Content, Channel partners, Content

NIST Unveils New Version of Cybersecurity Framework: What MSSPs Need to Know

Credit: National Institute of Technology and Standards

The National Institute of Standards and Technology (NIST) has released Cybersecurity Framework (CSF) 2.0, a new version of a tool it first released in 2014 to help organizations understand, reduce and communicate about cybersecurity risk.

What's Different About the NIST Framework?

Notable changes to the framework include:

  • An expanded scope, with a focus on protecting critical infrastructure and providing cyber protection for organizations of all sizes and across all industries; this difference is reflected in the framework's title, which has been changed from "Framework for Improving Critical Infrastructure Cybersecurity" to "The Cybersecurity Framework."
  • The addition of a "govern" function to CSF's pillars of a successful and holistic cybersecurity program; govern represents the sixth function, along with identify, protect, detect, respond and recover.
  • Guidance on implementing CSF, how to create profiles based on the framework and how to utilize it across various sectors and use cases; the draft also offers implementation examples for each function’s subcategories to help organizations utilize the framework effectively.

NIST does not plan to release another draft of the framework and is accepting public comments on it until November 4, 2023.

In addition, NIST is planning a workshop in fall 2023 for the public to provide feedback and comments on the draft.

NIST said it expects the final version of CSF 2.0 to be published in early 2024.

Biden-Harris Administration Announces National Cyber Workforce and Education Strategy (NCWES)

NIST's CSF 2.0 draft news comes after the Biden-Harris Administration in July 2023 unveiled NCWES to address immediate and long-term cyber workforce needs.

NCWES includes the following objectives:

  • Using adaptable ecosystems to promote local and national cyber education and workforce development.
  • Helping Americans build lifelong skills that they can use to guard against cyberattacks.
  • Growing and enhancing the cyber workforce by improving diversity and inclusion.

To accomplish these objectives, NCWES emphasizes the following pillars:

  • Providing Americans with foundational cyber skills.
  • Transforming cyber education.
  • Expanding and enhancing the national cyber workforce.
  • Strengthening the federal cyber workforce.

Meanwhile, MSSPs can provide cybersecurity awareness training and security services to organizations. In doing so, organizations can teach their employees how to protect against cyberattacks and get the support they need to keep pace with current and emerging cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.