Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
It's recommended that partners self-attest their products to assure customers they're aligned with the NIST CSF 2.0 framework.
Important
Find out more about CSF 2.0 framework on the NIST website.
The recommendation is important for partners because:
It builds trust and discoverability
Once submitted, Microsoft incorporates the attested mappings into the Security Store merchandising experience. This helps customers easily discover solutions that align with their cybersecurity needs and outcomes.
It aligns with secure industry standards
The NIST CSF 2.0 is a globally recognized framework for managing cybersecurity risk. By aligning with it, partners signal maturity and adherence to best practices. This is especially important for customers operating in regulated or security-conscious industries.
There is no formal audit required
Unlike compliance frameworks that require third-party audits (e.g., FedRAMP or ISO 27001), the NIST CSF 2.0 self-attestation is a lightweight, risk-based assessment. This allows partners to demonstrate alignment that benefits customers without undergoing formal certification processes.
It promotes continuous improvement
The CSF is designed to be iterative and adaptable. Self-attestation encourages partners to assess their cybersecurity posture regularly and identify areas for improvement, fostering a culture of continuous enhancement that is beneficial for customers.
How to self-attest
On Cybersecurity Framework | CSRC, find the Export option. Export the file as Excel as shown in the screenshot.
Validate and identify which cybersecurity function or functions, categories, and subcategories your product maps to. For guidance, the Excel export gives implementation example for each function.category-subcategory.
Fill out the NIST self-attestation form with the offer ID of your solution. Here's an example the format of that ID takes.
- Function1.category1-subcategory1; function2.category2-subcategory2....
- For example, GV.RR-04;ID.IM-03;PR.AA-01
Once you submit the form listing the NIST CSF 2.0 categories your product maps to, Microsoft includes your offer in the Security Store NIST CSF 2.0 merchandising experience.
This offering helps customers more easily discover your solution based on their cybersecurity needs, as shown in the NIST diagram.
Return to The Security Store Partner Listing Guide OR How to publish your SaaS solutions