Skip to content
Zoro x ScaleSec Client Story


Zoro NIST CSF Assessment & Roadmap
AWS NIST Cybersecurity Framework (CSF) Launch
Buffalo Grove, IL

Zoro logo



Zoro is a wholesale maintenance, repair and operations (MRO) distributor that markets exclusively to small and medium-sized business customers. The company has a simple mission: make it easy for customers to find, buy, and get everything they need. Zoro sells over 12,000,000 product SKUs from thousands of trusted brands, including tools, industrial equipment, business supplies, and more. It is recognized for carrying the hard-to-find MRO products, tools, and equipment customers need to support their facility, warehouse, or any other type of business.

Services Provided

ScaleSec provided security advisory services to Zoro regarding adopting and implementing NIST CSF. These services included documenting the current security controls within AWS and assigning a CSF profile tier. ScaleSec worked with Zoro to determine a target CSF profile tier and created recommendations to achieve the target tier.

ScaleSec is assisting Zoro in implementing these recommendations, including increasing logging and monitoring, hardening, encryption, IAM, and other security controls.

Engagement Outcomes

  • Zoro now has a full NIST CSF profile documented
  • Zoro has a roadmap to increase its NIST CSF scores to reduce risk
  • ScaleSec assisted Zoro with implementing many improved controls


NIST CSF five pillars


Zoro approached ScaleSec for assistance with its internal governance framework. They decided to use NIST Cybersecurity Framework (CSF) as their primary framework. This is a great framework for companies to start with as it is easily mapped back to other frameworks, such as NIST 800-53, PCI DSS, ISO 27001, and SOC 2. ScaleSec has expertise with NIST CSF and worked with Zoro to help plan the implementation of controls to advance its CSF profile.

One Team of Subject Matter Experts to Advise and Remediate (Project Approach)

ScaleSec reviewed the information security posture of their entire AWS deployment, including computing, networking, storage, identity, and disaster recovery. The posture was mapped to NIST CSF controls, and recommendations for improving each were documented.

ScaleSec performed remediation work or guided the following AWS technologies:

  • AWS EC2
    • Hardening, Patching, and File Integrity Monitoring
  • AWS Marketplace
    • AMIs
    • Security Groups and Access Controls
    • SSO integration, Users and Roles
    • Encryption and Disaster Recovery
  • AWS S3
    • Encryption and Access Control


The Value of a Trusted Partner and Ongoing Relationship

Working with the right partner is essential to the success of any NIST CSF implementation. Donna Mains, Senior Director of Technology Operations at Zoro, said ScaleSec was a great choice. ScaleSec and Zoro have collaborated on multiple cloud security and compliance initiatives for over a year.

“Our Zoro team absolutely loves working with ScaleSec and considers them one of our favorite vendors. They continuously add value and understand our business.”
Donna MainsSenior Director of Technology Operations, Zoro


Zoro has adopted the NIST CSF governance framework and is on a path to increase its current profile to a tier that meets its desired risk profile. Completing each recommendation will increase security risk mitigation as Zoro furthers its security-first approach to information technology.

An Ongoing Partnership is Solidified

ScaleSec brought a solid team of cloud security and project management specialists. They involved us enough to keep us on schedule with security efforts and daily work. We always knew where we were in the process, what was needed from us to keep progressing, and our expectations of when each task would be completed. We have found a true and ongoing partnership in security and compliance with ScaleSec.

– Donna Mains, Senior Director of Technology Operations, Zoro

Want to speak with a ScaleSec expert?

Want to optimize and transform your existing digital portfolio? Reach out to us.