Are you a NIST CSF shop?
If so, your security team is part of a global movement. Hundreds of thousands of organizations have downloaded the NIST Cybersecurity Framework (CSF) since the National Institute of Standards and Technology created it in 2014.
And it's been translated into multiple languages: Hebrew, Italian, Japanese and, Spanish, among others.
In 2018, NIST published the only major update to the framework, and now NIST says another update is coming in 2022.
What can security teams expect from the NIST CSF update? And how can they impact what it will look like?
NIST's Chief of the Applied Cybersecurity Division, Kevin Stine, spoke about the goals of the 2022 NIST CSF update at a recent conference.
"There are plenty of opportunities for us to improve the cybersecurity framework based on the changing threat landscape, based on evolutions of technologies and the different practices capabilities we all are trying to leverage and take advantage of, and really—I'd say almost just as importantly—based on the experiences of organizations that have used the cybersecurity framework," says Stine.
Nextgov says he also revealed three areas of focus for the coming CSF update:
NIST will ask for the information security community's input in early 2022, and we'll let you know when that happens.
And while we look forward to a NIST cybersecurity framework update in the near future, our SecureWorld News team also wondered something else.
How did the NIST CSF get started and what was its original goal?
The answer: it was developed for critical infrastructure.
"Although the Cybersecurity Framework was developed initially with a focus on our critical infrastructure, such as transportation and the electric power grid, today it is having a much broader, positive impact in this country and around the world,” says Walter Copan, who is the former NIST Director.
One thing we've heard repeatedly from CISOs and cybersecurity professionals at SecureWorld conferences is that the NIST CSF is extremely practical. One example of this "practicality" is how it maps to attacks.
Here are five ways the NIST CSF maps to an attack:
Do you already have ideas on how the NIST CSF could become better in 2022? Let us know in the comments below. [Note: all comments take a few minutes to appear.]