A new lot level version- NIST CSF 1.1. A better and a lot more improved version of the framework. However, what are the changes?
The NIST CSF 1.1: What Is New?
A new version called NIST CSF 1.1 is released in April 2018. This is the new version of the framework where more improves when it comes to critical infrastructure cybersecurity.
But great thing is that it is still compatible with the old version 1.0. So we can conclude that there are no major changes.
Moreover, NIST CSF 1.1 mainly include the following:
- updates on how to make a self-assessment.
- adding details on supply chain risk management.
- direction on external communication
- combines with supply chain stakeholders
Another thing that NIST CSF 1.1 objective are:
- Define the cybersecurity posture;
- Define cybersecurity target;
- Recognize and prioritize the following growth opportunities. Moreover, still possible even in a continuous and repeatable method;
- Evaluate the process toward the target state;
- Interact with domestic and external stakeholders about cybersecurity risk.
Another Detail In The New Version NIST CSF 1.1
- The self-assessment.
This is the key start point for your organization. Knowing the baseline of cybersecurity preparation.
Will show what is your company standing, so you could formulate an advance plan.
Also, this self-assessment is under the section. Which used to be named “demonstrating and measuring cybersecurity”.
- Supply Chain Risk Management.
The supply chain has become the target of cyberattacks. So, it becomes more prevailing and vulnerable.
A weak point of the supply chain can be the door of the attackers. So due diligence is needed all over cybersecurity.
Better start with the NIST CSF 1.1 to put a lot more focus on your supply chain safety. Moreover, you can found how to managing risk in the supply chain.
Third-party assessment is one of the solutions. It targets the security keys and also the accountable holding suppliers.
Thus, this part is where Ascentor has vital practice within HM Government. Also in the courteous nuclear industry.
Certainly, these companies have to match the least subset of the NIST framework.
- Online knowledge ad recommendations
NIST has driven an area of online knowledge modules. And, also created a lesson to how a framework with the lessons acquired.
A More Improve
Changes in outline results in a more improved version.
- Functions
Identity, protection, detection, response, and recovery, are the five total functions. The purpose is to describe the basic cybersecurity practice at a high-level.
So it works in expressing the following:
- management of cybersecurity risk
- allows the risk management choice
- enhancing the learning from previous activities
- discussing the threats
- Categories
Subdivisions of a function are categorized. So it divided into groups of various cybersecurity outcomes and the following:
- closely tied and programmatic needs and particular activities
- asset control
- disclosure process
- Sub Categories
So subcategories are the list down categories in the following:
- specific outcomes of technical
- management activities
- Informative References
It will help as an illustration in a way to obtain the result of each category. Moreover, it is a specific section of standards, guidelines, and common practices.