Contact Us

Continuity Insights Management Conference

NIST Updates Landmark Cybersecurity Framework

The agency finalized the framework’s first major update since its creation in 2014.
NIST’s updated cybersecurity framework now features quick-start guides aimed at specific audiences, success stories outlining other organizations’ implementations, and a searchable catalog of informative references that allows users to cross-reference the framework’s guidance to more than 50 other cybersecurity documents.
Credit: N. Hanacek/NIST

At the end of February, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF), a landmark guidance document for reducing cybersecurity risk. The new 2.0 edition is designed for all audiences—regardless of their degree of cybersecurity sophistication.

The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which encompasses how organizations make and carry out informed decisions on cybersecurity strategy. The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation.

NIST first released the CSF in 2014 to help organizations understand, reduce and communicate about cybersecurity risk. The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s newly added Govern function. When considered together, these functions provide a comprehensive view of the life cycle for managing cybersecurity risk.

The updated framework anticipates that organizations will come to the CSF with varying needs and degrees of experience implementing cybersecurity tools. New adopters can learn from other users’ successes and select their topic of interest from a new set of implementation examples and quick-start guides designed for specific types of users, such as small businesses, enterprise risk managers, and organizations seeking to secure their supply chains.

In addition, the CSF 2.0 offers a searchable catalog of informative references that shows how their current actions map onto the CSF. This catalog allows an organization to cross-reference the CSF’s guidance to more than 50 other cybersecurity documents, including others from NIST, such as SP 800-53 Rev. 5, a catalog of tools (called controls) for achieving specific cybersecurity outcomes.

Organizations can also consult the Cybersecurity and Privacy Reference Tool (CPRT), which contains an interrelated, browsable, and downloadable set of NIST guidance documents that contextualizes these NIST resources, including the CSF, with other popular resources. And the CPRT offers ways to communicate these ideas to both technical experts and the C-suite, so that all levels of an organization can stay coordinated.

Click here for more News.
Continuity Insights

Similar Articles

Firestorm Partners With BCI on Global BCM Compensation Study

Firestorm Solutions has announced a strategic partnership with the Business Continuity Institute (BCI) to co-publish the 2019 Edition Business Continuity Management Compensation Study. The 17th annual study, aggregates data from …

Firms revise business continuity plans amid China-Taiwan tensions

Nearly half (47%) of US American Chamber of Commerce Taiwan (AmCham) members said the new geopolitical climate had forced them to revise business continuity plans. The survey, involving 214 businesses, …

Business, Interrupted: Supply Chain Lessons Learned

The supply chain. Until complications compounded during the coronavirus pandemic, it’s not something most consumers thought much about. But today, with shortages of everything from baby formula to automobiles, it’s …

Leave a Comment

Share to...