Open Source CSF Profile Assessment Database by Steve McMichael

Steve McMichael from the the Simply Cyber Academy has released an Open Source CSF Profile Assessment Database.

A tool designed to help organizations implement and assess their cybersecurity posture using the NIST Cybersecurity Framework (CSF). This application provides a structured approach to:

    Track and manage CSF outcomes
    Assign ownership and stakeholders to controls
    Document observations and findings
    Score current and desired security states
    Export to csv for data visualization in Excel (find a companion Excel template in public/Sample_Artifacts)
    Track remediation progress

Watch the demo video on YouTube.

If you want to create a Docker image for this and run it from inside a Docker container, here’s my Dockerfile:

# Use official Node.js-Images as Base
FROM node:16-slim

# working directory in container
WORKDIR /app

# copy package.json and package-lock.json for installing dependencies
COPY package*.json ./

# Install dependencies
RUN npm install --production

# copy everything from the current directory into the working directory
COPY . .

# Expose the port from the application
EXPOSE 3000

# use this command to start the application
CMD ["npm", "start"]

And this is the .dockerignore:

node_modules
npm-debug.log
.git
.gitignore

Instructions:

• copy both the Dockerfile and the .dockerignore to the main repository after cloning
• create the Docker image using this command:

docker build -t csf_profile .

• create and run the Docker container:

docker run -p 3000:3000 -d csf_profile

• now the application can be accessed using a browser via http://localhost:3000

• News
• Tools
• Grc
• Cybersecurity
• Information Security