www.govtech.com
Open in
urlscan Pro
18.238.243.86
Public Scan
Submitted URL: https://content.erepublic.com/e3t/Ctc/UB+113/d2qthN04/VWVrPR5ddMJmW4GPkbV4Qq2mSW6y9Q6952ZhZyN8cZm3M5nR32W69t95C6lZ3q4W6LWMXZ7F...
Effective URL: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/whats-new-in-the-nist-cybersecurity-framework-2-0-draft?utm_camp...
Submission: On September 05 via manual from US — Scanned from DE
Effective URL: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/whats-new-in-the-nist-cybersecurity-framework-2-0-draft?utm_camp...
Submission: On September 05 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/20544071/65ed2cb9-d1ef-4f39-b681-fb4e91129663
<form id="hsForm_65ed2cb9-d1ef-4f39-b681-fb4e91129663" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/20544071/65ed2cb9-d1ef-4f39-b681-fb4e91129663"
class="hs-form-private hsForm_65ed2cb9-d1ef-4f39-b681-fb4e91129663 hs-form-65ed2cb9-d1ef-4f39-b681-fb4e91129663 hs-form-65ed2cb9-d1ef-4f39-b681-fb4e91129663_ac7b058d-9dbf-4653-b3af-50bf1c8554f2 hs-form stacked"
target="target_iframe_65ed2cb9-d1ef-4f39-b681-fb4e91129663" data-instance-id="ac7b058d-9dbf-4653-b3af-50bf1c8554f2" data-form-id="65ed2cb9-d1ef-4f39-b681-fb4e91129663" data-portal-id="20544071" data-hs-cf-bound="true">
<div>
<div class="hs-richtext hs-main-font-element">
<div class="List-header-title">Stay on top of the latest state & local government technology trends.</div>
<p>Sign up for GovTech Today. Delivered daily to your inbox.</p>
</div>
</div>
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-65ed2cb9-d1ef-4f39-b681-fb4e91129663" class="" placeholder="Enter your " for="email-65ed2cb9-d1ef-4f39-b681-fb4e91129663"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-65ed2cb9-d1ef-4f39-b681-fb4e91129663" name="email" required="" placeholder="Email Address*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="FREE NEWSLETTER SIGN UP"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1693918379147","formDefinitionUpdatedAt":"1686250074497","lang":"en","embedType":"REGULAR","disableCookieSubmission":"true","clonedFromForm":"4b63ba82-f400-4842-b2e3-adbb676d735c","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36","pageTitle":"What’s New in the NIST Cybersecurity Framework 2.0 Draft?","pageUrl":"https://www.govtech.com/blogs/lohrmann-on-cybersecurity/whats-new-in-the-nist-cybersecurity-framework-2-0-draft?utm_campaign=Newsletter%20-%20GT%20-%20GovTech%20Today&utm_medium=email&_hsmi=272697005&_hsenc=p2ANqtz-9OOvc8J110p-QGldZL1OuWFMR7suuB9XeYma1GsxYm3gbOXyVe8vvS1vPqh840YUpA1T3mYJqfh_oT0jJUJpC_naDQL2ZziISofvXn3Y43w6JB9IE&utm_content=272698739&utm_source=hs_email","urlParams":{"utm_campaign":"Newsletter - GT - GovTech Today","utm_medium":"email","_hsmi":"272697005","_hsenc":"p2ANqtz-9OOvc8J110p-QGldZL1OuWFMR7suuB9XeYma1GsxYm3gbOXyVe8vvS1vPqh840YUpA1T3mYJqfh_oT0jJUJpC_naDQL2ZziISofvXn3Y43w6JB9IE","utm_content":"272698739","utm_source":"hs_email"},"isHubSpotCmsGeneratedPage":false,"hutk":"80b7509bddeade94b3f4abc09cdac0c1","__hsfp":1966805734,"__hssc":"59400946.1.1693918380494","__hstc":"59400946.80b7509bddeade94b3f4abc09cdac0c1.1693918380493.1693918380493.1693918380493.1","formTarget":"#hbspt-form-ac7b058d-9dbf-4653-b3af-50bf1c8554f2","locale":"en","timestamp":1693918380508,"originalEmbedContext":{"portalId":"20544071","formId":"65ed2cb9-d1ef-4f39-b681-fb4e91129663","region":"na1","target":"#hbspt-form-ac7b058d-9dbf-4653-b3af-50bf1c8554f2","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"ac7b058d-9dbf-4653-b3af-50bf1c8554f2","renderedFieldsIds":["email"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3611","sourceName":"forms-embed","sourceVersion":"1.3611","sourceVersionMajor":"1","sourceVersionMinor":"3611","_debug_allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1693918379309,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"What’s New in the NIST Cybersecurity Framework 2.0 Draft?\",\"pageUrl\":\"https://www.govtech.com/blogs/lohrmann-on-cybersecurity/whats-new-in-the-nist-cybersecurity-framework-2-0-draft?utm_campaign=Newsletter%20-%20GT%20-%20GovTech%20Today&utm_medium=email&_hsmi=272697005&_hsenc=p2ANqtz-9OOvc8J110p-QGldZL1OuWFMR7suuB9XeYma1GsxYm3gbOXyVe8vvS1vPqh840YUpA1T3mYJqfh_oT0jJUJpC_naDQL2ZziISofvXn3Y43w6JB9IE&utm_content=272698739&utm_source=hs_email\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36\",\"urlParams\":{\"utm_campaign\":\"Newsletter - GT - GovTech Today\",\"utm_medium\":\"email\",\"_hsmi\":\"272697005\",\"_hsenc\":\"p2ANqtz-9OOvc8J110p-QGldZL1OuWFMR7suuB9XeYma1GsxYm3gbOXyVe8vvS1vPqh840YUpA1T3mYJqfh_oT0jJUJpC_naDQL2ZziISofvXn3Y43w6JB9IE\",\"utm_content\":\"272698739\",\"utm_source\":\"hs_email\"},\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1693918379310,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1693918380503,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"80b7509bddeade94b3f4abc09cdac0c1\"}"}]}"><iframe
