Request Demo

CyberStrong, NIST Cybersecurity Framework

NIST Announces the Upcoming Second Draft Update of the Cybersecurity Framework


The National Institute of Standards and Technology released the first version of the Cybersecurity Framework back in 2014, and it was met with excitement by organizations who saw the value in running a risk-based approach.

The document promotes best practices for information security and is being adopted or has already been adopted by over 30% of U.S. businesses to date according to Gartner. Especially in light of recent attacks, there is no better time than now for companies and other organization to protect their data from compromise using the best methods available.

For a while now, the Cybersecurity Framework has been available online for comment as NIST prepares to release its second version. CyberSaint even advertised the link on our site to promote engagement and feedback within our security community. The Cybersecurity Framework is a living document, meaning it is constantly improving and adapting as any robust security program should. Feedback from those adopting it or who plan to adopt it is critical to its success.

Interested in learning successful NIST CSF adoption strategies? Learn to simplify the Framework in our upcoming webinar "How to Simplify the NIST Cybersecurity Framework"

The main areas that will change with the second version will reflect those comments and input from security professionals and businesspeople, specifically on the use of measurements, supply-chain risks and access authentication - according to NIST’s Kevin Stine. The second draft will be available in “a few weeks” for comment in the same manner that the first draft was available.

One of the biggest hurdles to adopting the NIST Cybersecurity Framework is that of measurement.

An organization’s ability to measure their cybersecurity posture is a nice idea, but in practice it’s quite difficult to come up with an actionable method of doing so. The CSF is a set of best practices that changes as we learn more about how to run adaptive security programs, but doesn’t instruct those using its methods on how to measure their success. 

CyberSaint’s platform is the only platform that not only gives a metric for how your organization is current doing on NIST Cybersecurity Framework adoption, but also measures your adaptiveness to the Framework. CyberStrong’s recommendation engine gives you a set of plans to choose from to improve your posture weighing cost and impact, which is critical to making your budget for improving your cybersecurity program. 

Additionally, over 25 of the requirements are immediately addressed within the platform - threat monitoring, measurement, and others. The process can take a long time, as we’ve seen customers who have taken months or even a year to compile the data they need to do so. CyberStrong gets you working in just a few hours and adoption can take just weeks by using the platform's intuitive interface and intelligent recommendations.

Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption


You may also like

What Are the Benefits of the NIST ...
on October 10, 2019

The risks that come with cybersecurity can be overwhelming to many organizations. Building out a robust cybersecurity program is often complicated and difficult to conceptualize ...

Your NIST Cybersecurity Framework ...
on October 9, 2019

The National Institute of Standards and Technology developed the Framework for Improving Critical Infrastructure Cybersecurity, later dubbed the NIST Cybersecurity Framework ...

What is the CCPA and Who Must ...
on August 30, 2019

Following the European Union's General Data Protection Regulation (GDPR), and falling in line with the privacy laws of Massachusetts, Vermont, Ohio and many others, California's ...

Alison Furneaux
CISOs in the Boardroom: ...
on September 3, 2019

This week, I had the opportunity to speak at the ISACA 2019 Governance Risk and Control Conference in Ft. Lauderdale, FL. Having spent a career as both a cybersecurity ...

George Wrenn
Why GRC Needs IRM
on August 7, 2019

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day ...

Alison Furneaux
SSP and POAM Guidance for DFARS ...
on August 29, 2019

Defense federal acquisition regulation supplement (DFARS) Compliance has been top of mind for Prime contractors as well as Department of Defense (DoD) suppliers since before the ...

Alison Furneaux