NIST framework updates
Last week, the National Institute of Standards and Technology (NIST) released a draft version of their Cybersecurity Framework (CSF) 2.0. Below we analyse the changes, what they could mean for your organisation and the opportunities they present.
Credit: N. Hanacek/NIST
While the five key NIST pillars of Identify, Protect, Detect, Respond and Recover all remain, there is an underlying new strand in Govern. This comes after more than a year of community feedback to NIST. The changes come about to reflect the widespread adoption of the framework far beyond the initial intended use of the CSF for critical national infrastructure and high-regulation, high risk industries such as Finance, Healthcare and Energy. These changes have been implemented with everyone in mind to SMEs and not-for-profits.
There is also more comprehensive guidance on implementation of CSF, tailoring it to relevant scenarios for security leaders and implementation examples for each sub-category. With greater structure and guidance to follow now, particularly for those with limited time and resources to manage their business risk aligned to the framework, many valuable outputs are achieved, enabling your organisation to innovate, differentiate and grow, including:
As highlighted, this updated version is in draft currently and subject to further amendments, though it has been stated there are no plans for further drafts; feedback is being taken on the changes up to 4th November 2023. Planned publication of the final version will be early 2024.
If you want to get ahead of the curve, understand how this potentially impacts your organisation and understand how Amicis are supporting others in readiness for these changes, enquire at hello@amicisgroup.co.uk
For the full press release, follow the feature here https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework
Leverage your 30-day free trial to see up to the second threats to your estate and how Amicis enables your organisation to innovate and scale whilst monitoring, managing and mitigating these activities.