Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
NIST Cybersecurity Framework 2.0: 4 Steps to Get Started
The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here's where to start putting the changes into action.
1 Min Read
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
The US National Institute of Standards and Technology (NIST) has released the latest draft of its well-regarded Cybersecurity Framework (CSF) this week, leaving companies to mull how a few significant changes to the document affects their cybersecurity programs.
Between the new "Govern" function to incorporate greater executive and board oversight of cybersecurity, and the expansion of the best practices beyond just those for critical industries, cybersecurity teams will have their work cut out for them, says Richard Caralli, senior cybersecurity adviser at Axio, an IT and operational technology (OT) threat management firm.
"In many cases, this will mean that organizations have to take a hard look at existing assessments, identified gaps, and remediation activities to determine the impact of the framework changes," he says, adding that "new program gaps will emerge that previously may not have been present, especially with respect to cybersecurity governance and supply chain risk management."
The original CSF, last updated 10 years ago, aimed to provide cybersecurity guidance to industries critical to national and economic security. The latest version greatly expands that vision to create a framework for any organization intending to improve its cybersecurity maturity and posture. In addition, third-party partners and suppliers are now a significant factor to consider in the CSF 2.0.
About the Author
You May Also Like
More Insights
