top of page

Call to Compliance

A group of young employees have a discussion around computers.

The National Institute of Standards and Technology (NIST) just made it a requirement for security and human resource teams to collaborate. The new NIST Cybersecurity Framework 2.0 Govern Function, subcategory GV.RR-04, focuses on integrating cybersecurity risk management considerations into HR processes. The full title of this subcategory is Personnel Screening and Ongoing Evaluation Processes Incorporate Cybersecurity Risk Management Considerations. 

This subcategory highlights the importance of managing cybersecurity risks associated with an organization's workforce. It emphasizes the need to integrate risk management into key HR processes such as personnel screening, hiring, onboarding, culture, and ongoing evaluations. By doing so, organizations can better identify potential risks, ensure that employees understand their roles and responsibilities in maintaining cybersecurity, and promote a risk-aware culture across the organization. 

Some key aspects of this call to compliance subcategory include: 

  • Incorporating cybersecurity risk considerations into job descriptions and hiring processes. 

  • Establishing processes to screen personnel and contractors based on their potential cybersecurity risk. 

  • Regularly evaluating personnel and contractors to ensure they maintain the necessary security awareness and skills. 

  • Enforcing policies and procedures that promote cybersecurity risk awareness and compliance among employees. 

By addressing these aspects, organizations can effectively manage human-related cybersecurity risks and meet the objectives of the NIST GV.RR-04 subcategory. The impetus behind the new NIST Govern Function stems from Gartner, Forrester, and IBM research that says 90%+ of security breaches are caused by human mistakes. Gallup’s 2024 State of Global Workplace report says almost 80% of employees are disengaged, and are prone to 60% more mistakes. 


"Security behavior and culture programs adopt emerging capabilities—including behavioral science principles." –Gartner 

Gartner and Forrester say firms need to move beyond only security awareness training to adopt Human Risk Management (HRM) that creates a Security Behavior Culture. This requires behavioral science and other capabilities.  

RemotelyMe offers the first full-featured HRM solution based on behavioral science that lowers security and HR risks. Also, that meets compliance requirements for NIST CSF 2.0, PCI DSS 4.0, HIPAA 2023, GDPR, etc. Our solutions and services help organizations manage human-related cybersecurity and HR risks by creating a high trust, low risk culture across the workforce. 

Here's how RemotelyMe addresses key aspects of NIST GV.RR-04: 

  1. Talent Assessments: RemotelyMe's HERMAN CQI Assessment only takes 9-minutes to measure a worker’s trust and risk scores with a remarkable 93% reliability rate. CQI is the first to map predictive biomarkers to risks, trust, engagement, leadership, and soft skills. By adding HERMAN CQI into security awareness training and recruiting processes, organizations can better understand employee and candidate risk profiles and prescribe personalized training to improve trust and lower risks. 

  1. Training: By replacing or augmenting ineffective security awareness training and learning & development platforms, firms can attain what Gartner calls a Security Behavior Culture. RemotelyMe’s HERMAN LEARN platform includes security awareness training and phishing simulations, but goes much further by offering personalized courses to improve trust, engagement, leadership, remote work, and nine key soft skills designed to increase engagement. Again, higher engagement equals fewer mistakes and security risks while also improving productivity and retention. The ROI is a “no brainer.” 

  1. Risk-Based Access: Firms should move away from role-based access to set physical and digital access based on risk and trust factors. Gallup says 18% of employees could be disgruntled and pose insider threat risks. RemotelyMe’s HERMAN CYBER platform can integrate with Alert Enterprise, Okta, and other access management platforms to set access rights based on trust and risk factors rather than only identity. This helps create a true Zero Trust Architecture that goes beyond endpoints to also address human factors—which account for 90% of security breach risks. 

By leveraging RemotelyMe’s HRM solutions, organizations can effectively address the requirements of the NIST CSF 2.0 framework, as well as dozens of other regulatory compliance mandates, and create a robust, risk-aware culture that prioritizes cybersecurity, trust, and productivity across all levels of the workforce. 


bottom of page