NIST’s Applied Cybersecurity Division has updated its framework to better suit the needs of a wider range of users, reflecting recent cybersecurity challenges and management practices.

The National Institute for Standards and Technology (NIST) has released its Cybersecurity Framework 2.0, which expands on its recommendations to include organizations beyond critical infrastructure. The first Cybersecurity Framework (CSF) was released in 2014 as a crucial tool for reducing cybersecurity risk to help organizations mitigate cybersecurity risk. 

NIST has updated CSF to be more accessible to all audiences and organizations, including small-to-large organizations across all industries, schools, and nonprofits, regardless of their cybersecurity sophistication level. The updated version is designed to provide “tailored pathways” into the framework, making it easier to implement. 

The CSF 2.0 is not just a single document but a suite of resources that can be customized over time, explained Laurie E. Lozascio, Under Secretary of Commerce for Standards and Technology and NIST Director.

In CSF 2.0, a sixth function, Govern, has been added to the five core functions of Identify, Protect, Detect, Respond, and Recover. It also addresses supply chain risks and includes a reference tool and a searchable catalogue for cybersecurity teams.

The Cybersecurity and Privacy Reference Tool (CPRT) has been launched to simplify the implementation of the Cybersecurity Standard (CSF) by allowing users to search, search, and export data/details from “the CSF’s core guidance in human-consumable and machine-readable formats.”

The searchable catalogue of informative references will allow organizations to cross-reference the CSF’s guidance to over 50 other cybersecurity documents, including NIST’s SP 800-53 Rev. 5. 

The CPRT also provides a set of NIST guidance documents that can be accessed and communicated to technical experts and the C-suite, ensuring coordination across all levels of an organization. 

NIST is expanding its CSF resources, with versions 1.1 and 1.0 translated into 13 languages. CSF 2.0 will be translated by volunteers worldwide. NIST’s collaboration with ISO and IEC has aligned cybersecurity documents, enabling organizations to build frameworks and organize controls with CSF functions.

CSF 2.0 emphasizes governance in cybersecurity strategy, emphasizing that cybersecurity is a significant enterprise risk.

“This update aims to make the framework even more relevant to a wider swath of users in the United States and abroad,” noted Kevin Stine, chief of NIST’s Applied Cybersecurity Division.

According to NIST’s press release, it plans to continue enhancing its resources and amplify user experiences to better understand and manage cybersecurity risks.

Experts Opinions:

For insights into the NIST’s Cybersecurity Framework 2.0; we reached out to Jason Soroko, Senior Vice President of Products at Sectigo. “NIST includes identity management as a first-class citizen within NIST Cybersecurity Framework 2.0. This very comprehensive guidance on cybersecurity, meant to be valuable to many different profiles, includes many of the pillars of certificate lifecycle management,” Jason explained. “It is worth studying the rich resources available by NIST to help navigate to the most useful and relevant parts of the guidance.”

Claude Mandy, Chief Evangelist, Data Security at Symmetry Systems appreciated NIST’s latest release. “It is great to see the update to the NIST Cybersecurity Framework formally released. It is important that standards and framework that are so widely adopted are continually and frequently updated to address the security needs of modern organizations,” said Claude.

“The inclusion of the Govern function is a recognition that mature and defensible security is only possible with clear governance to make decisions on what is required. Although this was implicit in the broader NIST Cybersecurity Framework, the explicit inclusion as a function elevates its importance of it,” he emphasised.

RELATED TOPICS

1. NSA, CISA Release Guidelines to Secure VPNs
2. CVSS v4.0 – New Supplemental Metrics, OT/ICS/IoT Support
3. U.S Govt launches new website to fight ransomware, help victims
4. Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Flaws
5. White House Cyber Strategy: Software Firms Face Liability for Breaches