Specifications include, but are not limited to: Training will be based upon the requirements in the NIST Cybersecurity Framework NIST SP 800-170. This security framework should provide the following: A method to identify opportunities for improving the current cybersecurity of the manufacturer or other covered entity. An evaluation of the ability to operate the control environment at an acceptable, reasonable risk leve. A standardized approach to preparing the cybersecurity plan for ongoing assurance of the manufacturer or other covered entity’s security program. Training will include the development of a cyber security gap analysis, risk mitigation plan of action and supporting documents (system security plan, SPRS score – Supplies Performance Risk System, incident response plan, and high=level recommendations for employee policy or handbook.
