1 September 2023

NIST Framework Update And Impact On SIEM

Frameworks

Ensuring the safety and resilience of business-critical infrastructure is a challenge; the need to stay ahead to protect sensitive information, intellectual property, and most importantly, the trust of customers is more pressing than ever.

The Cybersecurity Framework (CSF), created by the National Institute of Standards and Technology (NIST), was originally meant for safeguarding critical infrastructure and Department of Defence operations in the US, but now it’s available for any organisation.

The Origins Of CSF

Since its launch in February 2014, the CSF compliance standard has consistently shown effective cybersecurity risk management practices. However, the ever-changing nature of the threat landscape has led to updates and changes in NIST CSF 2.0. This newer version, known as CSF 2.0, is designed to revolutionise our approach to cybersecurity and is set to be released by 2024. The main goal of this improved framework is to expand the focus of the original standard, enhance the accountability of personnel responsible for data security and privacy in companies following NIST CSF 1.0 guidelines, and ultimately make the standard more globally applicable over time.

We appreciate that NIST may not be something all organisations and security teams are aware of or may not know how its continual development is changing the approach to threat detection. In this blog post, we’ll summarise the latest changes to NIST CSF 2.0 and why frameworks are an important part of your security posture.

The Evolution of NIST

From the start, NIST CSF was meant to be a flexible document. Updates to the framework allow NIST to incorporate stakeholder feedback, integrate lessons learned, and stay up to date with technological advancements and evolving threat levels. NIST is focusing on CSF 2.0 to support these goals and will continue to seek input from stakeholders.

On February 22, 2022, NIST issued a Request for Information (RFI) to gather data for evaluating and enhancing CSF resources. They received over 130 RFI responses from various industries, including information technology, financial services, energy, communications, and others. Through this process, they identified common themes, which include:

  1. Enhancing essential CSF components
  2. Aligning CSF with other NIST and related initiatives
  3. Providing more guidance for CSF implementation
  4. Maintaining technology neutrality while addressing various technology-related concerns
  5. Emphasising the value of metrics, evaluation, and measurement
  6. Addressing supply chain cybersecurity threats

Based on these themes, updates and changes were made to the existing NIST CSF guidelines:

Key Updates in NIST Framework for Improved Cyber Risk Management

 

  1. Introduction of a New Governance Function

The latest version of NIST CSF introduces a new “Govern” function that focuses on how organisations effectively manage cyber risk. This function enhances cybersecurity outcomes related to policies, procedures, roles, and responsibilities, emphasising the importance of risk management within your company’s context. The framework has also undertaken significant adaptation for use by institutions beyond just critical infrastructure and defence, as was in the past. In practical terms, any company of any size can now follow the NIST framework.

  1. Revisions to Cyber Risk Management Measures

The NIST has also updated guidelines related to continuous improvement, incident response management, and supply chain risk. These revisions revolve around a critical question for auditors: are we taking adequate steps to reduce the impact or likelihood of unexpected disasters?

  1. Incorporation of Implementation Examples

The discussion draft of NIST CSF 2.0 proposes adding Implementation Examples for each outcome and the core modifications. These examples provide proven solutions for mitigating cybersecurity risks. (Although they are not exhaustive). Given the ever-changing threat landscape, auditors may need assistance to stay current with the latest security practices. These examples draw from recommendations of various risk management and cybersecurity experts and serve as models for implementing security measures. By collaborating with peers and adhering to recognised best practices, NIST aims to enhance our ability to protect and assess organisations.

  1. Emphasis on Leadership Responsibility

NIST CSF 2.0 introduces leadership responsibility clauses: “Organisational leadership takes responsibility for decisions related to cybersecurity risks and fosters a risk-aware culture, ethical behaviour, and continuous improvement.” When organisations understand and appreciate the impact of risk within their business context, they can make risk-based decisions. This shift empowers auditors to become proactive enablers of business operations rather than mere “nay-sayers.”

Why are the NIST 2.0 Updates Significant?

More and more organisations worldwide are voluntarily adopting NIST standards and practices for cybersecurity. This underscores the importance of the updates to the existing NIST framework. Many security products from vendors align with NIST standards, and there are substantial resources to ensure their research, reliability, and relevance. Regular updates to NIST policies are crucial to keep global security current and defend against more frequent and dangerous attacks.

Impact of NIST Framework Changes on Your Organisation

The changes in the NIST 2.0 compliance standard are expected to have a substantial impact. For example, the new cross-cutting “Governance” function goes beyond highlighting the role of governance in risk reduction and prioritises and assesses risk tolerance and better defines the roles and responsibilities in cyber risk management.

These changes greatly contribute to compliance and auditing efforts, underscoring its growing importance in the realm of security. Striking a balance between innovation and legal boundaries when new data privacy rules arise is crucial to staying secure. As Chief Information Security Officers (CISOs) transition from being seen solely as “security professionals” to business leaders, their responsibilities are expanding.

Success in the digital future hinges on maintaining compliance, and organisations that operate globally or across multiple industries will thrive by adhering to data privacy laws. Compliance is increasingly synonymous with competitiveness, and the new NIST standards will serve as a significantly important metric by which businesses measure themselves.

The Significance Of Framework Alignment

For those organisations that are still evaluating NIST or another framework, it’s important to highlight the role they play in creating a stable and adaptable security posture. They serve as navigational maps, guiding you through the intricate landscape of threats and vulnerabilities. By aligning your strategies with frameworks like the NIST, you gain the following:

Structured Approach

Frameworks offer a structured approach to managing cybersecurity risks, ensuring comprehensive coverage of potential threats.

Consistency

Framework alignment promotes consistency in security practices across your organisation, reducing the risk of gaps and oversights.

Measurable Progress

Frameworks provide benchmarks to measure your security posture’s growth over time, aiding in continuous improvement.

Communication

Frameworks establish a common language for discussing cybersecurity concerns among stakeholders, fostering effective communication.

Embark on the Framework Alignment Journey with Apto Solutions

At Apto, we understand the intricacies of the cybersecurity landscape and the significance of framework alignment. Our expertise lies in guiding organisations like yours on a clear path towards aligning with frameworks such as the NIST. Our solutions encompass [insert value prop stuff]

If you’ve found this post interesting and have more questions or would like to learn more, please contact us to arrange a discussion, or follow us on LinkedIn to get updated on more posts like this one in future.

    Stay updated with the latest from Apto

    Subscribe now to receive monthly updates on all things SIEM.

    We'll never send spam or sell your data, see our privacy policy

    See how we can build your digital capability,
    call us on +44(0)845 226 3351 or send us an email…