ISACA has updated its Cybersecurity Audit Program, adapted from the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 (released in February 2024).
New audit testing steps have been added to cover the risk strategy, supply chain risk management, and privacy cybersecurity controls introduced in the new NIST Govern function.
In addition, a request list of documents, evidence, and other resources has been developed for auditors to leverage when engaging with auditees to substantiate the controls under review. Finally, the NIST CSF 2.0 Reference Tool implementation examples and COBIT 2019 references to key governance and management practices have been updated. The member price for the digital version is USD 25.