this post was submitted on 08 Oct 2024
1 points (100.0% liked)

cybersecurity

10 readers
1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 1 year ago
MODERATORS
 
The original post: /r/cybersecurity by /u/arunsivadasan on 2024-10-07 20:55:28.

Here is the official SAP post:

https://community.sap.com/t5/security-and-compliance-blogs/we-did-it-sap-confirmed-it-is-nist-csf-tier-3/ba-p/13876375

A couple of things that caught my eye:

  • The journey began in 2021 under the guidance of SAP’s Chief Security Officer. According to their blog post, they managed to close the gaps by the end of 2023, which means it took them about two years to reach this milestone.
  • The starting point remains unclear. Given SAP’s existing adherence to many compliance standards, it’s likely that they started at a relatively high level of maturity, but there are no specific details about their initial position.
  • No specifics on the challenges. SAP hasn’t disclosed which areas had the most significant gaps or were the most challenging to address during this process. Perhaps they will reveal it in their planned webinar.
  • Custom self-assessment methodology. SAP hired EY to do the assessment and developed their own self-assessment methodology. They even went further. Here is a direct quote from the site:
  • According to their brochure, if you are an SAP customer, you can get the assessment methodology from your SAP representative. I wish they just made it public. Also, I am sure you could also check with your local EY partner
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here