The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is one of several “gold level” standards used by public and private organizations as the basis for their cybersecurity protocols. It is also the benchmark utilized by Trustwave to protect our clients.
NIST rolled out the CSF in 2014 as a set of guidelines for mitigating organizational cybersecurity risks. NIST designed the Framework to be continuously updated to keep pace with technology, threat trends, and to integrate lessons learned.
Trustwave is a firm believer in the NIST CSF. All of Trustwave’s products and services overlap with at least one of the NIST CSF functionalities that the government agency has stated are core to any proper cybersecurity program. In addition, Trustwave believes the five NIST CSR functions are of significant value to organizations that are relatively immature or new to cybersecurity as it provides a simple lens through which to understand the field and the areas in which the organization is likely to require investment.
The five NIST functions are:
There are two ways to better understand how Trustwave intersects with the NIST CSF priorities. First, by mapping it against Trustwave’s services, which can be visualized below:
Secondly, by comparing it to Trustwave’s product portfolio.
As can be seen, Trustwave has all aspects of the NIST CSF covered.
This is no accident. Trustwave has been deeply involved with NIST in the continuous development of the Framework, and as part of this cooperation, earlier this year, Trustwave submitted its thoughts on how it can be updated and improved.
The new version, dubbed CSF 2.0, follows the initial version adopted in 2014, and then updated in April 2018 when NIST issued CSF 1.1.
NIST began pulling together what would become CSF 2.0 in February 2022 when it put out a request for information (RFI) to obtain public input on how to improve the Framework, which is formally known as the Framework for Improving Critical Infrastructure Cybersecurity. The RFI contained six areas to explore, along with asking for information on cybersecurity supply chain risk management
The latest NIST update is not driven by any specific cybersecurity issue, the agency said, but is part of the agency’s planned update to keep the CSF current and ensure that it is aligned with other tools that are commonly used. In addition, the CSF is intended to be a living document that can be refined, improved, and evolve over time. These updates help the Framework keep pace with technology and threat trends, integrate lessons learned, and move best practices to common practice.
In response to the RFI, Trustwave, through Trustwave Government Services, forwarded a list of recommendations to help improve the Framework.
These included: