With APIs ubiquitous across organizations, it is ever more important that API security controls needs to be included in cybersecurity strategies.

With more and more organizations adopting the NIST Cybersecurity Framework (CSF) as a tool to track their controls and manage risk, we wanted to provide clients with some guidance about how to incorporate API security into the NIST CSF and a tool to help them measure and track their API controls and processes.

Of course, every organization is unique and is impacted by unique risks - different threats, different vulnerabilities, different risk tolerances. The NIST CSF for APIs spreadsheet is just a starting point and you can choose to use as much or as little of it as you’d like – every organization will need to customize it to meet their needs. If, along the way, you require assistance or advice about how to implement better controls for your API security, please reach out – we're here to help.

Download this customizable spreadsheet to help you identify ways to measure and improve your API risk.