What Changed? - NIST Cybersecurity Framework 2.0
Вставка
- Опубліковано 25 лют 2024
- The final update to the NIST Cybersecurity Framework 2.0 is here! Check out this video to learn about what changed and where to dig in!
Presented by Kelly Hood, CISSP (@KellyHood_)
Optic Cyber Solutions strives to help organizations identify and address their blind spots through our assessment, implementation, and advising services. For more information about Optic Cyber Solutions and how we can help you integrate the CSF update or conduct a CSF gap assessment, reach out at Info@OpticCyber.com or check out our website at www.OpticCyber.com!
Video: Overview - NIST Cybersecurity Framework 2.0
• Overview - NIST Cybers...
Video: Profiles - NIST Cybersecurity Framework 2.0
• Profiles - NIST Cybers...
Video: Do I Measure Up? NIST Cybersecurity Framework 2.0
• Do I Measure Up? - NIS...
CSF 2.0 Maturity & Progress Tracker (MaPT):
optic-cyber-solutions-4382801...
CSF 2.0 Profile Template:
43828014.hs-sites.com/nist-cyb...
The NIST Cybersecurity Framework (CSF) 2.0:
nvlpubs.nist.gov/nistpubs/CSW...
Quick Start Guides:
www.nist.gov/cyberframework/n...
CSF 2.0 Profiles:
www.nist.gov/cyberframework/c...
Informative References:
www.nist.gov/cyberframework/c...
Cybersecurity & Privacy Reference Tool (CPRT):
csrc.nist.gov/projects/cprt/c...
CSF 2.0 Reference Tool:
csrc.nist.gov/Projects/Cybers...
CSF 2.0 Website:
www.nist.gov/cyberframework
CForum Community:
/ 8184993 - Наука та технологія
thank you for providing a great 'bridge' between v1.1 -> v2.0 - very helpful
Thanks for the "cut to the chase" approach. Very good!
Thanks for taking the time to break this down and provide details of changes
glad this video popped up in my algo. I am taking the CISSP in two weeks. very helpful.
Thank you Kelly for this helpful summary on NIST CSF 2.0!
Love the videos. They have all been very helpful and no nonsense, just straight to the point and informative! Thank you!
Thanks for the great and significant explanation on the frameworks differences.
Great and concise explanation Kelly. Congrats and thanks for sharing!
Thank you Kelly!
Thank you for the update. I am currently trying to understand this better as I would like to get into a GRC position.
Thanks Kelly! Great overview
This is a great overview. Thanks for sharing
such a useful overview, thank you!
Many thanks for you sharing 😀
Thank you 🙏🏻
Wonderful video congrats
great review Kelly
Awesome video!
This Video explains the Changes to the Framework. 13:20 is basically all you need to know
❤
Great Content , Thanks for the details. Could you please recommend from where to do NIST certification? Thanks
While NIST doesn't provide "certification" criteria for the CSF, there are companies that provide training for individual certifications as well as others that conduct CSF program assessments. Optic Cyber Solutions would be happy to conduct a CSF assessment of your cybersecurity program - please reach to Info@OpticCyber.com for more information!
Hey,
Quick question.
If we have NIST CSF implemented in the organization then do we need to implement Govern as well or its not mandatory and needed?
The CSF is intended to be flexible for companies to implement in a way that works best for them. Therefore, you could choose to tailor the new Govern Function out; however, this area was expanded to emphasize the need for having a cybersecurity strategy to help manage cybersecurity risk and drive cyber resilience.
Thanks Kelly, can you share slide ?
Yes, no problem. If you can send an email to Info@OpticCyber.com, we'll send the slides over!
Are there subcategories that carry overt from 1.0? For example, in every list they've published, under Identify's Risk assessment it goes ID.RA-01, 02, 03, 04, and 05 then skips to ID.RA-07. Does this mean that the ID.RA-06 remains unchanged?
They haven't published a detailed mapping of how the Subcategories were moved around, but if you check out the Discussion Draft released last April, it will give you a starting point since it does include that level of detail (www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf).
In the example you provided, ID.RA-06 is still included in the updated CSF 2.0, but has had some wording changes to expand it's outcome.
thank you for the response, also my mistake in my example I meant to use ID.AM, ID.AM jumps from -05 to -07@@OpticCyber
that doc is exactly what I needed, much appreciated!@@OpticCyber
@@herpderp1238Glad to help! In the case of ID.AM-06, it was removed and the concepts are now included under the new GV.RR.
What type of appliance is commonly used for NIST cybersecurity?
There are many Governance, Risk, and Compliance (GRC) tools that track cybersecurity governance against the CSF to help ensure you have appropriate coverage for the CSF. Additionally, they provide processes for helping align business risk to the CSF enabling you to ‘right-size’ your capabilities to properly manage risk. Additionally, CSF Profiles are a great way tool to help implement the CSF.
Is NIST CSF v1.1 retired now?
The Cybersecurity Framework v1.1 has been archived on NIST's website now that v2.0 has been released. NIST is recommending that companies use v2.0 moving forward; however, since the CSF isn't a compliance standard v1.1 can still be used if desired.