RKON

Private Equity Services

Zoro NIST CSF Assessment & Roadmap

Filed Under:

INDUSTRY

Retail

USE CASE

AWS NIST Cybersecurity Framework (CSF) Launch

LOCATION

Buffalo Grove, IL

WEBSITE

zoro.com

PLATFORM

AWS

Zoro is a wholesale maintenance, repair and operations (MRO) distributor that markets exclusively to small and medium-sized business customers. The company has a simple mission: make it easy for customers to find, buy, and get everything they need. Zoro sells over 12,000,000 product SKUs from thousands of trusted brands, including tools, industrial equipment, business supplies, and more. It is recognized for carrying the hard-to-find MRO products, tools, and equipment customers need to support their facility, warehouse, or any other type of business.

Services Provided

RKON provided security advisory services to Zoro regarding adopting and implementing NIST CSF. These services included documenting the current security controls within AWS and assigning a CSF profile tier. RKON worked with Zoro to determine a target CSF profile tier and created recommendations to achieve the target tier.

RKON is assisting Zoro in implementing these recommendations, including increasing logging and monitoring, hardening, encryption, IAM, and other security controls.

Engagement Outcomes

  • Zoro now has a full NIST CSF profile documented
  • Zoro has a roadmap to increase its NIST CSF scores to reduce risk
  • RKON assisted Zoro with implementing many improved controls

Background

Zoro approached RKONfor assistance with its internal governance framework. They decided to use NIST Cybersecurity Framework (CSF) as their primary framework. This is a great framework for companies to start with as it is easily mapped back to other frameworks, such as NIST 800-53, PCI DSS, ISO 27001, and SOC 2. RKON has expertise with NIST CSF and worked with Zoro to help plan the implementation of controls to advance its CSF profile.

One Team of Subject Matter Experts to Advise and Remediate (Project Approach)

RKON reviewed the information security posture of their entire AWS deployment, including computing, networking, storage, identity, and disaster recovery. The posture was mapped to NIST CSF controls, and recommendations for improving each were documented.

RKON performed remediation work or guided the following AWS technologies:

  • AWS EC2
    • Hardening, Patching, and File Integrity Monitoring
  • AWS Marketplace
    • AMIs
  • AWS VPC
    • Security Groups and Access Controls
  • AWS IAM
    • SSO integration, Users and Roles
  • AWS RDS
    • Encryption and Disaster Recovery
  • AWS S3
    • Encryption and Access Control
“Our Zoro team absolutely loves working with RKON and considers them one of our favorite vendors. They continuously add value and understand our business.”
Donna MainsSenior Director of Technology Operations, Zoro

Results

Zoro has adopted the NIST CSF governance framework and is on a path to increase its current profile to a tier that meets its desired risk profile. Completing each recommendation will increase security risk mitigation as Zoro furthers its security-first approach to information technology.

An Ongoing Partnership is Solidified

RKON brought a solid team of cloud security and project management specialists. They involved us enough to keep us on schedule with security efforts and daily work. We always knew where we were in the process, what was needed from us to keep progressing, and our expectations of when each task would be completed. We have found a true and ongoing partnership in security and compliance with RKON.

– Donna Mains, Senior Director of Technology Operations, Zoro