{"id":9697,"date":"2024-03-01T14:41:13","date_gmt":"2024-03-01T22:41:13","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=9697"},"modified":"2024-03-19T22:07:39","modified_gmt":"2024-03-20T06:07:39","slug":"nist-cybersecurity-framework-2-0-published","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/nist-cybersecurity-framework-2-0-published\/","title":{"rendered":"NIST Cybersecurity Framework 2.0 Published"},"content":{"rendered":"

On February 26, 2024, National Institute of Standards and Technology (NIST) unveiled the eagerly awaited NIST CSF 2.0<\/a>, the first major update since 1.1 was released in 2018.<\/p>\n

The NIST Cybersecurity Framework (CSF) was officially released in 2014, and became a landmark guidance framework for reducing cybersecurity risk around the world. Developed by NIST, this framework provided a structured approach to managing and mitigating cybersecurity risks. It offered a common language, actionable guidelines, and a flexible framework that organizations could adapt to their particular situations.\u00a0<\/p>\n

Why the update? The answer lies in the ever-evolving threat landscape. Cyberattacks have become more sophisticated, persistent, and diverse. Threat actors exploit vulnerabilities across interconnected systems, and organizations grapple with an expanding attack surface. The NIST CSF 2.0 responds to these challenges by incorporating lessons learned, emerging best practices, and real-world experiences. It\u2019s a dynamic response to a dynamic threat environment.<\/p>\n

Version 2.0 brings notable enhancements, such as:<\/p>\n

    \n
  1. Expanded Scope<\/b>:\u00a0 While the original CSF was targeted to protect critical infrastructure, the update is intended to provide guidance for all organizations and industries.<\/li>\n
  2. Governance Function<\/b>: NIST CSF 2.0 adds a new Govern function to better emphasize the importance of elevating cybersecurity to the board and C-suite.<\/li>\n
  3. Supply Chain Security<\/b>: The updated framework adds additional focus on the critical role of supply chains and the need for organizations to consider the security of their suppliers, partners, and third-party vendors.<\/li>\n
  4. Expanded Resources<\/b>: NIST has updated or expanded the supplementary resources available to companies, including CSF Organizational Profiles<\/a>, Quick Start Guides<\/a>, Informative References<\/a>, and Implementation Examples<\/a>.\u00a0\u00a0\u00a0\u00a0<\/li>\n<\/ol>\n

    One important theme in the NIST CSF is the criticality of threat intelligence and threat hunting capabilities in an organization\u2019s cybersecurity defenses. Organizations should understand their inventory of assets, actively seek out indicators of compromise, analyze threat patterns, and stay ahead of potential attacks. A few highlights:<\/p>\n

    IDENTIFY (ID):<\/b> The organization\u2019s current cybersecurity risks are understood<\/p>\n