name="target_iframe_65ed2cb9-d1ef-4f39-b681-fb4e91129663" style="display: none;"></iframe>
</form>Text Content
* Newsletters
* Webinars
* Events
* Magazine
* Papers
* AI
* Computing
* Experience
* Safety
* Transportation
* Workforce
* More
* Topics
* Center for Digital Education
* Center for Digital Government
* Emergency Management
* FutureStructure
* Special Districts
* Digital Communities
* Digital States
* GovTech Top 25
* GovTech 100
* Search
Menu
* AI
* Computing
* Experience
* Safety
* Transportation
* Workforce
* More
* Topics
* Center for Digital Education
* Center for Digital Government
* Emergency Management
* FutureStructure
* Special Districts
* Digital Communities
* Digital States
* GovTech Top 25
* GovTech 100
* Search
CONTINUE TO SITE
✕
IE 11 NOT SUPPORTED
For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
* Special: Communities
* Constituents
* Grants
* HHS
* Higher Ed
* Local
* Open Cloud
* Network
* Payments
Lohrmann on Cybersecurity
WHAT’S NEW IN THE NIST CYBERSECURITY FRAMEWORK 2.0 DRAFT?
NIST HAS RELEASED A DRAFT VERSION 2.0 OF THE CYBERSECURITY FRAMEWORK. HERE’S
WHAT YOU NEED TO KNOW AND HOW TO GET YOUR RECOMMENDATIONS INCLUDED.
August 27, 2023 •
Dan Lohrmann
* Facebook
* LinkedIn
* Twitter
* Print
* Email
Shutterstock/BEST-BACKGROUNDS
The National Institute of Standards and Technology (NIST) is seeking feedback on
their draft Cybersecurity Framework (CSF) 2.0. The release of this public draft
is an important milestone for organizations in order to provide input on the
framework before NIST finalizes it for publication sometime in 2024.
But before we summarize the draft CSF 2.0 changes, why should you care?
NIST CYBERSECURITY FRAMEWORK IS THE STANDARD
As articulated by the U.S. Federal Trade Commission (FTC), “The NIST
Cybersecurity Framework helps businesses of all sizes better understand, manage,
and reduce their cybersecurity risk and protect their networks and data. The
Framework is voluntary. It gives your business an outline of best practices to
help you decide where to focus your time and money for cybersecurity protection.
…
“You can put the NIST Cybersecurity Framework to work in your business in these
five areas: Identify, Protect, Detect, Respond, and Recover.”
As described by Vanta, “the NIST CSF compliance framework is only mandatory for
federal agencies; however, if your company plans on doing business with the
government as a contractor, partner, or vendor, you will likely need to comply
with NIST CSF.
“Outside of federal compliance, the NIST framework is voluntarily adopted by
many private sector organizations. Especially useful to small businesses, NIST
CSF helps mitigate and respond to cybersecurity threats. The NIST framework can
be customized to the individual needs and goals of each organization’s
infrastructure.”
In my experience, most state and local governments adopt CSF as their framework
of choice. There are many reasons for this, but state and local governments are
often custodians of federal data. Following NIST makes sense and works.
WHAT’S DIFFERENT IN NIST CSF 2.0?
The NIST Cybersecurity Framework 2.0 initial public draft was released on Aug.
8. You can learn more details about that release and comments since version 1.1
here.
Dark Reading offered this article describing what’s different about this new
draft:
“The new version 2.0 of the popular NIST Cybersecurity Framework has expanded
beyond the original framework’s five functions of an effective cybersecurity
program — identify, protect, detect, respond, and recover — and added a sixth,
govern.
“‘It emphasizes that cybersecurity is a major source of enterprise risk, ranking
alongside legal, financial and other risks as considerations for senior
leadership,’ NIST’s new guidelines — still in the draft phase — said.
“The new framework is also intended to help support organizations of all sizes,
the agency said.
