorecard” to illustrate strengths and weaknesses at a glance

Policy/Procedure Development and Revision

Let LMG’s experienced team of consultants develop and revise your policies, to help you:

  • Establish a written security program
  • Identify and fill any gaps in your existing policies
  • Update existing policies to reflect current best practices
  • Align your security program with the NIST Cybersecurity Framework
  • Reflect your organization’s unique needs and environment
  • Establish an adaptable policy framework to suit your organization over time

Our policy development service is flexible to meet your specific needs, whether you are starting from scratch, refreshing existing material, filling known gaps, or simply want a third-party perspective and advice on your written security program.


Conduct a risk analysis structured around the five core functions of the NIST Cybersecurity Framework. In support of your risk analysis, LMG will:

  • Identify potential threats to your data and systems, including the latest threats we’re seeing in the wild, such as ransomware and business email compromise
  • Review existing security controls and any vulnerabilities that could be exploited
  • Calculate risk levels according to the NIST SP 800-30 standard and evaluate potential impacts of various risk scenarios
  • Produce a risk assessment report, with prioritized recommendations to support risk reduction and a summary of top concerns presented in the executive summary


Wherever you are in your cybersecurity journey, our experienced team can help you create or refine a plan to build a strong security posture using the NIST Cybersecurity Framework. Contact us to learn more.