The NIST CSF Version 2.0 is Coming in 2024

The NIST Cybersecurity Framework (NIST CSF) is a freely available, widely applicable set of recommendations and guidelines created by the National Institute of Standards and Technology to assist organizations in securing themselves from threats to their information security. Originally published in 2014, the framework has received numerous updates, and in early 2024, the official second version of the framework, version 2.0, will be released.  

Currently, the NIST CSF covers five core functions of any mature cybersecurity program:  

•  Identify – Fully understand and document the organization and its assets, people, processes, objectives, etc.  
•  Protect – Implement controls to protect everything documented in the Identify step.  
•  Detect – Implement systems for detecting threats to everything documented in the Identify step.  
•  Respond – Implement policies, procedures, plans, and guidelines for responding to detected threats.  
•  Recover – Implement policies, procedures, plans, and guidelines for recovering from detected threats.  

The core purpose of the five functions is to accurately inventory the organization and implement ways to protect its systems from threats, with each system being protected according to its relative criticality to the organization.  

A New Function: Govern

With the upcoming release of the NIST CSF version 2.0, a new function is being added to the framework: Govern. The Govern function will require organizations to perform increased due diligence, risk management, role delegation, and more.

Organizations will need to develop teams and procedures for determining the risk of third-party partners, suppliers, vendors, etc., and these risk assessment efforts must be formally documented. Risk management must be prioritized according to how critical the relationship with each third-party is determined to be.  

Sourcepass is Here to Assist

Third-party governance can be a time consuming and complex task, particularly in larger organizations. As part of our compliance and risk management services, Sourcepass can act as a liaison between your organization and your third parties. We will assist you in documenting your third-party relationships, assign a criticality ranking to them, and reach out to them on your behalf to perform due diligence reviews, all of which is formally documented and tracked in a private portal which you can access at any time.  

James Reichle is the Sourcepass Senior Cyber Risk Advisor. Reach out to James at (877) 678-8080.