NIST Releases Updated Cybersecurity Framework Version 2.0
NIST Framework Version 2.0 Update
On Monday, February 26, 2024, the National Institute of Standards and Technology (NIST) released the latest version of the Cybersecurity Framework (CSF). This update marks a significant milestone from its original inception. While initially targeted at critical infrastructure organizations, the framework has seen widespread adoption and integration across various sectors. Version 2.0 of the framework offers a more practical and structured approach to key areas essential for organizations looking to enhance security and risk management. The six core functions of the new framework - identify, protect, detect, respond, recover, and govern - form the foundation for comprehensive network security.
The following is a summary of each function within the latest version 2.0 framework.
The GOVERN Function
The GOVERN Function communicates and monitors an organization's cybersecurity risk management strategy, expectations, and policy. It provides outcomes to guide the organization in achieving goals aligned with its mission. Governance activities are crucial for integrating cybersecurity into the broader enterprise risk management strategy. The function focuses on organizational context, cybersecurity strategy, supply chain risk management, roles and responsibilities, policy implementation, and overseeing cybersecurity strategy.
The IDENTIFY Function
The IDENTIFY Function entails grasping the organization's current cybersecurity risks through understanding its assets, suppliers, and associated cybersecurity risks. This comprehension enables the prioritization of efforts in alignment with the risk management strategy and mission needs outlined in the GOVERN Function. Moreover, within the IDENTIFY Function, opportunities for enhancing policies, plans, processes, procedures, and practices related to cybersecurity risk management are pinpointed to guide efforts across all six Functions of the NIST Cybersecurity Framework.
The PROTECT Function
The PROTECT Function focuses on managing cybersecurity risks by using safeguards. It aims to secure assets to reduce the impact of adverse events and enhance potential benefits. This includes outcomes such as identity management, authentication, access control, awareness and training, data security, and platform security.
The DETECT Function
The DETECT Function is responsible for identifying and analyzing cybersecurity and compromises. It helps in quickly discovering, indicators of compromise, and other events that may indicate cybersecurity incidents. This function is essential for supporting incident response and recovery efforts.
The RESPOND Function
The RESPOND Function involves responding to a cybersecurity incident to its effects. This function includes incident management, analysis, mitigation, reporting, and communication.
The RECOVER Function
The RECOVER Function focuses on restoring assets and operations impacted by cybersecurity incidents. It aims to expedite the return to normal operations, reduce the impact of cybersecurity incidents, and ensure clear communication throughout the recovery process.
Next Steps:
Individuals are highly encouraged to review the latest version of the NIST Cybersecurity Framework (CSF), as it is a significant milestone and the first major update since its inception.
See the following links for more in-depth information.
NIST Releases Version 2.0 Framework:
https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20
