Quick Take
The newly released NIST Cybersecurity Framework (CSF) 2.0 introduces key changes to enhance cybersecurity governance and supply chain risk management. IT security leaders should prioritize aligning their current cybersecurity practices with the new framework, including the addition of the new Govern function.
Why You Should Care
Expanded Governance Emphasis: The new CSF 2.0 includes a sixth function, Govern, highlighting the importance of managing cybersecurity as a core business risk. This update encourages senior IT security leadership to take a proactive role in overseeing cybersecurity strategies and aligning security with broader business goals.
Supply Chain Risk Management: CSF 2.0 also emphasizes cybersecurity supply chain risk management (C-SCRM), reflecting the growing threat landscape. Organizations are encouraged to develop and implement a comprehensive C-SCRM program to address risks from suppliers, partners, and service providers, thereby enhancing resilience.
What You Should Do Next
Review and update your organization's current cybersecurity framework to align with CSF 2.0. Start by developing a transition plan that addresses changes like the new Govern function and supply chain risk management, and leverage NIST’s resources for guidance.
Get Started
Ensure your transition plan includes: detailed timelines, specific actions, and assigned roles to facilitate accountability and smooth implementation across the organization.
Conduct a needs assessment to identify gaps between current practices and CSF 2.0. Engage key stakeholders in the assessment process to gain a comprehensive understanding of the current cybersecurity posture and prioritize areas for improvement.
Leverage NIST's resources to enhance your organization's cybersecurity framework. Utilize informative references, quick-start guides, and implementation examples provided by NIST to streamline the adoption process and ensure best practices are followed.