Year-End Learning Carnival: Get Free Courses and Up to 50% off on Career Booster Combos!
D H M S

NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework (CSF) is an integrated set of standards, best practices, and guidelines created by the NIST (National Institute of Standards and Technology) to assist organizations manage and improve their cybersecurity risk management processes. The framework provides a flexible and voluntary approach that organizations can use to assess and strengthen their cybersecurity posture by outlining a series of steps and activities across core functions. It provides a set of categories and subcategories for each function, along with a set of informative references that can help organizations implement the framework in their specific context. It serves as a common language for organizations to communicate and collaborate on cybersecurity risk management.

NIST Cybersecurity Framework

NIST Cybersecurity Framework 2.0

NIST Cybersecurity Framework (CSF) 2.0 is the latest revision of NIST CSF 1.1 that includes the six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. These functions help organizations manage and reduce cybersecurity risk more quickly and effectively.

 

NIST Cybersecurity Framework 2.0

Govern is a new core function introduced to NIST CSF 2.0; it was formerly a category of identify function. The objective of the NIST CSF 2.0 framework is to emphasize the importance of governance within organizations and supply chain risk management, assisting organizations in mitigating third-party risks. The framework incorporates several updates and enhancements based on feedback from stakeholders, cybersecurity experts, and industry partners. Its purpose is to enhance consistency with national and international cybersecurity standards and practices, provide clarity, and manage changes in technology and risks.

The NIST Cybersecurity Framework 2.0 Core focuses on the following:

  • It focuses on cybersecurity outcomes relevant to all organizations, eliminating language specific to core critical infrastructure.
  • It focuses on cybersecurity governance via a new govern function covering organizational context, risk management strategy, roles and responsibilities, and policies and procedures.
  • It focuses on cybersecurity supply chain risk management, an increasingly crucial component of cybersecurity, including guidance on identifying and managing risks associated with third-party suppliers and vendors.
  • It emphasizes the outcomes focused on the govern, identify, and protect functions for the prevention of cybersecurity issues, as well as the detection and reaction to incidents through the detect, respond, and recover functions.
  • It emphasizes cybersecurity incident response management, including the significance of incident forensics, through new categories in the respond and recover functions.
  • It focuses on the technological infrastructure’s resilience via a new protect function category.
  • It encourages continual improvement through a new improvement category in the identify function.
  • It emphasizes leveraging the integration of people, processes, and technology to protect assets across all categories in the protect function.

To get the latest up-to-date details on the NIST Cybersecurity Framework 2.0, we recommend referring to the NIST Cybersecurity Framework page (www.nist.gov/cyberframework) or the Discussion Draft of the NIST Cybersecurity Framework 2.0 Core.

Check out the related article: What is the NIST Cybersecurity Framework?

How can InfosecTrain help?

Enroll in InfosecTrain’s CISSP and CRISC training courses. These valuable cybersecurity certifications provide you with a broader understanding of cybersecurity principles and risk management, which are relevant to understanding and implementing the NIST CSF. These certifications offer comprehensive knowledge and skills for managing and securing information systems in various organizational contexts. We provide structured learning, expert guidance, and resources to help individuals prepare effectively for CISSP and CRISC certifications.

CRISC

TRAINING CALENDAR of Upcoming Batches For CRISC

Start Date End Date Start - End Time Batch Type Training Mode Batch Status
18-Jan-2025 15-Feb-2025 09:00 - 13:00 IST Weekend Online [ Open ]
01-Mar-2025 05-Apr-2025 20:00 - 23:00 IST Weekend Online [ Open ]
My Name is Ruchi Bisht. I have done my BTech in Computer Science. I like to learn new things and am interested in taking on new challenges. Currently, I am working as a content writer in InfosecTrain.
Your Guide to ISO IEC 42001
TOP
whatsapp