Expanding our global footprint with Ian Thornton Trump as our first CISO in the UK LEARN MORE >

Services

We’re a selected team of skilled cybersecurity professionals who work as an extension of your IT staff, as well as best-in-class technology to add an additional layer of protection to your organization.

View our Managed Services
Ask About Our Outsourced Cybersecurity Program

Our comprehensive outsourced cybersecurity program leverages advanced technology and expert professionals to enhance your security without the need for in-house capabilities.
 

Learn more

Partners

We collaborate with best in the business to ensure our customers receive the highest levels of care and support. These trusted relationships allow us to better serve and educate our customers.

Regional Partner of the Year Award

Partner of the Year Award

Why Inversion6

With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.

industry validation

"Thanks to Inversion6, we now have an established protocol and response procedure whenever incidents are detected. Now, we are able to act immediately to prevent a security event from becoming a larger incident."

Read Full Story

Resources

Our experts are thought leaders in the cybersecurity space. From blogs to publications and webinars, check out these resources to learn more about what’s trending in our industry and how you can stay ahead.

Why Cybersecurity Should Be Driving Your Enterprise Risk Management Strategy

By Christopher Prewitt

Read Article
Latest Inversion6 Press

CISO Craig Burland’s latest byline in Cyber Defense Magazine discusses the importance of accountability in cybersecurity.

View Story
March 27, 2024
By: Jason Middaugh

NIST Cybersecurity Framework 2.0: What You Need to Know


The National Institute of Standards and Technology (NIST) Cybersecurity Framework has long been a cornerstone in the world of cybersecurity, providing organizations with a comprehensive set of guidelines and best practices for managing cyber risks. Since its initial release in 2014, the framework has become a widely adopted standard and guidepost, helping organizations across industries to strengthen their cybersecurity posture. The recent unveiling of NIST Cybersecurity Framework 2.0 incorporates updates and improvements to help the standard keep pace with the ever-shifting cybersecurity landscape.

What’s new? What’s changed? Let’s take a closer look and highlight everything new with NIST CSF 2.0.

Make Sure Your Business is Protected: Connect with our cybersecurity experts to get started on your tailored security solution today.

 

5 New Elements to Consider from NIST CSF 2.0 

NIST Cybersecurity Framework 2.0 is not a complete reimagining of the now decade-old standard, but an update. Many of the familiar concepts remain, but some terminology and areas of emphasis are different. Here are the five biggest takeaways. 

  1. The Most Significant Addition is Governance 

One of the most significant changes in NIST Cybersecurity Framework 2.0 is the introduction of a new category: Governance. Previously, governance aspects were embedded within the existing five categories (Identify, Protect, Detect, Respond, Recover). However, recognizing the critical importance of governance in effective cybersecurity management, NIST has elevated it to a separate and overarching category. This new Governance category encompasses the policies, procedures, and processes that organizations should establish to ensure that their cybersecurity efforts are aligned with their overall business objectives and risk management strategies. 

  1. Wider Applicability 

While the original Cybersecurity Framework primarily focused on critical infrastructure sectors, version 2.0 has been designed to be applicable to organizations of all sizes and across all industries. This broader applicability acknowledges the interconnected nature of modern supply chains and the potential for third-party risks to impact an organization's cybersecurity posture. By making the framework more accessible and relevant to a wider audience, NIST aims to promote a more holistic and collaborative approach to cybersecurity. 

  1. Keeping Up with Technology Advancements 

The cybersecurity landscape is constantly evolving, with new technologies such as artificial intelligence (AI), the Internet of Things (IoT), and cloud computing introducing both opportunities and challenges. NIST Cybersecurity Framework 2.0 recognizes these technological advancements and provides guidance on how organizations can effectively address the associated cybersecurity risks. The framework needed to update to stay relevant in this landscape and acknowledges the need for organizations to adapt their cybersecurity strategies to keep pace with emerging technologies. 

  1. Maturity Level Terminology 

While the core concepts of maturity levels remain unchanged, NIST has introduced new terminology to describe the different stages of cybersecurity maturity. Instead of using terms like "Partial," "Risk Informed," "Repeatable," and "Adaptive," the new framework employs more straightforward labels: "Tier 1," "Tier 2," "Tier 3," and "Tier 4." This minor change in terminology aims to make the framework more accessible and easier to understand for organizations of all sizes and levels of cybersecurity maturity. 

  1. Improved Usability and Resources 

In addition to the technical updates, NIST has tried to enhance the usability and accessibility of the Cybersecurity Framework. The new version includes additional resources and guidance to aid organizations in understanding and implementing the framework effectively. From detailed explanations to real-world examples, these resources are designed to support organizations at every stage of their cybersecurity journey. 

The Importance of Reevaluating Your Cybersecurity Program 

The release of NIST Cybersecurity Framework 2.0 presents an opportune moment for companies to reevaluate their existing cybersecurity programs. Whether your organization previously followed the NIST Cybersecurity Framework, ISO 27001, CIS Controls, or another industry standard, it is essential to reassess your approach in light of the updated guidance. This reevaluation process allows organizations to align their cybersecurity strategies with the latest industry standards and best practices, ensuring that they are effectively mitigating emerging risks and leveraging new technologies. 

SIEM Solution?: Microsoft Sentinel has emerged as a compelling SIEM solution. Is it right for you? Dive into best use cases and potential risks here. 

Need Professional Guidance for NIST Cybersecurity Framework 2.0? 

While NIST has made efforts to make the Cybersecurity Framework 2.0 more accessible, implementing and maintaining a robust cybersecurity program can be a complex undertaking, particularly for organizations with limited resources or expertise. In such cases, seeking professional guidance from experienced cybersecurity firms like Inversion6 can be invaluable. 

Our team of experts can help assess your organization's current cybersecurity maturity level and determine the appropriate target level based on your risk profile, business objectives, and industry-specific requirements. We will work closely with you to conduct a thorough risk assessment and implement the necessary controls and measures, ensuring that your cybersecurity program aligns with the latest NIST Cybersecurity Framework 2.0 guidelines. 

Stay current with new cybersecurity frameworks and regulations with the help of the experts at Inversion6. Schedule a consultation today to discover how our expertise enhances your cybersecurity resiliency. 

Post Written By: Jason Middaugh
Jason Middaugh has been involved with information security and management systems for more than 20 years. As an experienced Chief Information Security Officer (CISO) and technology executive, Jason has been heavily involved in leading the transformation and management of information security, cloud services and more by advancing technology strategies. Jason is a Certified Information Systems Security Professional (CISSP) and has been with Inversion6 as a CISO since 2019.

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.

TALK TO AN EXPERT