“‘With this update, we are trying to reflect current usage of the Cybersecurity
Framework, and to anticipate future usage as well,’ NIST’s lead developer of the
framework, Cherilyn Pascoe, said in the CSF 2.0 release on Aug. 8. ‘The CSF was
developed for critical infrastructure like the banking and energy industries,
but it has proved useful everywhere from schools and small businesses to local
and foreign governments.’”
Infosecurity Magazine offered this article, “NIST’s Cybersecurity Framework 2.0:
Shaping the Future of Cyber Resilience.” Here’s an excerpt:
“The inclusion of the ‘Govern’ pillar as a new function is a very important
addition and rounds out the previous core functions (Identify, Protect, Detect,
Respond and Recover).
“Larry Whiteside Jr., CISO at RegScale and President of Cyversity, told
Infosecurity that this pillar is the most significant change to the framework,
with governance increasingly underpinning all aspects of cybersecurity.
“‘An organization can set all the policies it wants, but without a mandate and
focus on governing those policies and the actions performed to enable and
perform the functions that support the policies, none of it matters. Elevating
governance to a CSF function will also promote alignment of cybersecurity
activities with enterprise risks and legal requirements,’ he explained.”
I also like this description of the new changes from JD Supra. Read their full
article, but here is one section:
* Additional guidance on CSF implementation and tailoring for risk.
* The draft provides improved and expanded guidance on implementing the CSF,
especially for creating profiles, which tailor the CSF for particular
situations.
* The draft also includes implementation examples for each function’s
subcategories to help organizations, especially smaller firms, use the CSF
effectively.
* One theme in both the revised and new controls is that CSF 2.0 features
“risk acceptance” explicitly stated and greater discussion of “risk
prioritization” and using safeguards “commensurate with risk.”
* Additional information on cybersecurity measurement and assessment.
* Version 2.0 clarifies the Framework implementation tiers to focus on
cybersecurity governance, risk management, and third-party considerations.
* The importance of continuous improvement is emphasized through a new
Improvement Category in the Identify Function, as well as improvements in
guidance on developing and updating Profiles and action plans.
This YouTube video further defines what’s new in CSF 2.0:
In addition, you can attend this free online workshop from NIST to learn more in
September.
FINAL THOUGHTS
The deadline for submitting comments is Nov. 4, 2023. I urge interested parties
to get engaged and here’s how to submit comments to this draft.
In closing, I want to point out that NIST has been doing more international
collaboration, and this CSF 2.0 has more of an international focus with global
participation. See this July 2023 article on NIST international engagement.
Here’s an excerpt:
“In the update to NIST CSF 2.0, NIST continues to work with the international
community. At NIST’s February 2023 virtual workshop on the CSF 2.0 update,
participants from Italian and New Zealand governments and Mexican industry spoke
on panels. In addition, participants joined from several countries. We are
continuing to learn and benefit from international use cases and look forward to
hearing even more in the months to come as we release our full draft 2.0!”
I applaud this international focus on cybersecurity best practices, as our
online worlds have never been more interconnected and cooperation and
collaboration are vital to defeating cyber crime.
* Facebook
* LinkedIn
* Twitter
* Print
* Email
TAGS:
Cybersecurity
Dan Lohrmann
Daniel J. Lohrmann is an internationally recognized cybersecurity leader,
technologist, keynote speaker and author.
See More Stories by Dan Lohrmann
Dan Lohrmann
Building effective virtual government requires new ideas, innovative thinking
and hard work. From cybersecurity to cloud computing to mobile devices, Dan
discusses what’s hot and what works.
BIO / CONTACT / RSS
Latest Blog Posts
Ransomware and Data Breaches: Impacts Continue to Grow Louder
2023 Cybersecurity Awareness Month Appeal: Make Online Security Easier
Highlights from the 16th Annual MS-ISAC Meeting
Are You a Real Person? Proving You're Human Online
Book Review: Cybersecurity Threats, Malware Trends and Strategies
Stay on top of the latest state & local government technology trends.
Sign up for GovTech Today. Delivered daily to your inbox.
Never miss a story with the GovTech Today newsletter.
SUBSCRIBE
* * Events
* Webinars
* Papers
* Explainers
* Sponsored: Articles and Q&A Videos
* Sponsored: In Case You Missed It
* Industry Academy
* Industry Navigator
* * About
* Privacy & AI
* Contact
* Advertise
Stay Up To Date
Get smart with GovTech. Your guide to technology in state & local government.
SIGN UP FOR NEWSLETTERS
GET THE MAGAZINE
©2023 All rights reserved. e.Republic LLC
California Residents - Do Not Sell My Personal Information
* twitter
* youtube
* facebook
* linkedin
By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts.
Accept All Cookies
Reject All
Cookies Settings
PRIVACY PREFERENCE CENTER
* YOUR PRIVACY
* TARGETING COOKIES
* FUNCTIONAL COOKIES
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
YOUR PRIVACY
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Back Button
BACK
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Reject All Allow All