NIST Upgrade

The NIST Cybersecurity Framework Updates to Version 2.0

At Smile IT, we’re strong believers in cyber defences built around structure and frameworks. Keeping your business secure can be daunting and overwhelming – a framework helps guide you towards better protection.

One of the more recognised Cybersecurity Frameworks of the last ten years has been NIST, and they have just upgraded to their 2.0 model. It’s a huge update that represents a transformative approach to securing digital assets and infrastructures. We want to talk today about the significant improvements on version 1, and what they mean for businesses adopting this framework.

First, a bit of background on NIST.

What is the NIST CSF?

The National Institute of Standards and Technology (NIST) released the first NIST Cybersecurity Framework (CSF) in 2014. It aimed to help organisations of all sizes understand, manage and reduce their cybersecurity risks, while growing a culture of security amongst their team.

The CSF is broken down into three main components: the Core, the Implementation Tiers, and the Profiles.

  • Core: The core represents a set of desired cybersecurity activities and outcomes. It’s organised into functions, categories, and subcategories, with aligning controls into each section.
  • Tiers: Tiers help organisations measure their implementation level of cybersecurity risk management practices. The tier levels are Partial, Risk Informed, Repeatable, and Adaptive.
  • Profiles: Profiles allow organizations to align their cybersecurity activities with their business requirements, measuring progress towards full implementation of the CSF.

NIST 2.0 has maintained this basic foundational structure, while making some critical advancements to the Core. Let’s take a look at the new Core of NIST, before we jump into other enhancements in the updated version.

The Six Core Functions of NIST 2.0NIST Cyber security

The core of the NIST CSF is organized around five primary functions: Identify, Protect, Detect, Respond, Recover and Govern. Govern is a new function, intended to help ensure cybersecurity efforts are integrated at all levels of the organisation, with an emphasis on strategic alignment. Here’s an explanation of each of the core functions:

  1. Identify: This underlines the importance of understanding cybersecurity risks in an organisational and resource context. It emphasises a proactive risk management culture, with activities including access control, awareness and training, data security and information protection.
  2. Protect: The protect function is updated to focus on current technologies and practices, helping organisations develop and implement appropriate safeguards for the delivery of critical infrastructure services. It aims to more effectively protect systems, data and networks.
  3. Detect: This leverages the latest tools and techniques to identify the occurrence of a cybersecurity event It includes continuous security monitoring, and detection processes and mechanisms.
  4. Respond: This outlines the course of action after a cybersecurity incident is detected. It advocates a structured plan incorporating communications, analysis, mitigation and improvements.
  5. Recover: This function is aimed at restoring services affected by a cybersecurity incident and helping minimise business impact.
  6. Govern: The commitment of the leadership team to cybersecurity is highlighted in the sixth function, aimed to promote a culture of cybersecurity awareness and engagement at all organisational levels.

What Else is New in NIST 2.0?

As well as the significant upgrade to the core of NIST, there are several other enhancements aimed at tackling the dynamic nature of cybersecurity threats. Here are a few of the key updates:

  1. The CSF 2.0 Reference Tool: NIST CSF 2.0 introduces a more interactive and user-friendly reference tool to help with understanding and implementing the framework. The tool is an innovative platform with improved search capabilities, solid visualisations, and intuitive navigation to assist users in finding relevant information fast.
  2. Expanded Scope: While the original CSF was focused on protecting critical infrastructure such as banks and hospitals, the 2.0 version expands the scope to organisations in any industry and of any size.
  3. Enhanced Usability: NIST has focused on making the framework more accessible and easier to use to improve adoption. You can expect clearer guidance, detailed explanations and practical examples to assist with effective implementation.
  4. New Focus on Emerging Threats: To help organisations defend themselves against the latest cyber threats, NIST places a strong emphasis on emerging threats such as ransomware, advanced persistent threats and zero-day vulnerabilities.
  5. Proactive Evolution: With cyber threats changing and growing every day, there’s a need for a continuous evolution within an organisation to combat them. The new framework aims to foster a culture of continuous cybersecurity improvement, encouraging regular reviews and updates.
  6. Integrating Privacy: NIST 2.0 acknowledge how closely linked cybersecurity and privacy area and integrates privacy considerations as a result.

Why NIST CSF 2.0 is Important

NIST 2.0 is an important step in improving the cyber-resilience of organisations across the globe. Organisations of all sizes stand to benefit from adopting this comprehensive and flexible framework, with some of the clear advantages being:

  1. The Ability to Adapt to Evolving Threats: The updated framework ensures organisations are equipped to deal with the latest cybersecurity challenges, from sophisticated attacks to new threat vectors.
  2. Improved Usability and Accessibility: With it’s wide-ranging scope and updated reference tool, this tool is much more accessible to businesses of all sizes and industries.
  3. Compliance: NIST aligned CSF 2.0 with many industry standards and regulations, which helps your organisation meet compliance requirements. Being compliant with NIST could even help you reduce your cybersecurity insurance costs.
  4. Promoting a Culture of Security: You want your whole team to be on board with maintaining a cybersecure organisation. With its common language and structured approach, NIST CSF 2.0 helps do this.
  5. Enhanced Cybersecurity Collaboration: NIST 2.0 encourages collaboration across different sectors and industries on cybersecurity. In this way it promotes the sharing of best practices and the working together towards a unified high level of protection.

Get Guidance from the Cybersecurity Experts

In a world where cyber threats are a consistent worry for businesses, the NIST Cybersecurity Framework 2.0 is a welcome update for businesses looking for solid guidance towards cyber resilience. By understanding and implementing the updated framework organisations can protect their digital assets and ensure regulatory compliance, while building a solid cybersecurity posture.

If you’re unsure what steps your organisation needs to take next to improve your cybersecurity, or if you want to chat about the new NIST CSF, get in touch with Smile IT today. Our cybersecurity team can assist with auditing your current cyber defences, identifying your vulnerabilities and advising how to improve.

Give us a ring on 1300 766 720 with all your questions!

peter drummond

When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!