<img alt="" src="https://secure.badb5refl.com/165368.png" style="display:none;">

NIST CSF vs. CIS v8: Insights from Experts

As cybercrimes continue to escalate, organizations need to adopt simple, but effective, cybersecurity frameworks to help guard against potential attacks.

When considering options, often companies consider different frameworks such as NIST CSF and CIS v8. But, when comparing the various frameworks, it can be confusing to determine which framework best suits your organization. CIS v8 is prescriptive yet doesn’t address third-party risk management. NIST CSF, however, is not prescriptive but includes a third-party risk management module.

Watch our fireside chat on demand with CohnReznick specialists, Daryouche Behboudi and Bhavesh Vadhani, as they compare NIST CSF and CIS v8 and answer your questions.

Watch On-Demand

Discussion Points

What are NIST CSF and CIS v8?

What are these frameworks and how can they support your organization's security goals?


How do these frameworks compare? Is one better than the other?

Which framework is best for you?

How to choose which framework your organization should follow

Real-World Examples

How other companies are implementing these frameworks

Bhavesh Vadhani Headshot




Principal, National Leader, Cybersecurity, Technology Risk, and Privacy

Bhavesh Vadhani is a principal and the national leader of the Cybersecurity, Technology Risk, and Privacy Practice with over 20 years of experience in the field of information risk management, security consulting and privacy advisory services. He has led and managed such engagements as privacy assessments, information technology (IT) controls assessments, vendor security assessments, SSAE 16/SOC 1 and SOC 2 attestations, IT risk assessments, information security consulting, information assurance, IT strategy, IT portfolio management, and project management and quality assurance reviews.  Bhavesh is intimately familiar with regulatory requirements and standards, including, but not limited to, GDPR, CMMC, NYDFS, DFARS, Sarbanes-Oxley 404 (SOX), OMB A-123, PCI-DSS, 201-CMR 17, Red Flags, FedRAMP and FISMA.

Daryouche Behboudi



Daryouche Behboudi

Cybersecurity, Technology Risk and Privacy, Managing Director

Daryouche is managing director in CohnReznick’s Cybersecurity, Technology Risk and Privacy practice. He has more than 20 years of experience managing consulting engagements with top-tier firms focusing on IT strategy articulation, IT risk and security management (FFIEC, NIST, DFS, CIS), operations and organizational design, cost takeout, and vendor management and outsourcing giving him the edge when it comes to understanding the technology challenges these types of institutions are facing today.

Watch On-Demand