February 29, 2024

NIST CSF 2.0 Goes Live

Paul Hastings LLP

+ Follow Contact

Send

Embed

Paul Hastings LLP

The National Institute of Standards and Technology released an updated version of its Cybersecurity Framework, CSF 2.0. earlier this week. The CSF, initially launched in 2014, is a tool developed by NIST to help private sector entities assess, remediate, and manage cyber risks throughout their organizations. The original CSF was broken into five functions, comprising the cybersecurity risk life cycle: Identify, Protect, Detect, Respond, and Recover. Each function was comprised of numerous sub-functions tied to both categories and NIST 800-53 Security controls, that enabled organizations to assess aspects of their cybersecurity programs.

Initially meant for critical infrastructure organizations, the CSF has become a globally respected standard and is now used by many types of private sector entities to help them manage their cybersecurity risks, and CSF 2.0 expressly expands the scope of the framework beyond critical infrastructure. Additionally, the Federal Information Management Security Act (FISMA) requires government agencies to comply with NIST 800-53 controls, and as a result, government contractors have used the CSF as a starting point to assess their own security programs when processing Federal agency/department personal data. Entities are allowed to take the CSF and customize it for their own needs to oversee their cybersecurity programs, assess strengths, and remediate gaps.

Some of the changes in the updated CSF include:

The addition of a sixth function. The "Govern" function focuses on management of cybersecurity risks, and assessing organizations on the people, policies, and oversight that help entities manage their cybersecurity office and program.
The development of a new reference tool that will allow users to export functions and controls for their own needs into readable formats, enabling entities to better customize assessments.
The expansion of references and guidance within the functions, providing technical details and steps for organizations take in assessing and implementing aspects of the CSF.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Paul Hastings LLP

Contact + Follow

Jeremy Berkowitz

+ Follow

John Gasparini

+ Follow

less

Published In:

Critical Infrastructure Sectors

+ Follow

Cybersecurity

+ Follow

Cybersecurity Framework

+ Follow

Data Privacy

+ Follow

Federal Contractors

+ Follow

Federal Information Security Modernization Act (FISMA)

+ Follow

NIST

+ Follow

Privacy Laws

+ Follow

Consumer Protection

+ Follow

Government Contracting

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Paul Hastings LLP on:

NIST CSF 2.0 Goes Live

Related Posts

Latest Posts

Written by:

Published In:

Paul Hastings LLP on:

"My best business intelligence, in one easy email…"