Implementing the NIST Cyber Security Standards using COBIT 5

Implementing the NIST Cybersecurity Framework provides guidance in the implementation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) through a seven-step process, aligned with COBIT5 principles.

Image description

The purpose of the CSF Implementation qualification is to provide and measure a candidate’s knowledge and understanding of the CSF, its goals, the implementation steps, and the ability to apply this information. The COBIT 5 Foundation Qualification is not required; however, it is strongly recommended that candidates either have a strong COBIT 5 background or have taken the COBIT5 Foundation course. This course and exam is aimed at individuals who have a basic understanding of both COBIT5 and security concepts, and who are involved in improving the cybersecurity program for outside organizations or their own.

Course Description


In 2013, a legislation was passed that made it mandatory to further Improving Critical Infrastructure Cybersecurity, which called for the development of a voluntary risk-based cybersecurity framework that is "prioritized, flexible, repeatable, performance-based, and cost-effective." The Cybersecurity Framework (CSF) was developed through an international partnership of small and large organizations, including owners and operators of the nation's critical infrastructure, with leadership by the National Institute of Standards and Technology (NIST). ISACA participated in the CSF's development and helped embed key principles from the COBIT framework into the industry-led effort. As part of the knowledge, tools and guidance provided through our Cybersecurity Nexus (CSX)™ program, ISACA has developed a guide and course: Implementing NIST Cybersecurity Framework Using COBIT 5.

This course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.

ISACA offers professionals who have mastered the content in the COBIT 5 Foundation Course an opportunity to demonstrate their knowledge by taking an exam and earning a certificate of completion. These professionals understand the goals and content of the Cybersecurity Framework and how implement the seven Cybersecurity Framework implementation steps using COBIT 5.

At the conclusion of this course, attendees will understand

  • Understand the goals of the Cybersecurity Framework (CSF)
  • Understand and discuss the content of the CSF and what it means to align to it
  • Understand each of the seven CSF implementation steps
  • Be able to apply and evaluate the implementation steps using COBIT5
  • Awareness of business impacts
  • Understanding the relationship of business systems and their associated risk appetite
  • Understanding of business requirements and mission objectives and their priorities

Target Audience

Individuals who have a basic understanding of both COBIT5 and security concepts, and who are involved in improving the cybersecurity program for outside organizations or their own organization.


Exam Format

  • COBIT 5 Implementing the NIST Standards using COBIT 5 (INCS):
  • Pass mark: 50% (75 questions in total, 5 questions are trail questions and will not count to the final mark)
  • Exam structure: Multiple choice/objective testing format
  • Exam duration: 80 minutes
  • Prerequisites: None