The world’s leading cybersecurity guidance, NIST’s Cybersecurity Framework (CSF), is getting a significant update, its first comprehensive upgrade since its introduction nearly a decade ago. The cybersecurity framework has evolved beyond its original application for critical infrastructure and the updated version, CSF 2.0, showcases its applicability across various sectors, adapting to the changing cybersecurity environment.

Since 2017, Kyber Security has recognized the value of the globally recognized best practices outlined in the NIST Cyber Security Framework.  We have designed all of our programs to be in alignment with the 1.1 version of this framework to ensure that our clients are following best practices, even when they are not subject to a specific compliance.  With this updated set of practices and controls, Kyber is committed to retaining our relationship with the CSF to ensure that our clients have up to date policies, processes and controls as they relate to cyber security.

Cherilyn Pascoe, the lead developer for the framework, expressed NIST’s intentions in a press statement: “With this update, we are trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well. The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful everywhere from schools and small businesses to local and foreign governments. We want to make sure that it is a tool that’s useful to all sectors, not just those designated as critical.”

NIST is actively encouraging public input on CSF 2.0’s draft, with a planned release of the finalized version in early 2024.

Understanding NIST CSF 2.0: Key Enhancements and Insights

These are the main improvements and changes:

  • Applies to Businesses of All Sizes: Originally aimed at safeguarding critical infrastructure like banking and energy sectors, the new update expands its reach to all organizations, big or small, reflecting a growing need for comprehensive cybersecurity.
  • Addition of the “Govern” Function: In recognition of its wider applicability, CSF 2.0 extends beyond the original five pillars: identify, protect, detect, respond, and recover, introducing a sixth component called “govern” to assist organizations in managing internal cybersecurity decisions. NIST emphasized: “It emphasizes that cybersecurity is a major source of enterprise risk, ranking alongside legal, financial and other risks as considerations for senior leadership.”
  • Official Title Change Reflecting Expansion: The shift from “Framework for Improving Critical Infrastructure Cybersecurity” to “The Cybersecurity Framework” indicates a broadening of scope. This change signifies a response to a world where cybersecurity is everyone’s concern.
  • Tailored Implementation with Profiles: The new draft provides practical examples and guidance on creating profiles to tailor the CSF to specific scenarios, a step toward a more flexible and adaptable cybersecurity approach. Kyber Security can assist organizations, especially smaller ones, to use this feature to their advantage.
  • Interactive Reference Tool Planned: An innovative online reference tool that will enable users to interact with the CSF Core data is being planned. This tool will provide relationships between the CSF and other guidance, streamlining the integration of the CSF with other cybersecurity resources.
  • Enhanced Focus on Resilience: The updated framework promotes the ability to withstand and recover from cyber threats, an area Kyber Security emphasizes in its comprehensive cybersecurity solutions.
  • Attention to Supply Chain Risk Management: With global interconnectedness, managing cybersecurity risks in supply chains has never been more crucial.

How NIST CSF 2.0 Aligns with Your Security Strategy

NIST’s CSF 2.0 draft reflects extensive changes that you can leverage to bolster your cybersecurity posture. The framework’s adaptability and the inclusion of new functionalities provide a roadmap for organizations to tailor their cybersecurity measures.

  • Identifying and Evaluating Cybersecurity Risks: A more nuanced approach to identifying threats.
  • Implementing Suitable Security Measures: Guidance to deploy the right level of security measures.
  • Building Cyber Resilience: Strategic solutions to recover data after an incident.
  • Ongoing Improvement in Your Cybersecurity Program: Take a structured approach to continuous enhancement.
  • Assessing and Enhancing Cybersecurity Posture: Regular monitoring to remain robust against threats.

Final Thoughts on NIST CSF 2.0

NIST’s draft update is a monumental shift, reflecting an understanding of the changing cybersecurity landscape. Kyber Security recognizes these updates as a pivotal advancement. With the final version planned for early 2024, now is a crucial time for businesses to understand and adapt to these changes. Reach out to Kyber Security today to discover how NIST CSF 2.0 can become a cornerstone in your cybersecurity planning. Let’s work together to ensure that your organization remains secure and resilient in a world where cyber threats are continually evolving.