Connect with us

Hi, what are you looking for?

Cyber Security

Updated NIST cyber framework focuses on on governance

The National Institute of Standards and Technology is seeking public feedback on its revamped Cybersecurity Framework, which includes guidance on operationalizing cyber best practices.

The National Institute of Standards and Technology launched the first draft of its  Cybersecurity Framework 2.0, featuring big changes in its scope and guidance that emphasize flexible recommendation implementation.

NIST added a sixth pillar to the framework’s recommended cybersecurity program. In addition to the previous five — which remain “Recover,” “Identify”, “Respond,” “Detect,” and “Protect” — the updated framework includes a “Govern” component to all organizations’ internal cybersecurity posture.

This new function aims to promote new framework integration methods and refocus the process on individuals’ roles and responsibilities in an organization’s cybersecurity risk management posture. 

“With this update, we are trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well,” Cherilyn Pascoe, the framework’s lead developer, said in the press release. “The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful everywhere from schools and small businesses to local and foreign governments. We want to make sure that it is a tool that’s useful to all sectors, not just those designated as critical.”

Other major updates to the 1.1 version of the framework aim to clarify how to assess and measure cybersecurity improvement in an organization’s digital system, a change that echoes the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Strategic Plan, unveiled last week. 

NIST’s new framework also promotes the integration of other guidance documents into an entity’s cybersecurity posture, such as the Artificial Intelligence Risk Management Framework and Secure Software Development Framework. 

The Cybersecurity Framework 2.0 is still a voluntary set of best practices that organizations of any size and industry can adopt, and not a regulatory regime. To facilitate adoption, NIST expanded guidance on implementing more bespoke Framework Profiles. NIST profiles help establish more custom roadmaps for organizations by marrying their individual business requirements and resources with NIST’s cybersecurity outcomes.

“Many commenters said that we should maintain and build on the key attributes of the CSF, including its flexible and voluntary nature,” said Pascoe. “At the same time, a lot of them requested more guidance on implementing the CSF and making sure it could address emerging cybersecurity issues, such as supply chain risks and the widespread threat of ransomware. Because these issues affect lots of organizations, including small businesses, we realized we had to up our game.”

Comments on the Cybersecurity Framework 2.0 are open to the public until November 4, 2023. Following this comment period, NIST said it does not plan to issue another draft, and a forthcoming workshop on the framework will be announced this fall. The final version is slated to be released in early 2024.

Source: https://www.nextgov.com/cybersecurity/2023/08/updated-nist-cyber-framework-focuses-governance/389225/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

Despite recent improvements, a watchdog report claims the agency still has more it can do to make threat-sharing policies more effective. Though the Federal...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO