The National Institute of Standards and Technology has released an initial public draft of a new quick-start guide for using the Cybersecurity Framework 2.0. NIST said the document provides organizations with practical steps to improve their management of emerging cybersecurity risks.
Table of Contents
NIST’s New Quick-Start Resource
The draft guide, NIST Special Publication 1331 ipd, is the latest in a series of quick-start resources developed to make the updated cybersecurity framework more accessible to different audiences and actionable. NIST said the guide explains how organizations’ existing enterprise risk management can be paired with CSF 2.0 to help organizations prepare for risks that are either not yet well understood or entirely unknown.
Defining Emerging Risks
According to the publication, emerging risks fall into two categories: those that are already known to some organizations but not others and those that are unknown to all. The guide notes that while traditional threats such as ransomware and distributed denial-of-service attacks fall into the first category, the second involves novel risks with no existing mitigation strategies.
Preparing Through Resilience and Governance
Besides integrating the cybersecurity practices under CSF 2.0 with enterprise risk management programs, the guide recommends adopting multidisciplinary approaches when facing emerging risks, emphasizing that preparation should focus on resilience, governance structures and organizational adaptability, allowing enterprises to maintain or restore operations when unexpected risks materialize.
Organizing Management of Risks
The draft organizes management of emerging risks into proactive and reactive phases aligned with CSF 2.0’s functions. The Govern, Identify and Protect functions are primarily used before risks are realized, while Detect, Respond and Recover support actions after risks occur. NIST highlights the importance of continuous improvement across all phases, stressing that lessons learned must be analyzed, prioritized and used to inform all functions.
Public Feedback Sought
Authors of the draft are NIST’s Stephen Quinn, Matthew Barrett of CyberESI Consulting Group, Robert Gardner of New World Technology Partners, Kelly Hood of Optic Cyber Solutions and Matthew Smith of Seemless Transition.
NIST is accepting public comments on the draft until Sept. 21. Feedback must be sent to csf@nist.gov.
Related Articles
Entegris will invest $700 million in U.S. research and development projects over the next several years to advance semiconductor innovation. The company said Thursday the R&D investment will span its materials solutions and advanced purity solutions divisions. “To support the industry’s growth, we have been creating a stronger and more resilient domestic semiconductor ecosystem in the U.S.,” said Dave Reeder, president and CEO of Entegris. “These investments also allow for continued leadership in advanced materials solutions,” he added. The announcement brings the company’s planned investment in domestic R&D and manufacturing initiatives to approximately $1.4 billion. Entegris previously announced a $700
Gen. Stephen Whiting, commander of U.S. Space Command, highlighted the need for greater international cooperation to protect the space domain and urged partner countries to invest in space to improve space security and respond to emerging threats, USSPACECOM reported Thursday. “I encourage the continued investment in space from our partner nations, because we know that our cooperation in space is a strategic advantage that can harness capabilities, capacities, access and strengthen messaging,” Whiting said Wednesday at the South American Defense Conference in Buenos Aires, Argentina. “Your individual strength is a direct challenge to autocratic nations’ careless ambitions.” Join U.S. military
Joseph Francescon has been named the next deputy director and senior civilian leader of the National Security Agency. The NSA said Thursday that in his new role, Francescon will be managing strategy execution, creating policy and overseeing the senior civilian leadership. He will also help shape defense and intelligence policies as well as strengthen the NSA’s role in protecting the U.S. from foreign threats. Don’t miss this upcoming intel networking event! Join the Potomac Officers Club 2025 Intel Summit on Oct. 2 and learn about to use artificial intelligence to your advantage during missions. Commenting on his appointment, Francescon said,