NIST has released the NIST’s cybersecurity framework (CSF) version 2.0 for structuring organizations to be prepared for cyber threats, following the release of version 1.0 back in 2014 as per the directive from the Obama administration. This latest version aims to encompass organizations of all types and at all levels of cyber risk.
The CSF 2.0 includes real-world implementation examples, getting started guidance documents, and references to other relevant NIST standards. Additionally, it provides documentation specifically for small businesses in NIST-SP-1300 that is concise and actionable within a few pages.
The core principles of CSF 2.0 consist of 6 main parts:
– Governing Policy: Assessing organizational risk, cyber threat impacts, and security maintenance goals.
– Identify Risks: Reporting on software, hardware, and devices that pose risks; implementing adequate controls for each point and designating responsible individuals.
– Implement Protection Measures: Establishing data access levels for each employee, implementing secure controls such as changing default passwords, two-step login, device encryption, data backup, and testing backups.
– Detect Attacks: Monitoring internal system and external service behaviors, identifying attempted system logins, tracking bounced emails that were not sent out.
– Respond to Attacks: Planning on how to handle attacks; listing relevant contact personnel, and outlining legal compliance procedures in the event of a cyber incident.
– Recover Systems: Implementing a system recovery process after an attack; documenting the recovery process and involving relevant personnel, as well as communication plans during an attack.
Although the CSF has gained popularity even outside the United States, with versions 1.0 and 1.1 already translated into 13 languages.
TLDR: NIST has released the cybersecurity framework (CSF) version 2.0, providing comprehensive guidance for organizations to enhance their cyber resilience, with practical implementation examples and tailored documentation for small businesses.
Leave a Comment