What is NIST CSF 1.1? It means “National Institute of Standards and Technology Cybersecurity Framework Version 1.1. But what does this framework do? This post will tell you more.
The History Of NIST CSF
V1.0 is the first NIST Cybersecurity Framework. And published in February 2014. Also, it was created by the collaboration of Industry and academics. As well as government stakeholders.
Besides, the first version targets the organizations that are part of the US’ critical infrastructure sectors. Thus, implementing the appropriate activities to prevent cyber events. The framework also ensures to secure each site.
The Executive Order To Reduce Cyber Risks
It was February of 2013 when a Presidential Order instructs to lead the development of a framework. That framework’s goal is to reduce cyber risks to the US critical infrastructures. That’s how NIST Cybersecurity Framework v1.0 began and introduced in February 2014.
Additionally, the rationale was to create a set of standards and guidelines. This also includes best practices. Thus, this helps organizations better protect information and physical assets from cyberattacks.
Moreover, 3 layers built this framework:
- The Framework Core
- The Framework Implementation Tiers, and the
It was 2015 when the process for updating the framework got underway. And finally, in December 2017, its updated version NIST CSF 1.1 is released.
The NIST CSF 1.1 is a new draft of the framework. This version took into account public and private sector feedback that is received by the first version.
What’s New With The NIST CSF 1.1?
NIST CSF 1.1 is being released 4 years after the introduction of the first version. The goal is not only to become flexible to be adopted by federal agencies and governments. But also to both small and large organizations across industry sectors.
Additionally, this update clarifies and enhances the framework. It also increases its value. Moreover, it makes it easier for more organizations to use this framework in managing cyber risks.
Further, NIST CSF 1.1 is consistent. It remains flexible and voluntary. It’s also cost-effective to develop and implement within the organization.
The Update Features
Applicable In A Broad Scale
The NIST CSF 1.1 announces its applicability for IT, OT, IoT, and cyber-physical systems.
Supply Chain Emphasis
The framework contains enhanced guidance for applying the CSF to vendor risk management.
The Access Control Category Nomenclature
This is to better account for authenticating, authorizing, and identity-proofing.
Updates To Informative References
NIST CSF 1.1 administratively updates informative references.
The Clarification Of Terminology
Some terms are clarified. For instance, the term “utility” is clarified as a structure and language. Especially for organizing and expressing compliance.
Risk Assessment Guidelines
There’s a new section that explains how NIST CSF is being used to understand and assess cyber risks. And that makes it easier to compare current and past conditions.
The added sub-categories. And it relates to the vulnerability disclosure lifecycle.
The Purchasing Guidance
It has a new section that focuses on helping in the understanding of the risks. Particularly those that come from commercial, product, and services.
Risk Added To Implementation Tiers
They also added further risk management criteria.