Request Demo

CyberStrong, NIST Cybersecurity Framework

NIST Announces the Upcoming Second Draft Update of the Cybersecurity Framework

down-arrow

The National Institute of Standards and Technology released the first version of the Cybersecurity Framework back in 2014, and it was met with excitement by organizations who saw the value in running a risk-based approach.

The document promotes best practices for information security and is being adopted or has already been adopted by over 30% of U.S. businesses to date according to Gartner. Especially in light of recent attacks, there is no better time than now for companies and other organization to protect their data from compromise using the best methods available.

For a while now, the Cybersecurity Framework has been available online for comment as NIST prepares to release its second version. CyberSaint even advertised the link on our site to promote engagement and feedback within our security community. The Cybersecurity Framework is a living document, meaning it is constantly improving and adapting as any robust security program should. Feedback from those adopting it or who plan to adopt it is critical to its success.


Interested in learning successful NIST CSF adoption strategies? Learn to simplify the Framework in our upcoming webinar "How to Simplify the NIST Cybersecurity Framework"


The main areas that will change with the second version will reflect those comments and input from security professionals and businesspeople, specifically on the use of measurements, supply-chain risks and access authentication - according to NIST’s Kevin Stine. The second draft will be available in “a few weeks” for comment in the same manner that the first draft was available.

One of the biggest hurdles to adopting the NIST Cybersecurity Framework is that of measurement.

An organization’s ability to measure their cybersecurity posture is a nice idea, but in practice it’s quite difficult to come up with an actionable method of doing so. The CSF is a set of best practices that changes as we learn more about how to run adaptive security programs, but doesn’t instruct those using its methods on how to measure their success. 

CyberSaint’s platform is the only platform that not only gives a metric for how your organization is current doing on NIST Cybersecurity Framework adoption, but also measures your adaptiveness to the Framework. CyberStrong’s recommendation engine gives you a set of plans to choose from to improve your posture weighing cost and impact, which is critical to making your budget for improving your cybersecurity program. 

Additionally, over 25 of the requirements are immediately addressed within the platform - threat monitoring, measurement, and others. The process can take a long time, as we’ve seen customers who have taken months or even a year to compile the data they need to do so. CyberStrong gets you working in just a few hours and adoption can take just weeks by using the platform's intuitive interface and intelligent recommendations.

Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption

 

You may also like

Reading Between the Lines of NIST ...
on July 9, 2019

On June 19th, the National Institute of Standards and Technology (NIST) released the much anticipated Rev 2 of SP 800-171 and the working draft of supplement SP 800-171B. As the ...

How We're Making DFARS Compliance ...
on July 2, 2019

With the Department of Defense (DoD) making DFARS compliance a requirement for all contractors doing business with the DoD, a great amount of stress has been put on DoD ...

What to Expect from the Security ...
on June 26, 2019

Digital Society is Real, and Security and Risk Management Solutions Must Embrace Digital to be Successful Digital Society: “The collection of people and things that are engaged in ...

Alison Furneaux
Integrating GRC: Compliance, ...
on June 25, 2019

In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to ...

George Wrenn
Integrating GRC: Risk, ...
on June 19, 2019

In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to ...

Padraic O'Reilly
CyberSaint at Gartner Security and ...
on June 13, 2019

Next week, forward-thinking security and risk leaders will congregate in National Harbor for Gartner’s annual Security and Risk Management Summit. As the preeminent voice in the ...