What Key Updates Should You Be Aware Of In NIST CSF 2.0?

Kanika Aggarwal Kanika Aggarwal/ Updated: Dec 19, 2024
5 min read

The NIST CSF 2.0 is full of changes which makes it necessary and paramount to understand them. 

Even about 48% of organizations consider the NIST Cybersecurity Framework (CSF) as the most trusted framework (Source: Statista, 2023), which further explains why it is so widely used by so many. 

One of the biggest updates in the release of NIST CSF 2.0  is the increased focus on third-party and supply-chain risks, an area that was less emphasized before

For this reason, in this post, I’ve outlined those updates for you in order for your organization to prepare for the changes that are looming. 

Cybersecurity

1. Enhanced Clarity and Simplicity

Many organizations cite difficulty in understanding complex NIST protocols as a key impediment to adopting these standards. 

It appears the institute had such challenges in mind when updating its CSF 1.1 framework. 

However, the new NIST CSF 2.0 framework is remarkably easier to understand, enhancing its access to more audiences. 

A significant part of the restructuring entailed replacing niche jargon with non-technical, conventional terms. 

Besides, the NIST CSF 2.0 comes with improved learning resources and a more flexible structure.

2. Updated Categories and Subcategories 

The NIST framework originally had five key functions – Identify, Protect, Detect, Respond, and Recover – the institute retained all five key elements in the new NIST CSF 2.0. 

However, the functions now feature new categories and subcategories designed to address emerging cybersecurity threats. 

cybersecurity threats

3. Introduction of a New Function

When NIST retained all five necessary functions in its previous cybersecurity framework, the new CSF 2.0 features an extra ‘Govern’ function. 

Govern was originally a category under the Identity function, with its scope spanning the Business Environment and Governance sub-categories but it has now been promoted to its function. 

Classifying Govern as a category under the Identity function allowed organizations to pass the buck of achieving NIST compliance to external players. 

However, with the recent restructuring, managers, and executives will now take a proactive approach to adopting its protocols and ensure full compliance across their entire cybersecurity ecosystems. 

Besides, the Govern function endeavors to highlight the financial and reputational implications of cybersecurity risks. 

With the incorporation of Govern into its framework, the NIST CSF 2.0 will now be organized into the following necessary functions;

  • Govern – Spells out an organization’s cybersecurity risk management strategies and the policies to implement to achieve NIST’s standards.
  • Identify – Determines the cybersecurity threats likely to affect an organization.
  • Protect – Facilitates organizations’ ability to prevent cyber-attacks or mitigate their impacts when they occur. 
  • Detect – Identify and analyze patterns of potential cyber breaches.
  • Respond – Take effective actions to address the detected cybersecurity threats and attacks.
  • Recover – Restore your organization to full operational capabilities following a cyber-attack.

Do You Know?
The NIST Cybersecurity Framework (CSF) was developed in October 2014 to aid Organizations in building robust and secure computing systems.

The Govern function will further ensure sustainable implementation of the new NIST CSF 2.0 framework through the below categories;

  • Organizational Context (GV.OC) – Examines organizational risk management decisions.
  • Oversight (GV.OV) – Proposes significant updates and upgrades to an organization’s current risk management plan.
  • Risk Management Strategy (GV.RM) – Recommends effective risk prevention and mitigation strategies based on an organization’s risk tolerance. 
  • Roles, Responsibilities, and Authorities (GV.RR) – Defines the roles and responsibilities to foster ongoing improvements to an organization’s risk management strategies.
NIST Cybersecurity Framework

4. Expanded Industry Scope

One defining feature of the original NIST framework was the emphasis on key infrastructure. 

However, after recognizing the interconnectedness of cybersecurity, it decided to broaden its aperture to focus on more entities within global cyberspace. 

Supply chain risk management is now a central pillar of the new NIST CSF 2.0. 

Not only does implementing NIST CSF 2.0 allow organizations to prevent cyber breaches in their internal systems. 

This holistic approach also seeks to mitigate attacks on third-party entities, which could still cause devastating financial and reputational damage to interconnected businesses. 

Expanding NIST CSF 2.0 allows organizations from diverse industries (including government agencies and academic institutions) to safeguard their IT infrastructures and bolster their cybersecurity posture. 

To better understand the trends, examine the graph below, depicting Cybersecurity Standards Usage for Control Systems in Organizations Worldwide.

Cybersecurity Standards Usage for Control Systems

5. Guidance on Emerging Technologies

As part of bolstering organizations’ response to cyber threats, the updated NIST CSF 2.0 now includes guidelines on how to deploy certain emerging technologies like artificial intelligence (AI), machine learning (ML), and the Internet of Things (IoT). 

It posits that embracing these vital technologies will enhance cybersecurity resilience by improving the ability to ward off threats proactively and mitigate their impact when they occur.

Should I Embrace NIST CSF 2.0 If Already NIST CSF 1.1 Compliant?

In light of the sweeping updates in NIST’s revamped framework, it’s pivotal to embrace NIST CSF 2.0 even if you’re already compliant with the previous version.

Start by conducting a gap analysis by comparing your existing cybersecurity protocols with its framework.

If the evaluation uncovers areas for improvement, effect the required adjustments to align your cyber posture with NIST’s standards.

cyber posture with NIST’s standards

Summary

The revamped NIST CSF 2.0 aligns with the institution’s quest to bolster cybersecurity across supply chain systems and networks that handle sensitive government and private information. 

Considered the most significant update in a decade, the new framework takes a more holistic approach to cybersecurity than its earlier iteration, which focused primarily on critical infrastructure. 

Even if your organization has already adopted the previous version of it, it pays to review the NIST CSF 2.0 requirements and ensure total compliance.

Kanika Aggarwal
Kanika Aggarwal
Table of Contents
Recent Posts
How to Choose the Best Online Casino for Aussie Players
By Amit Kumar Pathak
SkyCrown Australia: A Localized Casino Experience
By Kanika Aggarwal
Top Casino Games Loved by Australian Online Gamers
By Kanika Aggarwal
Exploring WAAA-117: What You Need to Know in 2024
By Amit Kumar Pathak
Best Things You Can Do with High-End Internet Speed
By Kanika Aggarwal
Related Posts
How to Choose the Best Online Casino for Aussie Players
By Amit Kumar Pathak
d- Best Online Casino for Aussie Players
SkyCrown Australia: A Localized Casino Experience
By Kanika Aggarwal
Top Casino Games Loved by Australian Online Gamers
By Kanika Aggarwal
Exploring WAAA-117: What You Need to Know in 2024
By Amit Kumar Pathak
D-WAAA-117
Indoor Surfing Events: Competitions and Community Gatherings
By Kanika Aggarwal
d-Indoor Surfing Events
The 3 Biggest Ways That Machine Learning Predicts Stock Markets
By Amit Kumar Pathak
d-Machine Learning Predicts Stock Markets
How to Convert AI Content to Human-Like Writing: A Step-by-Step Guide
By Amit Kumar Pathak
d-Convert AI Content to Human-Like Writing
10 Essential Tips for Traveling Internationally with Your Cell Phone
By Kanika Aggarwal
d-Traveling Internationally
Why TheLaptopAdviser.com Should Be Your Go-To Resource for Tech Reviews
By Amit Kumar Pathak
LaptopAdviser
5 Techniques For Determining Work In Progress Limits
By Kanika Aggarwal
analysing work in progress limits