{"id":47817,"date":"2023-07-06T14:53:51","date_gmt":"2023-07-06T18:53:51","guid":{"rendered":"https:\/\/www.arffinancial.com\/development\/?p=47817"},"modified":"2023-07-06T14:53:51","modified_gmt":"2023-07-06T18:53:51","slug":"nists-updates-to-cybersecurity-standards","status":"publish","type":"post","link":"https:\/\/www.arffinancial.com\/development\/nists-updates-to-cybersecurity-standards\/","title":{"rendered":"NIST\u2019s Updates to Cybersecurity Standards"},"content":{"rendered":"

[vc_row][vc_column][vc_single_image image=”47818″ img_size=”large” alignment=”center”][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]Cybersecurity is top-of-mind among professionals across nearly every industry, with cyberthreats and attacks becoming more common as the globe increases its use of technology. Check Point research reported a 38 percent increase in cyberattacks from 2021 to 2022 thanks to \u201csmaller, more agile hacker and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments, targeting of education institutions that shifted to e-learning post COVID-19\u201d according to the website<\/a>. Attacks are likely to only get more sophisticated as time goes on. In response, a major update to the National Institute of Standards and Technology\u2019s<\/a> (NIST) Cybersecurity Framework (CSF) is set to be unveiled later in the summer of 2023. Today, we\u2019ll detail what the NIST and its Cybersecurity Framework are, plus outline some of the planned updates under consideration for what\u2019s being called CSF 2.0.<\/p>\n

What is the NIST and CSF?<\/strong><\/p>\n

Founded in 1901, the NIST is part of the U.S. Department of Commerce and is among the country\u2019s oldest physical science labs. It was created to increase America\u2019s competitiveness in the industrial space, which was falling behind that of the United Kingdom and Germany among others. The NIST website<\/a> notes that \u201cToday, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations \u2014 from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks.\u201d The NIST also outlines cybersecurity standards and best practices for U.S. industries and federal agencies. Its Cybersecurity Framework<\/a> (CSF) was released in 2014 and designed as an outline that can help small and large businesses understand, manage, and minimize cybersecurity risks as a means to protect their data. It\u2019s mandatory for government agencies but voluntary for those in the private sector, and consists of 5 key areas: Identify, Protect, Detect, Respond, and Recover. You can download a PDF of the Framework here<\/a>, which provides helpful guidelines on how to keep your business safe from cyberattacks.<\/p>\n

What About CSF 2.0?<\/strong><\/p>\n

The CSF has not been updated since 2018, and since that time there have been many advances made to cyberattacks\u2014much in part due to the pandemic\u2019s role in pushing more of our jobs online. With the CSF\u2019s role in helping businesses develop their own cybersecurity programs, it was important that this Framework be updated with new details on governance, supply chain risks, and more. A request for information was carried out in February 2022 so the NIST could get a better understanding of needs from industry partners and government agencies. In January 2023 a concept paper<\/a> was released outlining some of the initial proposed updates to the CSF.<\/p>\n

As outlined on the NIST website<\/a>, the CSF 2.0 draft is \u201cintended to increase clarity, ensure a consistent level of abstraction, address changes in technologies and risks, and improve alignment with national and international cybersecurity standards and practices.\u201d While the CSF was originally created for national infrastructure purposes, Congress told the NIST to consider small businesses and higher education facilities within the updated Framework\u2014making it usable for the businesses and institutions most impacted by growing cyber threats.<\/p>\n

Included in the CSF 2.0 draft are the following changes<\/a>:<\/p>\n