Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

CyberStrong, NIST Cybersecurity Framework, Cyber Risk Management

NIST CSF 2.0: What You Need to Know About the Latest Changes


The NIST CSF was first released in 2014, and since then, it has been adopted by thousands of organizations. The NIST Cybersecurity Framework has profoundly impacted the industry by promoting consistent cybersecurity practices, fostering collaboration and information sharing, and establishing a common language and understanding of cybersecurity concepts. The ultimate goal has been improved resilience, reduced cyber threats, and a more secure digital landscape for organizations and society.

Organizations across various sectors use the NIST CSF, including government, healthcare, financial services, and manufacturing. NIST does maintain a public database of organizations that have publicly stated that they use the NIST CSF, and over 4,000 organizations are listed in the Cybersecurity Framework Users’ Community. 

Changes Made to NIST CSF

NIST periodically updates the CSF with its last update in 2018, version 1.1. Periodic revisions ensure the framework remains relevant and effective against the evolving cybersecurity threat landscape and technological changes. NIST CSF 2.0 Govern  has been long awaited and was driven by several factors, including: 

  • Changes in the threat landscape: The CSF must include measures reflecting the evolution of cyber threats to remain effective. 
  • Technological advancements: Endpoint technology, applications, and software are constantly changing. As cloud computing, AI, and IoT usage take off, the updated CSF will include changes relevant to this technology. 
  • Feedback from thought leaders: NIST considers input from leaders and stakeholders from critical industries, government, and academia. 
  • New regulations and standards: The NIST CSF was built to be aligned with other standards and frameworks, like ISO 27001 and GDPR, to enhance usage and flexibility. The revision will reflect changes made to relevant frameworks. 

NIST CSF Version 2.0 will also address critical areas, like supply chain risk management, privacy risk management, and more significant cybersecurity measures to ensure its relevance for the next decade. Considering the broad usage of the NIST CSF, the new revision will remove specific mention of critical infrastructure to emphasize the framework's applicability to organizations in any industry. NIST has also taken the step of reorganizing particular categories and sub-categories more logically. 

The New Govern Function

The new revision will add a new core function: Govern. “Govern” will focus on organizational context, risk management strategy, policies, and roles and responsibilities. In addition, this new draft will also include improvements and new categories within each core framework function - with specific emphasis on technology resilience, incident response management, and continuous improvement. 

“Adding the Govern function and making that step 1 of the available line-up is a key takeaway. It stresses the top-down approach to cybersecurity and risk management. This puts the onus on the executive leadership team to play an active part in their organization's cyber risk management program,” explained Cathy Olieslaeger, Director of Customer Success at CyberSaint.

“Whether it is to set risk management strategy, organizational risk tolerance, and risk treatment prioritization guidance, and play an active part in the life-cycle of risk management, the executive leadership responsibilities are set in this new framework," said Olieslaeger. "The buck ends with them.”

NIST will also include improvements to the guidance on framework implementation and alignment and usage for assessments. The revision builds on the NIST CSF’s proactive risk-based approach to cyber risk management and emphasizes the importance of cyber to all organizations and leaders. 

"NIST CSF 2.0 empowers businesses to up-level their cyber risk management maturity in governance by fostering a proactive approach, enabling them to anticipate and address emerging cyber threats while fostering a culture of continuous improvement,” said Jerry Layden, CEO of CyberSaint. "By incorporating NIST CSF 2.0's new principles, businesses can establish a strong foundation for making informed decisions, allocating resources, and embedding cybersecurity throughout the organization's culture and operations."

Build for the Future with CyberSaint and NIST 

With cybersecurity at the forefront of concerns for leaders, the release of NIST CSF 2.0 validates the importance of cyber risk management and also sets forth a notion of aligning different frameworks for a more cohesive approach. "Although not included in the current draft, I'm looking forward to seeing how NIST continues to better align the CSF with other NIST resources and publications," explained Steve Torino, VP of Solutions Architecture at CyberSaint. "The inclusion of a new Governance function highlights the importance of cyber risk management."

As a leading cyber risk management platform, CyberStrong is built around the NIST CSF and complements the CSF’s progressive approach to holistic and proactive cybersecurity risk management. With CyberStrong, security professionals can leverage a single interface to view real-time risk scores and keep track of NIST CSF updates

Learn more about our all-in-one cyber risk management platform and how we align with NIST CSF 2.0 in a demo

You may also like

April Product Update
on April 18, 2024

The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. ...

Bridging the Gap: Mastering ...
on April 22, 2024

In today's digital landscape, cybersecurity has become essential to corporate governance. With the increasing frequency and sophistication of cyber threats, the SEC has set forth ...

March Product Update
on March 21, 2024

The CyberSaint team is dedicated to advancing the CyberStrong platform to meet your cyber risk management needs. These latest updates will empower you to benchmark your ...

Empowering Cyber Risk Modeling ...
on March 20, 2024

The practice of cyber risk management is cyclical. You start by assessing your cyber risk environment. That step includes identifying risks and classifying them in buckets. Then, ...

Leveraging the Executive Dashboard ...
on March 27, 2024

In the fast-paced business world, CISOs and C-suite executives constantly juggle multiple responsibilities, from budgeting to strategic planning. However, in today's digital ...

NIST CSF 2.0 Updates in CyberStrong
on April 4, 2024

The National Institute of Standards and Technology’s Cybersecurity Framework (CSF) is known in cybersecurity as the gold standard framework for cybersecurity and risk guidance; it ...