NIST CSF Gets a Facelift!

Cybersecurity graphic
Reprinted courtesy of the National Institute of Standards and Technology, U.S. Department of Commerce. Not copyrightable in the United States.

Reprinted courtesy of the National Institute of Standards and Technology, U.S. Department of Commerce. Not copyrightable in the United States.

Introducing the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) version 2.0. Nationally recognized as a cybersecurity framework for institutions to align with, the upgrades include some forward thinking improvements. The sets of controls are focused on risk management.

There are now 6 core levels in NIST CSF 2.0:
Govern-This addition to the core functions includes organizational context, risk management strategy, roles, responsibilities, authorities, policy, oversight and cybersecurity supply chain risk management.
Identify-Inventory all hardware and software
Protect-Implement controls by applying the least privilege principle for user access. Keep hardware and software up to date. Use encryption. Educate end users on cybersecurity threats and risks.
Detect– Monitor the network for suspicious access or activity.
Respond – Develop an incident response plan to be able to react efficiently to a cyber incident.
Recover – Repair and restore processes. Keep stakeholders aware of recovery efforts.

NIST CSF 2.0 has made significant enhancements to the framework. This guidance is intended to assist all organizations to meet their cybersecurity goals. The notable changes include an emphasis on governance, stating that cybersecurity is a major source of cyber risk and should be considered. The Respond function has been revamped to specifically target and map to cyber incident response.

The guidelines have been made clearer and simplified so that all organizations can apply these principles. There are also not implementation examples.

If you have found that NIST CSF has been too difficult to apply to your establishment, or that it didn’t fit your operation, it may be worth taking another look. Whatever cybersecurity framework you are supporting, understanding the importance of following National standards for best practices will greatly improve your overall cybersecurity posture.

Resources:
NIST Releases Version 2.0 of Cybersecurity Framework
CSF 2.0 Quick Start Guide
CSF 2.0 Implementation Examples
CSF 2.0 Reference Tool