NIST 2.0 framework – what’s new and how can it help you?

The NIST Cybersecurity Framework (CSF) helps organizations manage and reduce cybersecurity risks – whatever their size or security sophistication. Created in 2014, the guidelines have been seriously shaken up this year. NIST 2.0 streamlines the core framework document but adds lots of invaluable resources on the NIST website – including implementation examples, quick-start guides and new mappings. 

However, by far the biggest change is the addition of a new function: GOVERN. This focuses on how companies can establish, communicate and monitor their cybersecurity risk management strategy, expectations, and policy.

Let’s break it down into more manageable parts to understand what it really means for your organization. 

It’s this way to download the full document

1. Understanding & assessing your cybersecurity needs

This means working out exactly what risks you’re facing. You’ll need to discuss your current and predicted risk environment and decide how much risk you’re willing to accept. It’s a good idea to get input from across the organization and draw inspiration from – or build on – what worked well in the past. 

2. Developing your cybersecurity risk strategy

Your strategy will be based on your specific cybersecurity objectives, risk environment, and all the lessons you’ve learned. It’s important to manage, update, and discuss the strategy regularly and set clear roles and responsibilities. 

3. Establishing risk management policies

Make sure your policies take all your different obligations in account – from legal to regulatory and contractual. They should be organization-wide, repeatable, and recurring, as well as aligned with your current cybersecurity threat environment, risks and objectives. Get the policies approved by management and embed them in company culture.

4. Shaping and sharing organizational cybersecurity practices 

As the practical application of your risk management strategy, your practices need to be simple and known to everyone. Make sure they are documented and can be easily updated based on feedback or changes.

5. Acing your cybersecurity supply chain risk management 

Set a clear strategy, policy, roles and responsibilities – don’t forget suppliers, customers, and partners. Add requirements into contracts.

6. Keeping an eye on risk: continuous oversight & checkpoints

Monitor and analyze risks continuously – just as you would in finance. By leveraging the principles in the Cybersecurity Framework (CSF) 2.0, you can reduce risk and improve security, making your organization more resilient in the face of evolving cyber threats.

Maximizing potential, minimizing risk

To make the most of CSF 2.0, our consultants provide customized support to address your unique security challenges. Using our NIST Cybersecurity Framework (CSF) 2.0 assessment, you can measure your current level of maturity and identify the right target level. Our CSF 2.0 offering facilitates the seamless integration of cybersecurity strategies into broader risk management frameworks, so you can confidently navigate in a fast-changing, multi-faceted digital landscape. 

Looking to implement or optimize CSF principles? Keen to adopt an approach that focuses on collaboration, flexibility and adaptability? 

Reach out to our team to find out more