Безпечна інтеграція в майбутнє


Безпечна інтеграція в майбутнє

Secured integration to the future

Secured integration to the future

NIST CSF 2.0: Six Cybersecurity Functions

Майстер-клас: секрети випікання найсмачніших млинців!

05.04.2024
In a world where cyber threats evolve daily, robust cybersecurity has never been more critical. To provide organizations of all sizes and types with a foundation for implementing protection against cyber threats, the NIST CSF was created — a universal framework for cybersecurity risk management. In 2022, Gartner's report showed that NIST CSF became a top cybersecurity risk management framework. In February 2024, the standard was updated to version 2.0 and we will explore all significant innovations in this article.
NIST CSF is a cybersecurity framework developed by the National Institute of Standards and Technology of the United States, aimed at supporting organizations in the process of cybersecurity risk management.

The NIST CSF standard is voluntary for implementation. However, if a company aims to demonstrate its commitment to information security or improve its actual cybersecurity posture, an audit for compliance will help clearly understand, plan, and prioritize necessary steps to achieve a reliable level of cyber defence.
For instance, the USAID Cybersecurity Activity implements a Program for diagnosing the cybersecurity status of critical infrastructure operators based on the NIST Cybersecurity Framework methodology.
Since its inception in 2014 and update to version 1.1 in 2018, the NIST CSF has significantly changed. In February 2024, NIST introduced a new version of the standard, 2.0. This marks the first significant update in a decade, bringing substantial additions and modifications.
The new format of NIST CSF aims to unify cybersecurity functions so that organizations of various industries and sizes can conveniently utilize them to develop information security.

Illustration

The NIST CSF 2.0 introduces a new function called "Governance." This function underscores the importance of managerial aspects in cybersecurity risk management. It assists organizations in setting priorities and achieving goals identified by the other five functions: "Identify," "Protect," "Detect," "Respond," and "Recover." Focusing on governance enables organizations to gain a comprehensive understanding of cybersecurity. CSF 2.0 demonstrates how threats impact IT infrastructure, data, and overall business, including financial and reputational risks.
For effective implementation of the Governance function, CSF 2.0 offers the following categories:● Organizational Context (GV.OC), which pertains to organizational risk management decisions;● Oversight (GV.OV), allowing continual refinement and adjustment of the organization's risk management strategy;● Risk Management Strategy (GV.RM), supporting operational risk management decisions based on the organization's risk tolerance and other factors;● Roles, Responsibilities, and Authorities (GV.RR), establishing clearly defined roles and responsibilities to drive continuous improvement and consistent performance evaluation.
Additionally, the new framework incorporates the latest guidelines published by NIST and other sources on emerging threats and technologies, such as artificial intelligence. CSF 2.0 can be used alongside the NIST AI Risk Management Framework, published in January 2023.
With the update to NIST CSF 2.0, accompanying implementation tools have been introduced.
NIST aims to streamline the adoption of CSF 2.0 by providing a set of supportive tools and resources. Special attention is given to the Quick Start Guide (QSG) to ensure relevance and easy access to NIST CSF for organizations of all sizes.
NIST Director, Laurie E. Locascio, noted in her statement that CSF 2.0 is a suite of resources that can be tailored and used individually or in combination at every stage of an organization's development to address changes in its cybersecurity needs.
Moreover, the new edition of NIST CSF offers implementation examples and an information catalogue that is regularly updated and available online. Furthermore, the introduction of organizational profiles in the framework allows for faster implementation of security measures, as enterprises can define their current and target cybersecurity profiles.


Call Us

+38 (044) 390 81 90

Write Us

moc.tsilaicepsti-ym%40olleh

Meet for coffee

Sigma Business Center,Vatslav Havel Boulevard, 6, building 3,Ukraine, Kyiv, 03124


Call Us

+38 (044) 390 81 90

Write Us

moc.tsilaicepsti-ym%40olleh

Meet for coffee

Sigma Business Center,Vatslav Havel Boulevard, 6, building 3,Ukraine, Kyiv, 03124

Illustration


Зателефонувати

+38 (044) 390 81 90

Написати

moc.tsilaicepsti-ym%40olleh

Приїхати на каву

Бізнес-центр Sigma,
бульвар Вацлава Гавела, 6, корпус 3,
Україна, Київ, 03124

Illustration


Зателефонувати

+38 (044) 390 81 90

Написати

moc.tsilaicepsti-ym%40olleh

Приїхати на каву

Бізнес-центр Sigma,
бульвар Вацлава Гавела, 6, корпус 3,
Україна, Київ, 03124