Ribose Achieves World’s First NIST Cybersecurity Framework Certification by BSI
on
08 Aug 2018
Verified compliance to NIST Cybersecurity Framework at Tier 4 (Adaptive)
[08 August 2018 — Hong Kong]
Ribose has become the world’s first organization to certify to the NIST Cybersecurity Framework (Tier 4) by BSI.
The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) was mandated by U.S. Executive Order (EO) 13636, and was designed to protect critical infrastructure and vital industries from cyberattacks. It also allows organizations to select a “Tier” based on organizational practices — from Tier 1 (Partial) to Tier 4 (Adaptive) — indicating a progressive approach from informal and reactive, to agile and risk-driven.
BSI was part of the team of experts that worked with NIST to develop the CSF, and is the first certification body to offer certification to the CSF. The program validates processes and evidence corresponding to the chosen tier level, and is integrated with ISO/IEC 27001, which comprehensively validates information security and risk management practices.
John DiMaria, Global Product Champion for Information Security and Business Continuity for BSI, said, “BSI has created the world’s first certification on the NIST Cybersecurity Framework. The unique tiered concept combines solid information security principles with application flexibility, which will be valued by organizations worldwide. We congratulate Ribose on being the first organization to receive our NIST CSF certification at Tier 4, and commend its long-standing commitment to international harmonization of cybersecurity providing the highest levels of data protection.”
Enoch Lee, General Manager of Hong Kong for BSI, added, “BSI has long been recognized as a pioneer in information security management. The new NIST Cybersecurity Framework certification program is a key component of our efforts to maintain this leadership position.”
According to Ronald Tse, founder of Ribose, “Achieving NIST CSF certification at Tier 4 reaffirms our unwavering commitment to protecting our customers' data based on verifiable cybersecurity. Our approach builds upon a solid security foundation that includes the selective Kitemark for Secure Digital Transactions certification, as well as cloud security and privacy certification through ISO/IEC 27017 and ISO/IEC 27018.”