NIST Releases Updated Cybersecurity Framework

In two earlier posts, we discussed the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) updates and their impacts on MSPs and financial institutions. Now, the NIST has released Version 2.0 of the CSF, the first significant update since its creation in 2014. 

Version 2.0 extends the CSF’s reach beyond critical infrastructure to offer a comprehensive resource for managing and mitigating security risks. This update provides enhanced guidance, a greater focus on governance, and an array of resources facilitating the framework’s implementation across diverse industries and organizations.

You’ll find a fact sheet that describes the framework’s updates here.

Key Takeaways from NIST 2.0

As the U.S. government endeavors to ramp up data protections for all sectors, CSF 2.0 provides a standardized resource for improving overall cybersecurity efforts. The key takeaways from version 2.0 include:

Expanded Audience and Scope 

As the NIST puts it, the framework “offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization—regardless of its size, sector, or maturity—to better understand, assess, prioritize, and communicate its cybersecurity efforts.”

Increased Focus on Governance

The update focuses more on governance, highlighting the importance of informed decision-making in cybersecurity strategy and recognizing cybersecurity as a critical enterprise risk.

Support Complete Cybersecurity Lifecycle Risk Management

The framework’s core is structured around six essential functions that provide a holistic view of the lifecycle for managing cybersecurity risk: 

• Identify
• Protect
• Detect
• Respond
• Recover 
• Govern (added with CSF version 2.0)

Expanded Implementation Resources

NIST has produced a suite of resources, including quick start guides, success stories, and a searchable catalog of information references. You can access these resources from the complete version of CSF 2.0 here.

Reference Tool Simplifies Implementation

CSF 2.0 features a new tool that lets you browse, search, and export information from the CSF in both human-consumable and machine-readable formats.

International Alignment

Now widely used globally—previous versions have been translated into 13 languages—NIST’s collaboration with the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) ensures ongoing international alignment on cybersecurity.

Recommendations from NIST 2.0

The NIST recommends taking some basic but crucial steps to advance your cybersecurity efforts.

Adopt a Governance-Based Approach

NIST encourages you to integrate cybersecurity into your overall governance practices, giving it an equal—or greater—focus relative to other enterprise risks.

Tap Into CSF Resources

NIST has developed its suite of CSF resources specifically to help you align your cybersecurity practices with your organizational needs and priorities.

Engage with the CSF Community 

NIST urges you to share your experiences and successes with the CSF, fostering a collaborative environmentthat makes the framework more usable and valuable for everyone.

Ensure Continuous Feedback and Improvement

Stakeholder feedback is a crucial component for the ongoing development of the CSF, with the NIST highly valuing your input to drive future enhancements.

Take Action Today

There’s no time like the present to improve your cybersecurity posture. And one crucial aspect of cybersecurity and data protection is backup and disaster recovery. 

To ensure your data is protected by advanced cybersecurity defenses, backed up, and quickly recovered, thanks to effective disaster recovery solutions, choose an Arcserve reseller partner.