What MSPs & MSSPs need to know about NIST 2.0, in 4 questions

David Primor, CEO of Cynomi, and William Birchett a seasoned CISO and vCISO from Logos Systems discuss the key changes in NIST CSF 2.0 and analyze their potential significance and impact on the cybersecurity landscape.

1. What is NIST CSF 2.0?

Released in 2023, NIST CSF 2.0 is the second version of the widely used NIST Cybersecurity Framework (CSF). Considered the gold standard of cybersecurity frameworks, NIST is a set of guidelines designed to help organizations improve cybersecurity practices and manage cybersecurity risks. 

2. What’s New in NIST CSF 2.0?

1. Any organization can use it. Originally designed to protect critical infrastructure companies. NIST can now be used by all organizations, regardless of industry or scale (this includes SMBs, mid-enterprise, etc.).
2. New 6th core function: govern. Until now, NIST comprised five core functions: Identify, Protect, Detect, Respond, and Recover. The addition of a 6th function – Govern—marks a significant evolution in the framework. This new function aims to delve deeper into the organizational and business context, taking into account elements such as risk management strategy and supply chain risk management, as well as the delineation of roles and responsibilities across the organization and the need for policy creation.
3. Increased emphasis on supply chain risk management. While the concept was present in earlier versions, this addition targets the increasing reliance on third parties for operational needs and the cyber threats that can arise from supply chain. 
4. Increased emphasis on secure software development. Software development is the cornerstone of many organizations’ operations, making software development security critical. Therefore, the updated framework’s more rigorous requirements for secure software development reflects the modern threat landscape.
5. Includes practical implementation examples. The new framework provides tangible examples of how organizations can implement the framework effectively to achieve its desired outcomes.

3. Why should MSPs and MSSPs implement NIST 2.0?

• NIST CSF is a U.S. government standard recognized by multiple countries around the world.
• NIST 2.0 offers a more holistic approach to cybersecurity risk management and makes it easier to understand and implement. 
• MSPs and MSSPs can deliver more accurate and efficient risk assessments. They can also deliver more effective and up-to-date cybersecurity plans, tailored to the specific needs of their clients.
• MSPs and MSSPs can enhance their value proposition while gaining a competitive edge in the market. Their clients, in turn, benefit from the most robust, adaptive, and cutting-edge cybersecurity strategy that aligns with recognized best practices, improving their overall security posture while optimizing resource allocation.

4. How does Cynomi help you implement NIST CSF 2.0? 

NIST CSF 2.0 has already been integrated into Cynomi’s vCISO platform. This allows our partners and customers to become rapidly acquainted with the updated framework in a straightforward and easy-to-use manner, and to start leveraging the framework’s benefits and the dozens of new tasks it now includes, even before its formal publication. We’re thrilled to be the first platform to adopt and offer this excellent updated framework to our user community.