Unpacking the NIST cybersecurity framework 2.0

The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.

NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards and create a new model that reflects evolving security challenges.

While the core of the CSF remains the same, there are several notable additions to the new version. Here’s what enterprises need to know about the new framework, how it impacts operations and how IT teams can effectively apply CSF version 2.0 to daily operations.

New in NIST 2.0: The Govern function

First is the introduction of the “Govern” function, which underpins all five functions of the original NIST framework: Identify, Protect, Detect, Respond and Recover. As noted by the original CSF 1.0 documentation, “these functions are not intended to form a serial path or lead to a static desired end state. Rather, the functions can be performed concurrently and continuously to form an operational culture that addresses the dynamic security risk.”

As a result, the functions are often depicted as a five-part circle that surrounds the center CST framework. Each function leads into the next, and no function is independent of another.

NIST CSF 2.0 keeps these func ..

Support the originator by clicking the read the rest link below.