Explore Legal.io

For Clients
Legal.io company logo
Hire Talent
Find the best fit for any legal role
For Members
Jobs
The best legal jobs, updated daily
Salaries
Benchmark compensation for any legal role
Learn
Learn and grow with our community
Events
Connect with peers at exclusive events
Apps
Tools to streamline legal work
Advertise on Legal.io
Post a job for free
Reach more qualified applicants quickly
Advertise with Us
Reach a targeted audience

For Clients

Hire Talent
Legal.io company logo
Solutions
Find the best fit for any legal role
New Hire
Get highly qualified candidates in days
Popular Roles
Data & Tools
Budget Calculator
Plan and manage your legal budget
Salary Insights
Compensation data for legal roles
Vendor Directory
The ultimate list of legal tech tools

NIST Releases Cybersecurity Framework 2.0 

The National Institute of Standards and Technology Cybersecurity Framework 2.0 introduces updates emphasizing corporate governance and supply chain risk management to enhance cybersecurity resilience across various sectors.

NIST Releases Cybersecurity Framework 2.0 

The National Institute of Standards and Technology (NIST), a renowned authority in cybersecurity, has recently released an updated version of its landmark Cybersecurity Framework. This revision, formally titled “The NIST Cybersecurity Framework (CSF) 2.0”, introduces critical sections related to corporate governance responsibilities and supply chain risks.

The Importance of Supply Chain Risk Management

In today’s interconnected world, technology products and services often rely on complex global supply chains. These supply chains involve multiple components, software, and vendors from various parts of the world. 

While they enable innovation and economic growth, they also introduce cybersecurity vulnerabilities. A single weak link in the supply chain can jeopardize the security of the entire system.

Understanding the NIST Cybersecurity Framework

The NIST Cybersecurity Framework serves as a comprehensive resource for organizations across various sectors, regardless of their size or maturity level. Its primary goal is to bolster cybersecurity resilience by offering a systematic approach to risk management. Here are the essential aspects of the framework:

  1. Common Language: The framework provides a common language that bridges the gap between technical and non-technical stakeholders. It facilitates communication, collaboration, and alignment of cybersecurity efforts.

  2. Risk-Based Approach: Organizations can use the framework to assess, prioritize, and address cybersecurity risks. By focusing on risk management, they can allocate resources effectively and protect critical assets.

  3. Adaptability: The framework is adaptable and scalable. Whether you’re a government agency, a private company, or a nonprofit organization, you can tailor its components to your specific context.

“The CSF has been a vital tool for many organizations, helping them anticipate and deal with cybersecurity threats,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve.” 

Expanded Focus on Governance and Supply Chain

CSF 2.0 recognizes that effective cybersecurity extends beyond technical controls. It emphasizes governance, strategic decision-making, and collaboration with external partners. Key enhancements include:

  • Governance and Risk Management: The framework now explicitly addresses governance, risk assessment, and risk tolerance. Organizations must consider their risk appetite and align cybersecurity efforts with business goals.

  • Supply Chain Security: The updated framework emphasizes supply chain risk management. Organizations need to assess and address vulnerabilities in their supply chains, especially as interconnected ecosystems become more complex.

“Developed by working closely with stakeholders and reflecting the most recent cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a wider swath of users in the United States and abroad,” according to Kevin Stine, chief of NIST’s Applied Cybersecurity Division. 

Resources for Implementation

CSF 2.0 provides additional resources to facilitate implementation:

  • Profiles: Organizations can create customized profiles based on their specific needs. Profiles allow them to focus on specific outcomes and risk management goals. For example, a financial institution may prioritize data protection, while a healthcare provider may emphasize patient privacy.

  • Templates and Guidance: The framework includes templates, examples, and practical guidance. These resources help organizations apply the framework effectively and efficiently.

Practical Implementation

CSF 2.0 can benefit organizations with:

  • Assessment and Prioritization: Organizations can use the framework to assess their current cybersecurity posture. By identifying gaps and vulnerabilities, they can prioritize mitigation efforts.

  • Communication and Collaboration: The common language provided by the framework enables better communication across departments and with external stakeholders. It fosters collaboration and alignment of cybersecurity practices.

  • Customization: Organizations can tailor the framework to their unique context. Whether they operate in healthcare, finance, or critical infrastructure, CSF 2.0 offers flexibility.

As technology ecosystems continue to expand, supply chain risk management remains a critical priority. NIST’s updated framework equips organizations with essential practices to safeguard their systems, products, and consumers. By integrating corporate governance responsibilities and supply chain risk management, organizations can build resilience against cyber threats and contribute to a more secure digital environment.

Legal.io Logo
Welcome to Legal.io

Connect with peers, level up skills, and find jobs at the world's best in-house legal departments

More from Legal.io

Community Perspectives: How strict are listed requirements for in-house jobs?

In-house legal professionals discuss the amount of leniency candidates should consider when comparing their skills to a job description.

Community Perspectives: How strict are listed requirements for in-house jobs?
In-House CounselCompensationLaw Firms
How to Renew a Green Card

A green card is the documentation granted to lawful permanent residents by the USCIS.

How to Renew a Green Card
Immigration
Legal.io Newsletter - November 18, 2022

Published weekly on Friday, the Legal.io Newsletter covers the latest in legal, talent & tech.

Legal.io Newsletter - November 18, 2022
Legal OperationsTechnologyIn-House Counsel
Ironclad Introduces AI Chat Interface for Complex Contract Analysis

Ironclad CAI is an “open book,” explaining the steps it took to perform the reasoning required to answer almost any contract-related question.

Ironclad Introduces AI Chat Interface for Complex Contract Analysis
TechnologyContracts
FTC Calls Out Consumer Protection and Competition Intersections in Copyright Office AI Proceeding

The FTC is emphasizing that AI must be developed and deployed responsibly, addressing consumer concerns in a recent comment to the Copyright Office.

FTC Calls Out Consumer Protection and Competition Intersections in Copyright Office AI Proceeding
TechnologyConsumerCopyright
Legal.io Newsletter - May 7, 2021

Published weekly on Friday, the Legal.io Newsletter covers the latest in legal, talent & tech.

Legal.io Newsletter - May 7, 2021
TechnologyLegal SoftwareCareer
Legal.io Logo
Welcome to Legal.io

Connect with peers, level up your skills, and find jobs at the world's best in-house legal departments