Skip to content

NIST CSF 2.0 – Key updates, industry response, and INTECH’s alignment

Cybersecurity Framework

On February 26, 2024, the U.S. National Institute of Standards and Technology (NIST) released an updated version of its Cybersecurity Framework (CSF). CSF 2.0 is a set of guidelines for organizations of all sizes and sectors for overcoming cybersecurity risks. This new 2.0 edition extends its reach beyond critical infrastructure to address cybersecurity challenges across the board. With an expanded scope and a focus on governance and supply chain security, CSF 2.0 aims to assist all organizations in understanding, reducing, and communicating cybersecurity risks, regardless of their size or sector.

Key updates in CSF 2.0

Expanded Scope:

Unlike its first release, which primarily focused on critical infrastructure, CSF 2.0 now extends its reach to incorporate cybersecurity beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. This expansion reflects NIST’s commitment to making the framework accessible and beneficial to a wider range of industries.

Govern function:

CSF 2.0 introduces a newly added Govern function (GV), complementing the existing 5 functions: Identify (ID), Protect (PR), Detect (DE), Respond (RS), and Recover (RC). It encompasses the formulation, communication, and oversight of the organization’s cybersecurity risk management strategy and policies. It plays a crucial role in guiding the organization towards achieving and prioritizing outcomes across all other functions within the framework. By understanding the organization’s context and stakeholder expectations, GV facilitates the integration of cybersecurity into the broader enterprise risk management (ERM) strategy. Key activities within GV include defining cybersecurity strategy, managing cybersecurity supply chain risks, delineating roles and responsibilities, establishing policies, and overseeing the implementation of cybersecurity measures.

Improved Guidance on Implementation:

The new draft provides improved and expanded guidance on implementing the CSF, particularly in creating profiles tailored to specific situations. Implementation examples for each function’s subcategories are included to assist organizations, especially smaller firms, in effectively utilizing the framework.

  1. Integration with Other Frameworks:
    The CSF 2.0 Reference Tool, introduced as part of the CSF 2.0 update, represents a significant step forward in streamlining the implementation of the Cybersecurity Framework (CSF) for organizations. This tool enables users to effortlessly browse, search, and export data from the CSF’s core guidance in both human-consumable and machine-readable formats.
  2. Searchable catalog and CPRT:
    CSF 2.0 introduces a searchable catalog of informative references, allowing organizations to cross-reference their current actions with the CSF. This catalog enables organizations to cross-reference the guidance provided by the CSF with over 50 additional cybersecurity documents, for achieving specific cybersecurity outcomes.Cybersecurity and Privacy Reference Tool (CPRT) offers an interrelated, browsable, and downloadable set of NIST guidance documents. This facilitates communication across all levels of an organization, from technical experts to the C-suite, by contextualizing NIST resources, including the CSF, with other popular resources.

Global Outreach and Collaboration:

NIST’s collaboration with the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) has enabled the alignment of multiple cybersecurity documents. This collaboration not only enhances global cybersecurity standards but also allows organizations worldwide to develop frameworks and controls using CSF functions. With translations of CSF 2.0 expected to be available in multiple languages, NIST aims to promote international alignment in cybersecurity practices and standards.

Industry feedback

Industry leaders have offered diverse perspectives on CSF 2.0. While many commend its enhancements and emphasis on governance, some suggest areas for improvement. Suggestions include a deeper focus on risk transfer and quantification, broader considerations beyond networking infrastructure, and a more proactive approach to detection and response.

Moreover, the feedback highlights the importance of adapting cybersecurity strategies to evolving digital landscapes and integrating identity management into security frameworks. Overall, CSF 2.0 is seen as a valuable tool for organizations navigating complex cyber risks, offering a flexible structure adaptable to diverse needs, and fostering a culture of cybersecurity at all levels of an organization.

How does INTECH align with CSF 2.0

By offering tailored consultancy services and robust implementation solutions, INTECH empowers clients to navigate the complexities of cybersecurity risk management effectively, thereby fostering resilience and reliability in their operations.

Through our OT Cybersecurity Consultancy services, we offer collaborative engagement, assisting clients in developing robust strategies, policies, and governance frameworks tailored to their specific operational technology (OT) environments. By aligning these strategies with the principles outlined in the CSF 2.0, INTECH ensures that clients not only meet industry standards but also adapt to emerging threats effectively. This approach empowers organizations to proactively safeguard their OT assets, thus enhancing their overall cybersecurity posture.

INTECH’s OT Cybersecurity Implementation enables clients to deploy, remediate, and maintain sophisticated cybersecurity systems and assets. By integrating CSF 2.0 principles into the implementation process, INTECH ensures that clients’ OT environments are fortified against a wide range of cyber threats. Whether it involves deploying advanced intrusion detection systems, segmenting OT networks, or conducting regular security assessments, INTECH’s comprehensive approach to implementation aligns with the holistic framework advocated by NIST.

Back To Top