A Review of NIST’s Draft Cybersecurity Framework 2.0 | #hacking | #cybersecurity | #infosec | #c…>
– Natioinal Cyber Security Training Academy Corp
The article discusses the draft of the Cybersecurity Framework (CSF) version 2.0 by the National Institute of Standards and Technology (NIST).
The CSF is a set of guidelines and best practices designed to help organizations manage cybersecurity risks effectively.
The key changes introduced in CSF 2.0 include:
1. Addition of the governance function: The new governance function addresses how an organization makes decisions to support its cybersecurity strategy.
It informs and supports the other five functions of the framework.
2. Focus on supply chain risk management (SCRM): CSF 2.0 emphasizes the importance of managing cybersecurity risks associated with external parties in the supply chain.
It highlights the need for organizations to identify and prioritize suppliers based on criticality and integrate supply chain security practices into their cybersecurity and enterprise risk management programs.
3. Zero-Trust Architectures (ZTA): Although not adding a dedicated subcategory for ZTA, CSF 2.0 provides additional details on third-party risk and incorporates supply chain guidance into the governance function.
It addresses the need for planning, due diligence, and performance monitoring of supply chain security practices throughout the technology product and service life cycle.
4. Cloud security: CSF 2.0 addresses the evolving nature of cloud environments and provides organizations with guidance on defining shared responsibility models with cloud service providers.
It facilitates oversight in cloud-hosted environments through expanded governance and supply chain risk management provisions.
5. Expanded implementation guidance: CSF 2.0 offers expanded implementation examples and informative references to help organizations achieve the desired cybersecurity outcomes specified in the framework.
These resources provide action-oriented examples and reference materials to inform organizations’ approaches to cybersecurity risk management.
While CSF 2.0 represents an improvement over the previous version, the article acknowledges that it may not be sufficient to fundamentally improve the overall cybersecurity posture of organizations.
It points out that advanced technologies, expertise, and investment must be properly leveraged to effectively counter the threats posed by sophisticated adversaries.
The article suggests exploring the role of artificial intelligence (AI) in cybersecurity, including human-machine collaboration, as a potential approach to enhance cyber resilience at scale.
Comments on the CSF 2.0 draft were invited from stakeholders and will be used to develop the final version, scheduled for release in early 2024.
Link: https://www.lawfaremedia.org/article/a-review-of-nist-s-draft-cybersecurity-framework-2.0