This post was written by Bob Kolasky, Senior Vice President of Critical Infrastructure

The digital horizon is ever-changing — and with NIST’s release of the Cybersecurity Framework 2.0 (CSF 2.0) — businesses and other organizations have a new compass to steer by. This is a step forward toward updating the core recommended approach by the U.S. government — and recognized by allied governments — for implementing a cybersecurity program to guide organizational cyber risk management efforts.

Following the original Cybersecurity Framework published in 2013, NIST has updated its recommendations for cybersecurity for all organizations, and taken a framework that is widely used by critical infrastructure entities and expanded it to a broader user community.

NIST released the initial CSF, following an Obama-era executive order, to help organizations understand, reduce and communicate about cybersecurity risk. The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s newly added Govern function. When considered together, these functions provide a comprehensive view for managing cybersecurity risk.

Here’s how CSF 2.0 can help businesses, especially in safeguarding their supply chains:

Governance at the forefront: The addition of a ‘Govern’ function is a game-changer. It will propel organizations to embed cybersecurity into their corporate governance structures, ensuring that cyber risks are part of every strategic decision.

Tailored implementation: The tiered approach of CSF 2.0 allows businesses to adopt cybersecurity practices that align with their specific needs and risk profiles, enhancing their resilience without imposing a one-size-fits-all model.

Supply chain security: With the emphasis on third-party cyber risks, businesses can now formulate a more comprehensive strategy that accounts for the entire supply chain, thereby minimizing vulnerabilities at every link.

Adaptive framework: The CSF 2.0 is designed to be adaptive, encouraging organizations to remain agile and responsive to new threats. It’s not a static shield but a versatile weapon in the cybersecurity arsenal.

Policy alignment: The framework is poised to align with CISA’s Cybersecurity Performance Goals, ensuring consistency and clarity in cyber defense strategies across the board.