Descriptive Alt Text

A look at the NIST Cybersecurity Framework 2.0

March 6, 2024 Reading Time: 4 minutes

On 26th February 2024, NIST released a major update to its Cybersecurity Framework (CSF) which has been widely adopted by organisations to help them in managing and mitigating cyber risks over the past decade. The updates to the CSF (v2.0), are the result of years of discussions and public feedback, aimed at enhancing the framework’s utilisation and applicability across various sectors, and not just critical infrastructure. In this article, we will look at some of the big changes that have been incorporated into version 2.0.

In this blog:

Addition of a new function: Govern

One of the most significant enhancements in CSF 2.0 is the introduction of the Govern Function. This new function underlines the importance of cybersecurity risk management governance, placing it at the forefront of an organisation’s cybersecurity strategy. It emphasises that cybersecurity is not just a technical issue but a critical enterprise risk that demands the attention of those in senior leadership roles.

The Govern Function aims to ensure that cybersecurity risk management is an integral part of the organisational strategy, aligning with other critical business considerations such as financial stability and reputation.

The framework now encompasses six key functions:

  • Govern: Steer and oversee your organisation’s cybersecurity strategy and policy.
  • Identify: Understand the cyber risks to your business operations.
  • Protect: Implement safeguards against identified risks.
  • Detect: Identify potential cybersecurity attacks and breaches.
  • Respond: Address and manage detected cybersecurity incidents.
  • Recover: Restore operations affected by cyber incidents.
NIST CSF 2.0 - New Structure
Image 1: NIST CSF 2.0 - New Structure

Widening of Applicability

A notable shift in CSF 2.0 is its broadened applicability. While the original iteration was primarily aimed at critical infrastructure, the updated framework aims now to help all organisations, including those in government, industry, and academia. This approach ensures that organisations of any size, sector, or cybersecurity maturity level can benefit from the framework’s guidance, addressing a wider range of cybersecurity challenges.

Toolkits to Enable Implementation

To enable wider adoption of the framework, NIST has rolled out an array of tools designed to facilitate the implementation of CSF 2.0. These tools not only emphasise governance and supply chain security but also offer customised entry points into the framework, making it more accessible and effective for organisations regardless of their size.

Streamlined Implementation with the New Reference Tool

The introduction of the NIST CSF’s Reference Tool will help organisations in interacting with the framework, allowing for an intuitive exploration of its core guidance. This tool simplifies the implementation process, catering to both human and machine readable formats, and enhances the usability of the CSF across different organisational contexts.

Informative Reference Catalog with Mappings

Further supporting implementation efforts, the CSF 2.0 introduces a searchable catalogue of informative references . This resource enables organisations to align CSF guidance with over 50 other cybersecurity references, facilitating a harmonised approach to cybersecurity management.

Community Profiles and Implementation Examples

To illustrate the flexibility of the CSF, NIST has provided community profiles and implementation examples . These resources showcase how various sectors adapt the framework to their unique contexts, offering practical guidance for organisations looking to tailor the CSF to their requirements.
NIST CSF 2.0 - Profiles
Image 2: NIST CSF 2.0 - Profiles

Quick Start Guides for Diverse Audiences

NIST has also developed targeted quick start guides for small businesses, enterprise risk managers, and organisations focusing on supply chain security. These guides offer concise, actionable insights to help stakeholders kickstart their cybersecurity journey with CSF 2.0.

Conclusion

The NIST CSF 2.0 marks an improvement in the journey towards enhanced cybersecurity measures for organisations of all sizes. The introduction of the Govern Function, alongside the framework’s expanded applicability and the provision of comprehensive support tools, provides a valuable resource for cybersecurity preparedness and widespread adoption, guiding organisations towards achieving higher levels of security and resilience.

If you would like further information on how Secora Consulting can assist you in aligning or evaluating your alignment to the NIST CSF 2.0 , please get in touch by filling out the form below 👇.

Recent Posts

Let's Talk About Your Project

Leave us your details and one of our team will reach out to explore how we can assist with your cybersecurity requirements.

Postal address

The BASE Enterprise Centre

Railway Road

Stranorlar

Co. Donegal

Ireland

F93 VAK6

Phone number
IE: +353 74 970 7876 | UK: +44 20 4538 2818
Email
info@secoraconsulting.com

To learn more about your data and privacy rights, visit our Privacy Statement.