Hello, I apologize for the issues! Please try this link: 43828014.hs-sites.com/nist-cybersecurity-framework-2.0-do-i-measure-up It will take you to Hubspot, but should not require any sort of administrator's login.
Lol, what a luck I have today , that I find You. You explain this very well. In my life upgrade I was not wishing any more than Your YT Video. Fantastic.. :)
Are there subcategories that carry overt from 1.0? For example, in every list they've published, under Identify's Risk assessment it goes ID.RA-01, 02, 03, 04, and 05 then skips to ID.RA-07. Does this mean that the ID.RA-06 remains unchanged?
They haven't published a detailed mapping of how the Subcategories were moved around, but if you check out the Discussion Draft released last April, it will give you a starting point since it does include that level of detail (www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf). In the example you provided, ID.RA-06 is still included in the updated CSF 2.0, but has had some wording changes to expand it's outcome.
The CSF is intended to be flexible for companies to implement in a way that works best for them. Therefore, you could choose to tailor the new Govern Function out; however, this area was expanded to emphasize the need for having a cybersecurity strategy to help manage cybersecurity risk and drive cyber resilience.
While NIST doesn't provide "certification" criteria for the CSF, there are companies that provide training for individual certifications as well as others that conduct CSF program assessments. Optic Cyber Solutions would be happy to conduct a CSF assessment of your cybersecurity program - please reach to Info@OpticCyber.com for more information!
There are many Governance, Risk, and Compliance (GRC) tools that track cybersecurity governance against the CSF to help ensure you have appropriate coverage for the CSF. Additionally, they provide processes for helping align business risk to the CSF enabling you to ‘right-size’ your capabilities to properly manage risk. Additionally, CSF Profiles are a great way tool to help implement the CSF.
The Cybersecurity Framework v1.1 has been archived on NIST's website now that v2.0 has been released. NIST is recommending that companies use v2.0 moving forward; however, since the CSF isn't a compliance standard v1.1 can still be used if desired.
Thanks for the "cut to the chase" approach. Very good!
Thanks for taking the time to break this down and provide details of changes
glad this video popped up in my algo. I am taking the CISSP in two weeks. very helpful.
Thank you Kelly for this helpful summary on NIST CSF 2.0!
Love the videos. They have all been very helpful and no nonsense, just straight to the point and informative! Thank you!
Thanks for the great and significant explanation on the frameworks differences.
Great and concise explanation Kelly. Congrats and thanks for sharing!
thank you for providing a great 'bridge' between v1.1 -> v2.0 - very helpful
Thank you Kelly!
Presented in a really nice way. Great job
Thank you for the update. I am currently trying to understand this better as I would like to get into a GRC position.
This is a great overview. Thanks for sharing
Thanks for the breakdown. The MaPT can't be downloaded. It redirects to Hubspot, requiring the administrator's login. I would to see that template.
Hello, I apologize for the issues! Please try this link: 43828014.hs-sites.com/nist-cybersecurity-framework-2.0-do-i-measure-up It will take you to Hubspot, but should not require any sort of administrator's login.
Wonderful video congrats
Many thanks for you sharing 😀
Thank you 🙏🏻
great review Kelly
Lol, what a luck I have today , that I find You. You explain this very well. In my life upgrade I was not wishing any more than Your YT Video. Fantastic.. :)
Very well explained 🎉
Thanks Kelly! Great overview
This Video explains the Changes to the Framework. 13:20 is basically all you need to know
Thanks Kelly, can you share slide ?
Yes, no problem. If you can send an email to Info@OpticCyber.com, we'll send the slides over!
Are there subcategories that carry overt from 1.0? For example, in every list they've published, under Identify's Risk assessment it goes ID.RA-01, 02, 03, 04, and 05 then skips to ID.RA-07. Does this mean that the ID.RA-06 remains unchanged?
They haven't published a detailed mapping of how the Subcategories were moved around, but if you check out the Discussion Draft released last April, it will give you a starting point since it does include that level of detail (www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf).
In the example you provided, ID.RA-06 is still included in the updated CSF 2.0, but has had some wording changes to expand it's outcome.
thank you for the response, also my mistake in my example I meant to use ID.AM, ID.AM jumps from -05 to -07@@OpticCyber
that doc is exactly what I needed, much appreciated!@@OpticCyber
@@herpderp1238Glad to help! In the case of ID.AM-06, it was removed and the concepts are now included under the new GV.RR.
Awesome video!
Hey,
Quick question.
If we have NIST CSF implemented in the organization then do we need to implement Govern as well or its not mandatory and needed?
The CSF is intended to be flexible for companies to implement in a way that works best for them. Therefore, you could choose to tailor the new Govern Function out; however, this area was expanded to emphasize the need for having a cybersecurity strategy to help manage cybersecurity risk and drive cyber resilience.
How this "Farmework" have to do with using ISA/IEC 62443 standards to secure ICS?
Great Content , Thanks for the details. Could you please recommend from where to do NIST certification? Thanks
While NIST doesn't provide "certification" criteria for the CSF, there are companies that provide training for individual certifications as well as others that conduct CSF program assessments. Optic Cyber Solutions would be happy to conduct a CSF assessment of your cybersecurity program - please reach to Info@OpticCyber.com for more information!
What type of appliance is commonly used for NIST cybersecurity?
There are many Governance, Risk, and Compliance (GRC) tools that track cybersecurity governance against the CSF to help ensure you have appropriate coverage for the CSF. Additionally, they provide processes for helping align business risk to the CSF enabling you to ‘right-size’ your capabilities to properly manage risk. Additionally, CSF Profiles are a great way tool to help implement the CSF.
❤
Is NIST CSF v1.1 retired now?
The Cybersecurity Framework v1.1 has been archived on NIST's website now that v2.0 has been released. NIST is recommending that companies use v2.0 moving forward; however, since the CSF isn't a compliance standard v1.1 can still be used if desired.