Target Profiles

In this exercise, we review the use of Target Profiles to help companies set goals for improving their Cybersecurity posture.

In Report Reviews, we worked with the NIST CSF Full Assessment titled “HOL IT Assessment (test)” that we created in New Assessment. While we set some target values for specific subcategories. In this case, ACME Manufacturing Company would like all business units to meet a specific NIST CSF standard and would like to apply a Target Profile to each Assessment for each business unit. In other cases, organizations must set Target Profiles to complete audits because of their sector, such as energy, where C2M2 v2.1 is required.

Setting a Reference Assessment for a NIST CSF Assessment

Reference assessments allow users to add side-by-side assessments with reference values to view as one.

From the available assessments, select the HOL IT Assessment (test) hyperlink to open the assessment. (Make sure filters from the previous exercise were cleared.)
Next to your user profile, click the drop-down menu to select Reference assessment(s).
On the Reference an assessment or target profile page from the drop-down, select HOL – Demo NIST-CSF -Gold Standard Targets-.
Click Add.
Click OK.

Scroll through the HOL IT Assessment (test) assessment, and see that other reference assessment values are also provided per item basis.

Using a Target Profile

A Target Profile allows you to (re-)use a standard or previously completed assessment to set target values instead of manually setting target values for each question.

From the Assessments list, select Test C2M2 2.1. The assessment is for an electrical energy company that would like to use a previously completed assessment to set targets.
Click on the assessment.
From the user menu, select Apply Target Profile.
From the Apply Target Profile modal, select HOL C2M2v2.1 – FS Client - 1.
Click OK.

As a result, all your target values are set based on the values used in the HOL C2M2v2.1 – FS Client – 1 Assessment.