The National Institute of Standards and Technology (NIST) is taking a big step forward with cybersecurity. A draft update to their renowned cybersecurity framework (CSF2.0) has recently been unveiled, with changes that emphasise the vital role of senior leadership in cybersecurity strategy.
One of the most notable modifications in the update is the expanded scope of the framework. It is no longer confined to critical infrastructure such as hospitals or banks; it now encompasses organisations of all types and sizes. Reflecting this broader coverage, the framework has been renamed “The Cybersecurity Framework,” replacing the previous name of “Framework for Improving Critical Infrastructure Cybersecurity.”
The updated NIST framework introduces several important enhancements, starting with the addition of a new sixth pillar called “Govern.” The ‘Govern’ pillar complements the existing five core functions of the cybersecurity framework, which are: Identify, Protect, Detect, Respond, and Recover.
The ‘Govern’ function delves into the decision-making processes within an organisation, focusing on the alignment and support of these decisions with the overarching cybersecurity strategy.
NIST’s announcement further elaborated on the significance of this change, emphasising that cybersecurity now stands on par with other critical enterprise risks, such as legal and financial considerations. This emphasis serves as a potent reminder to senior leadership about their role in upholding organisational security.
Additionally, the draft incorporates other enhancements, including improved guidance for tailoring the framework to specific situations. These adjustments are in response to community feedback and reflect NIST’s commitment to delivering adaptable and practical solutions.
“This change is a positive step for the automotive industry as the NIST framework now aligns with ISO/SAE 21434”, commented David Mor Ofek, Head of Product. The addition of the ‘Govern’ category necessitates proactive measures and accountability for security, signifying a shift towards a centralized platform.”
Find Out How We Can Help through Automated Compliance
EVSec is the only DevSecOps platform that helps automotive companies to automate their risk management practices, at scale. The platform was built to ‘take the edge off’ the compliance process for cybersecurity standards and regulations.
NIST is holding a hybrid workshop on September 19-20, 2023, at the NIST National Cybersecurity Center of Excellence, serving as another opportunity for the industry, academia and the public to provide feedback and comment on the draft.
If your organization seeks to effectively identify, protect, detect, respond, recover, and now govern your security protocols, our team is here to assist you. Don’t miss the opportunity to schedule a demo with us and explore how our tailored solutions can address your unique needs.