The National Institute of Standards and Technology’s Cybersecurity Framework (CSF) is known in cybersecurity as the gold standard framework for cybersecurity and risk guidance; it can assess and improve an organization’s ability to prevent, detect, and respond to cyber threats. Considering the evolving nature of the cybersecurity industry, NIST has published changes to NIST CSF 2.0.
NIST CSF 2.0 Mapping Updates
Changes Made to CyberStrong
CyberStrong users can now benchmark to NIST CSF 2.0. The CSF 2.0 has been added as a reference framework for reporting, and the CSF 2.0 Sub Categories have been uploaded as a public framework. One of the significant updates to the revised framework is adding a new core function, Govern. The six core functions will expand into 22 categories and 106 subcategories.
In addition, a new scoring model has been added to this framework: Partial (Tier1), Risk-Informed (Tier 2), Repeatable (Tier 3), and Adaptive (Tier 4)
Users can conduct crosswalks from CSF 2.0 to CSF 1.1, and CSF 2.0 has been mapped to NIST 800-53 Rev. 5 controls.
Differences Between CSF 1.1 and CSF 2.0
The CSF 2.0 is now a flexible guideline for all companies looking to mature their cybersecurity practices. This expansion reflects NIST's acknowledgment of the universal importance of cybersecurity and the pressing need for comprehensive cyber risk management strategies.
NIST has augmented CSF 2.0 with a suite of resources tailored to different user groups to facilitate seamless adoption and implementation. These resources range from implementation examples to quick-start guides catering to organizations' specific needs and challenges. These resources also offer implementation examples and suggest creating a community profile to connect and discuss with peers.
CyberStrong is an advanced cybersecurity risk management platform that can streamline your efforts to benchmark against the NIST CSF 2.0, NIST 800-30, NIST 800-53, and many other gold-standard frameworks.
Schedule a demo to see how CyberStrong can help you address any framework or standard, such as ISO 27001, CIS, and custom frameworks and controls. Monitor control scores automatically with patented Continuous Control Automation (CCA).
