Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

CyberStrong, NIST Cybersecurity Framework, Cyber Risk Management

NIST CSF 2.0: What You Need to Know About the Latest Changes


The NIST CSF was first released in 2014, and since then, it has been adopted by thousands of organizations. The NIST Cybersecurity Framework has profoundly impacted the industry by promoting consistent cybersecurity practices, fostering collaboration and information sharing, and establishing a common language and understanding of cybersecurity concepts. The ultimate goal has been improved resilience, reduced cyber threats, and a more secure digital landscape for organizations and society.

Organizations across various sectors use the NIST CSF, including government, healthcare, financial services, and manufacturing. NIST does maintain a public database of organizations that have publicly stated that they use the NIST CSF, and over 4,000 organizations are listed in the Cybersecurity Framework Users’ Community. 

Changes Made to NIST CSF

NIST periodically updates the CSF with its last update in 2018, version 1.1. Periodic revisions ensure the framework remains relevant and effective against the evolving cybersecurity threat landscape and technological changes. NIST CSF 2.0 Govern  has been long awaited and was driven by several factors, including: 

  • Changes in the threat landscape: The CSF must include measures reflecting the evolution of cyber threats to remain effective. 
  • Technological advancements: Endpoint technology, applications, and software are constantly changing. As cloud computing, AI, and IoT usage take off, the updated CSF will include changes relevant to this technology. 
  • Feedback from thought leaders: NIST considers input from leaders and stakeholders from critical industries, government, and academia. 
  • New regulations and standards: The NIST CSF was built to be aligned with other standards and frameworks, like ISO 27001 and GDPR, to enhance usage and flexibility. The revision will reflect changes made to relevant frameworks. 

NIST CSF Version 2.0 will also address critical areas, like supply chain risk management, privacy risk management, and more significant cybersecurity measures to ensure its relevance for the next decade. Considering the broad usage of the NIST CSF, the new revision will remove specific mention of critical infrastructure to emphasize the framework's applicability to organizations in any industry. NIST has also taken the step of reorganizing particular categories and sub-categories more logically. 

The New Govern Function

The new revision will add a new core function: Govern. “Govern” will focus on organizational context, risk management strategy, policies, and roles and responsibilities. In addition, this new draft will also include improvements and new categories within each core framework function - with specific emphasis on technology resilience, incident response management, and continuous improvement. 

“Adding the Govern function and making that step 1 of the available line-up is a key takeaway. It stresses the top-down approach to cybersecurity and risk management. This puts the onus on the executive leadership team to play an active part in their organization's cyber risk management program,” explained Cathy Olieslaeger, Director of Customer Success at CyberSaint.

“Whether it is to set risk management strategy, organizational risk tolerance, and risk treatment prioritization guidance, and play an active part in the life-cycle of risk management, the executive leadership responsibilities are set in this new framework," said Olieslaeger. "The buck ends with them.”

NIST will also include improvements to the guidance on framework implementation and alignment and usage for assessments. The revision builds on the NIST CSF’s proactive risk-based approach to cyber risk management and emphasizes the importance of cyber to all organizations and leaders. 

"NIST CSF 2.0 empowers businesses to up-level their cyber risk management maturity in governance by fostering a proactive approach, enabling them to anticipate and address emerging cyber threats while fostering a culture of continuous improvement,” said Jerry Layden, CEO of CyberSaint. "By incorporating NIST CSF 2.0's new principles, businesses can establish a strong foundation for making informed decisions, allocating resources, and embedding cybersecurity throughout the organization's culture and operations."

Build for the Future with CyberSaint and NIST 

With cybersecurity at the forefront of concerns for leaders, the release of NIST CSF 2.0 validates the importance of cyber risk management and also sets forth a notion of aligning different frameworks for a more cohesive approach. "Although not included in the current draft, I'm looking forward to seeing how NIST continues to better align the CSF with other NIST resources and publications," explained Steve Torino, VP of Solutions Architecture at CyberSaint. "The inclusion of a new Governance function highlights the importance of cyber risk management."

As a leading cyber risk management platform, CyberStrong is built around the NIST CSF and complements the CSF’s progressive approach to holistic and proactive cybersecurity risk management. With CyberStrong, security professionals can leverage a single interface to view real-time risk scores and keep track of NIST CSF updates

Learn more about our all-in-one cyber risk management platform and how we align with NIST CSF 2.0 in a demo

You may also like

The Ultimate Guide to Managing ...
on July 19, 2024

Cyber risk management has taken center stage for managing and assessing cybersecurity. Security professionals who have taken a risk-first approach to replacing legacy GRC tools ...

Aligning with the NIST AI RMF ...
on July 17, 2024

Artificial Intelligence (AI) is rapidly transforming industries, offering unprecedented opportunities for innovation and efficiency. However, with these advancements come ...

Tools for Empowering Continuous ...
on June 25, 2024

Continuous control monitoring relies heavily on various processes to ensure that cybersecurity platforms are effective and up-to-date. Regular audits and cybersecurity risk ...

June Product Update
on July 16, 2024

The team at CyberSaint is thrilled to announce the latest additions and updates made to the CyberStrong solution. These latest updates will empower you to benchmark your ...

How to Create a Cyber Risk ...
on June 10, 2024

In today's fast-paced digital landscape, conducting a cyber risk assessment is crucial for organizations to safeguard their assets and maintain a robust security posture. A cyber ...

Critical Capabilities of ...
on June 4, 2024

Continuous Control Monitoring (CCM) is a critical component in today's cybersecurity landscape, providing organizations with the means to enhance their security posture and ...