NIST Announces the Upcoming Second Draft Update of the Cybersecurity Framework
The National Institute of Standards and Technology released the first version of the Cybersecurity Framework back in 2014, and it was met with excitement by organizations who saw the value in running a risk-based approach.
The document promotes best practices for information security and is being adopted or has already been adopted by over 30% of U.S. businesses to date according to Gartner. Especially in light of recent attacks, there is no better time than now for companies and other organization to protect their data from compromise using the best methods available.
For a while now, the Cybersecurity Framework has been available online for comment as NIST prepares to release its second version. CyberSaint even advertised the link on our site to promote engagement and feedback within our security community. The Cybersecurity Framework is a living document, meaning it is constantly improving and adapting as any robust security program should. Feedback from those adopting it or who plan to adopt it is critical to its success.
Interested in learning successful NIST CSF adoption strategies? Learn to simplify the Framework in our upcoming webinar "How to Simplify the NIST Cybersecurity Framework"
The main areas that will change with the second version will reflect those comments and input from security professionals and businesspeople, specifically on the use of measurements, supply-chain risks and access authentication - according to NIST’s Kevin Stine. The second draft will be available in “a few weeks” for comment in the same manner that the first draft was available.
One of the biggest hurdles to adopting the NIST Cybersecurity Framework is that of measurement.
An organization’s ability to measure their cybersecurity posture is a nice idea, but in practice it’s quite difficult to come up with an actionable method of doing so. The CSF is a set of best practices that changes as we learn more about how to run adaptive security programs, but doesn’t instruct those using its methods on how to measure their success.
CyberSaint’s platform is the only platform that not only gives a metric for how your organization is current doing on NIST Cybersecurity Framework adoption, but also measures your adaptiveness to the Framework. CyberStrong’s recommendation engine gives you a set of plans to choose from to improve your posture weighing cost and impact, which is critical to making your budget for improving your cybersecurity program.
Additionally, over 25 of the requirements are immediately addressed within the platform - threat monitoring, measurement, and others. The process can take a long time, as we’ve seen customers who have taken months or even a year to compile the data they need to do so. CyberStrong gets you working in just a few hours and adoption can take just weeks by using the platform's intuitive interface and intelligent recommendations.