NIST updates the Cybersecurity Framework with version 2.0

The National Institute of Standards and Technology this week announced a major update to its Cybersecurity Framework, which has helped healthcare and other organizations of all sizes manage and mitigate increasingly serious cyber threats over the past decade.

NIST praises the new CSF 2.0 as the first major update to the framework since it was first published and distributed a decade ago.

The updated edition, which has been developed over the years by a wide range of stakeholders comments received on the provisional version Published last August, it is intended for a broader audience than the critical infrastructure IT and infosec leaders that the first version was originally designed for in 2014.

As ransomware attacks and other cybersecurity threats have intensified and spread, CSF 2.0 now targets “all industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations – regardless of their level of cybersecurity sophistication “, the Agency said.

NIST has expanded the CSF guidelines and created new resources to help users put CSF 2.0 into action and better align with recent developments. National Cybersecurity Strategy.

The new framework, according to NIST, places an emphasis on governance and emphasizes that “cybersecurity is a major source of business risk that senior leaders should consider alongside other risks, such as finance and reputation.”

It provides resources to help organizations new to the framework learn from others who have found success with it, and gives a series of them quick start guides and other examples based on different users and usage scenarios. And NIST is new CSF 2.0 reference tool helps IT and security leaders navigate, search and export data and details of guidance in formats readable by both human machines.

Are Cybersecurity and privacy reference toolmeanwhile, includes an “interconnected, searchable, and downloadable set of NIST guidelines that contextualize these NIST resources, including the CSF, with other popular resources.

The tool offers tips for communicating these ideas to both technical experts and the C-suite – a long-standing challenge for cybersecurity professionals at all levels – so that all stakeholders within the organization can stay coordinated.

Following a Presidential Executive Order, NIST first released the CSF in 2014 to help organizations understand, mitigate, and communicate about cybersecurity risks. The core of the framework is now organized around six key functions: Identify, Protect, Detect, Respond, and Recover, along with CSF 2.0’s newly added Govern function. When considered together, these functions provide a comprehensive view of the cybersecurity risk management lifecycle.

“The CSF has been an essential tool for many organizations, helping them anticipate and deal with cybersecurity threats,” NIST Director Laurie E. Locascio said in a statement. “CSF 2.0, which builds on previous versions, isn’t just about one document. It’s about a set of resources that can be adapted and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve .”

“Developed by working closely with stakeholders, this update reflects the latest cybersecurity challenges and management practices and aims to make the framework even more relevant to a broader group of users in the United States and beyond,” said Kevin Stine, head of NIST’s Applied Cybersecurity Division.

“As users customize the CSF, we hope they will share their examples and successes as we can amplify their experiences and help others,” Stine said. “This will help organizations, industries and even entire countries better understand and manage their cybersecurity risks.”

Mike Miliard is editor-in-chief of Healthcare IT News
Email the writer:
Healthcare IT News is a HIMSS publication.