The first version of NIST’s Cybersecurity Framework aka NIST CSF was released in 2014 and has become enormously popular with businesses and organizations of all sizes. In fact, it is a top 5 framework within ControlMap’s MSP community alongside CIS, SOC 2, ISO 27001, and CMMC/NIST 800-171. The appeal of NIST CSF is its logical approach to Cybersecurity with control objectives organized into 5 easy to understand functional groups:
“Identify” → “Protect” → “Detect” → “Respond” → “Recover”
Now a newly introduced sixth functional group added to NIST CSF 2.0 is “Govern,” focusing specifically on Governance.
You’ll likely find NIST CSF requested by small- and mid-sized government agencies such as water authorities, city/state/county departments, and Port Authorities, among other critical infrastructure organizations and their vendors. Private-sector organizations are also looking to align with insurance requirements or well-recognized Federal standards.
ControlMap will continue to support NIST CSF 1.1, but look for the NIST CSF 2.0 update, arriving in March 2024!
Some reference links:
https://www.darkreading.com/ics-ot-security/nist-releases-cybersecurity-framework-2-0