Public Draft: The NIST Cybersecurity Framework 2.0

Nueva version 2.0 del NIST cybersecurity framework (CSF) | Ciberseguridad en Linea

The NIST Cybersecurity Framework (CSF) is an integrated set of standards, best practices, and guidelines created by the NIST (National Institute of Standards and Technology) to assist organizations manage and improve their cybersecurity risk management processes. The framework provides a flexible and voluntary approach that organizations can use to assess and strengthen their cybersecurity posture by outlining a series of steps and activities across core functions. It provides a set of categories and subcategories for each function, along with a set of informative references that can help organizations implement the framework in their specific context. It serves as a common language for organizations to communicate and collaborate on cybersecurity risk management.

 

NIST Cybersecurity Framework 2.0

NIST Cybersecurity Framework (CSF) 2.0 is the latest revision of NIST CSF 1.1 that includes the six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. These functions help organizations manage and reduce cybersecurity risk more quickly and effectively.

Govern is a new core function introduced to NIST CSF 2.0; it was formerly a category of identify function. The objective of the NIST CSF 2.0 framework is to emphasize the importance of governance within organizations and supply chain risk management, assisting organizations in mitigating third-party risks. The framework incorporates several updates and enhancements based on feedback from stakeholders, cybersecurity experts, and industry partners. Its purpose is to enhance consistency with national and international cybersecurity standards and practices, provide clarity, and manage changes in technology and risks.

The NIST Cybersecurity Framework 2.0 Core focuses on the following:

  • It focuses on cybersecurity outcomes relevant to all organizations, eliminating language specific to core critical infrastructure.
  • It focuses on cybersecurity governance via a new govern function covering organizational context, risk management strategy, roles and responsibilities, and policies and procedures.
  • It focuses on cybersecurity supply chain risk management, an increasingly crucial component of cybersecurity, including guidance on identifying and managing risks associated with third-party suppliers and vendors.
  • It emphasizes the outcomes focused on the govern, identify, and protect functions for the prevention of cybersecurity issues, as well as the detection and reaction to incidents through the detect, respond, and recover functions.
  • It emphasizes cybersecurity incident response management, including the significance of incident forensics, through new categories in the respond and recover functions.
  • It focuses on the technological infrastructure’s resilience via a new protect function category.
  • It encourages continual improvement through a new improvement category in the identify function.
  • It emphasizes leveraging the integration of people, processes, and technology to protect assets across all categories in the protect function.

To get the latest up-to-date details on the NIST Cybersecurity Framework 2.0, we recommend referring to the NIST Cybersecurity Framework page (www.nist.gov/cyberframework) or the Discussion Draft of the NIST Cybersecurity Framework 2.0 Core.

Check out the related article: What is the NIST Cybersecurity Framework?

Comments

Post a Comment

Popular posts from this blog

Are your Business Critical Servers Mining Cryto?

Image
Cryptocurrency mining, also known as crypto mining, is the process of validating transactions and adding them to the blockchain by solving complex mathematical puzzles. Miners use powerful computer hardware to perform these calculations, and in return for their efforts, they are rewarded with newly minted cryptocurrency coins. However, in some cases, crypto mining can be conducted without the owner's consent, leading to unauthorized usage of computing resources, known as crypto mining on servers. Mitigating unauthorized crypto mining on servers involves several steps to detect, prevent, and address such activities:   Monitoring and Detection : Regularly monitor server performance and resource usage. Sudden spikes in CPU usage, memory usage, and energy consumption can be indicators of crypto mining. Use monitoring tools and software that can identify abnormal behavior and patterns indicative of unauthorized mining activities. Regular Software Updates : Keep server operating system
Read more

How organizations can defend themselves against cyber risk

Image
    Cyber insurance, once viewed as a desirable security accessory, has evolved into an incident response and business resilience lifeline. As cybercrime continues to leave mass financial and operational destruction in its wake, protecting the bottom line and ensuring business continuity following such events has captivated the attention of executive leadership, and propelled the demand for cyber insurance. Regulatory compliance and increased scrutiny from customers have also forced this level of urgency. Not only has there been an influx of applications for cyber insurance but also a tidal wave of organizations actively using their coverage. Research from Delinea found that 80% of organizations have leveraged their coverage at least once , and more than half of that group has used it on more than one occasion. With the average cost of a data breach reaching astronomical amounts ($4.35 million according to IBM), insurers are not only raising rates but also tightening requir
Read more

5 ways to protect your Infrastrcture security

Image
Protecting your infrastructure security is crucial to safeguard sensitive information, prevent cyberattacks, and maintain the integrity of your systems. Here are five important ways to enhance infrastructure security:   Network Security : Firewalls : Implement both hardware and software firewalls to filter incoming and outgoing traffic, blocking unauthorized access and potential threats. Intrusion Detection and Prevention Systems (IDPS) : Set up IDPS solutions to detect and mitigate suspicious activities in real-time. Network Segmentation : Divide your network into segments to limit lateral movement for attackers and contain potential breaches. Virtual Private Networks (VPNs) : Use VPNs to encrypt data transmission between remote locations and your infrastructure, ensuring secure communication. Access Control and Authentication : Multi-Factor Authentication (MFA) : Require multiple forms of authentication, such as passwords and biometrics, to add an extra layer of security. Role-Based
Read more