The document provides an agenda for maturing an information security (IS) program using the NIST Cybersecurity Framework and FFIEC Cybersecurity Maturity Assessment. It discusses reasons to mature cybersecurity posture such as data breaches and their impact on the economy. It then outlines the NIST Cybersecurity Framework including its functions, categories, and subcategories. It also describes the FFIEC Maturity Assessment Tool and its domains for evaluating an organization's cybersecurity maturity. The document shares details about how one organization used these frameworks to improve their cybersecurity program over time from an initial assessment to continuous improvement.