A few years ago, as I was working with telecommunications providers as a vCISO, I recognized there was a tremendous amount of confusion relating to the cybersecurity guidance in the sector. Many were trying to wrap their heads around what the guidance said, what it meant to their business, and where to start. To help streamline some of that confusion, I wrote the original Telco Profile.

In the years since, I have worked with organizations to implement that profile. There have been a tremendous amount of lessons learned. I have also listened to feedback on the profile itself. At the same time, the guidance has updated: new NTCA guidance and new CISA Cybersecurity Performance Goals.

So Karen and I worked to update the content to be even more streamlined and consistent with current priorities and guidance. We are happy to announce the Telco Profile 2.0! It was recently approved as one of NIST’s Community Profiles. As a pay-what-you-can resource, it offers a cost-effective way to organize and communicate about your cybersecurity risk management activities.

The Telco Profile 2.0 is a community profile built on the NIST Cybersecurity Framework (CSF) 2.0. This profile was created by aggregating, analyzing, and cross-referencing cybersecurity priorities from several authoritative industry sources, including the FCC’s Communications Security, Reliability, and Interoperability Council (CSRIC), NTCA’s Sector-Specific Guidance for Small Network Service Providers, CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs), and the NIST CSF 2.0. By synthesizing these inputs, the profile produces a unified, weighted priority ranking of CSF 2.0 subcategories tailored to the telecommunications sector.

This version comes with implementation guidance, a prioritized list of CSF 2.0 Subcategories, and a heat map! Drop us a note or contact us as team [at] tcannex [dot] com for questions, comments, or more information.