NIST Releases Updated Cybersecurity Framework Version 2.0

John Rohland
March 11, 2024

NIST Framework Version 2.0 Update

On Monday, February 26, 2024, the National Institute of Standards and Technology (NIST) released the latest version of the Cybersecurity Framework (CSF). This update marks a significant milestone from its original inception. While initially targeted at critical infrastructure organizations, the framework has seen widespread adoption and integration across various sectors. Version 2.0 of the framework offers a more practical and structured approach to key areas essential for organizations looking to enhance security and risk management. The six core functions of the new framework - identify, protect, detect, respond, recover, and govern - form the foundation for comprehensive network security.

The following is a summary of each function within the latest version 2.0 framework.

The GOVERN Function

The GOVERN Function communicates and monitors an organization's cybersecurity risk management strategy, expectations, and policy. It provides outcomes to guide the organization in achieving goals aligned with its mission. Governance activities are crucial for integrating cybersecurity into the broader enterprise risk management strategy. The function focuses on organizational context, cybersecurity strategy, supply chain risk management, roles and responsibilities, policy implementation, and overseeing cybersecurity strategy.

The IDENTIFY Function

The IDENTIFY Function entails grasping the organization's current cybersecurity risks through understanding its assets, suppliers, and associated cybersecurity risks. This comprehension enables the prioritization of efforts in alignment with the risk management strategy and mission needs outlined in the GOVERN Function. Moreover, within the IDENTIFY Function, opportunities for enhancing policies, plans, processes, procedures, and practices related to cybersecurity risk management are pinpointed to guide efforts across all six Functions of the NIST Cybersecurity Framework.

The PROTECT Function

The PROTECT Function focuses on managing cybersecurity risks by using safeguards. It aims to secure assets to reduce the impact of adverse events and enhance potential benefits. This includes outcomes such as identity management, authentication, access control, awareness and training, data security, and platform security.

The DETECT Function

The DETECT Function is responsible for identifying and analyzing cybersecurity and compromises. It helps in quickly discovering, indicators of compromise, and other events that may indicate cybersecurity incidents. This function is essential for supporting incident response and recovery efforts.

The RESPOND Function

The RESPOND Function involves responding to a cybersecurity incident to its effects. This function includes incident management, analysis, mitigation, reporting, and communication.

The RECOVER Function

The RECOVER Function focuses on restoring assets and operations impacted by cybersecurity incidents. It aims to expedite the return to normal operations, reduce the impact of cybersecurity incidents, and ensure clear communication throughout the recovery process.

Next Steps:

Individuals are highly encouraged to review the latest version of the NIST Cybersecurity Framework (CSF), as it is a significant milestone and the first major update since its inception.

See the following links for more in-depth information.

NIST Releases Version 2.0 Framework:

Updating NIST Cybersecurity:

Meet the Author
John Rohland
John has over 25 years of experience from Information Systems Consultant, Information Technology Director to Network Administrator in both Corporate and Small Business Environments.
Connect on LinkedIn

Hope you found our EDCi insights interesting and informative.

If you did, why not subscribe for more related content? Don't miss out on the latest updates and exclusive insights!
Thanks for joining EDCi's insights.
Oops! Something went wrong while submitting the form.