Careers Form

" " indicates required fields

First name* 
Last name* 
This field is hidden when viewing the form
Max. file size: 256 MB.
Max. file size: 256 MB.
Untitled

We're committed to protect your privacy. C2A Security uses the information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy .

Office Administrator

  • Products
    • EVSec Platform
    • EVSec Analysis
    • EVSec BOM & Vulnerability Management
    • EVSec Attacker
    • EVSec Network & Endpoint Protection
    • EVSec SOC Enrichment & Analytics
    • EVSec AutoSynth AI
  • Use Cases
    • Medical and Healthcare
  • Integrations
  • Blog
  • Company
    • About
    • Events
    • Careers
  • Contact
  • Schedule a Demo
  • English
    • 简体中文
  • Products
    • EVSec Platform
    • EVSec Analysis
    • EVSec BOM & Vulnerability Management
    • EVSec Attacker
    • EVSec Network & Endpoint Protection
    • EVSec SOC Enrichment & Analytics
    • EVSec AutoSynth AI
  • Use Cases
    • Medical and Healthcare
  • Integrations
  • Blog
  • Company
    • About
    • Events
    • Careers
  • Contact
  • Schedule a Demo
  • English
    • 简体中文

NIST Updates its Cybersecurity Framework – What Does It Mean?

  • Category: Connected Vehicles, Cybersecurity Regulation
  • August 13, 2023
NIST is expanding its CSF2.0 with a significant addition of the 'Govern' pillar, underscoring the crucial role of senior leadership and risk management in cybersecurity.

The National Institute of Standards and Technology (NIST) is taking a big step forward with cybersecurity. A draft update to their renowned cybersecurity framework (CSF2.0) has recently been unveiled, with changes that emphasise the vital role of senior leadership in cybersecurity strategy.

One of the most notable modifications in the update is the expanded scope of the framework. It is no longer confined to critical infrastructure such as hospitals or banks; it now encompasses organisations of all types and sizes. Reflecting this broader coverage, the framework has been renamed “The Cybersecurity Framework,” replacing the previous name of “Framework for Improving Critical Infrastructure Cybersecurity.”

The updated NIST framework introduces several important enhancements, starting with the addition of a new sixth pillar called “Govern.” The ‘Govern’ pillar complements the existing five core functions of the cybersecurity framework, which are: Identify, Protect, Detect, Respond, and Recover.

 

The ‘Govern’ function delves into the decision-making processes within an organisation, focusing on the alignment and support of these decisions with the overarching cybersecurity strategy.

NIST’s announcement further elaborated on the significance of this change, emphasising that cybersecurity now stands on par with other critical enterprise risks, such as legal and financial considerations. This emphasis serves as a potent reminder to senior leadership about their role in upholding organisational security.

Additionally, the draft incorporates other enhancements, including improved guidance for tailoring the framework to specific situations. These adjustments are in response to community feedback and reflect NIST’s commitment to delivering adaptable and practical solutions.

“This change is a positive step for the automotive industry as the NIST framework now aligns with ISO/SAE 21434”, commented David Mor Ofek, Head of Product. The addition of the ‘Govern’ category necessitates proactive measures and accountability for security, signifying a shift towards a centralized platform.”

Find Out How We Can Help through Automated Compliance

EVSec is the only DevSecOps platform that helps automotive companies to automate their risk management practices, at scale. The platform was built to ‘take the edge off’ the compliance process for cybersecurity standards and regulations.

NIST is holding a hybrid workshop on September 19-20, 2023, at the NIST National Cybersecurity Center of Excellence, serving as another opportunity for the industry, academia and the public to provide feedback and comment on the draft.

If your organization seeks to effectively identify, protect, detect, respond, recover, and now govern your security protocols, our team is here to assist you. Don’t miss the opportunity to schedule a demo with us and explore how our tailored solutions can address your unique needs.

More articles that might interest you:
US House Committee Hearing: End the Typhoons. March 5, 2025 (Source: YouTube)

High Voltage: Strengthening U.S. Cyber Defenses Against Battery Energy Storage System (BESS) Threats

April 21, 2025

8 Essential Keynote Sessions You Must Attend at the RSA 2025 Conference

April 17, 2025
CVE Logo

Is the MITRE / CVE Program in Jeopardy? Understanding the Fallout and What Comes Next

April 16, 2025

Follow Us

  • linkedin hover LinkedIn
  • Twitter
  • Facebook
Join our newsletter
  • linkedin hover LinkedIn
  • Twitter
  • Facebook
  • © 2025 All rights reserved C2A-SEC LTD 
  • Privacy Policy
Facebook-f Linkedin
  • Products
    • EVSec Platform
    • EVSec Analysis
    • EVSec BOM & Vulnerability Management
    • EVSec Attacker
    • EVSec Network & Endpoint Protection
    • EVSec SOC Enrichment & Analytics
    • EVSec AutoSynth AI
  • Use Cases
    • Medical and Healthcare
  • Integrations
  • Blog
  • Company
    • About
    • Events
    • Careers
  • Contact
  • Schedule a Demo
  • English
    • 简体中文
  • Products
    • EVSec Platform
    • EVSec Analysis
    • EVSec BOM & Vulnerability Management
    • EVSec Attacker
    • EVSec Network & Endpoint Protection
    • EVSec SOC Enrichment & Analytics
    • EVSec AutoSynth AI
  • Use Cases
    • Medical and Healthcare
  • Integrations
  • Blog
  • Company
    • About
    • Events
    • Careers
  • Contact
  • Schedule a Demo
  • English
    • 简体中文