- NIST has officially rolled out Cybersecurity Framework 2.0, marking the first significant update in the framework’s ten-year history.
- Initially targeted at critical infrastructure entities, the revised CSF 2.0 is now positioned to assist organizations of all sizes and sectors in mitigating cybersecurity risks.
The core guidance of CSF 2.0 has been expanded based on valuable feedback received during the draft phase.
NIST’s latest update has introduced a new “Govern” function, a crucial addition for aspects like risk management, according to Robert Booker, Chief Strategy Officer at HITRUST, a contributor to CSF 2.0 development.
Structured around six key areas – identify, protect, detect, respond, recover, and govern – CSF 2.0 aligns with the National Cybersecurity Strategy.
Users receive tailored implementation examples and quick-start guides to enhance cybersecurity measures.
A notable feature of CSF 2.0 is its searchable catalog of references, allowing organizations to align guidance with over 50 other relevant cybersecurity documents.
The framework, initially available in over a dozen languages, is expected to be translated into more by volunteers worldwide.
NIST Director Laurie E. Locascio emphasizes that CSF 2.0 is not just a single document but a suite of resources adaptable to evolving cybersecurity needs. The framework is lauded for aiding organizations in anticipating and addressing cybersecurity threats.
Katherine Ledesma, Head of Public Policy & Government Affairs at Dragos, highlights the paradigm shift from viewing cybersecurity as a cost center to an essential investment for business operations, particularly in industrial control systems (ICS) and operational technology (OT) environments.
CSF 2.0 acknowledges the broad applicability of its functions, categories, and subcategories to both IT and OT environments. Ledesma anticipates ongoing efforts to address distinct approaches needed for safeguarding ICS/OT, with a focus on updating documents such as the Guide to OT Security and incorporating these concepts into broader planning and guidance documents.
The release of NIST’s Cybersecurity Framework 2.0 signifies a milestone in the evolving landscape of cybersecurity strategies, adapting to the changing needs of organizations and emphasizing proactive protection measures.
Cyberattacks have evolved with the rise of artificial intelligence and other advanced technologies. AI will empower hackers to enhance their assault strategies, while simultaneously enabling organizations to strengthen their protective measures.
Thus it’s crucial for organisations to stay vigilant, alert and keep up with the latest cybersecurity protocols.