It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally tailored for Critical infrastructure, 2018’s version 1.1 was designed for any organization looking to address cybersecurity risk management.
CSF is a valuable tool for organizations looking to evaluate and enhance their security posture. The framework helps security stakeholders understand and assess their current security measures, organize and prioritize actions to manage risks, and improve communication within and outside organizations using a common language. It’s a comprehensive collection of guidelines, best practices, and recommendations, divided into five core functions: Identify, Protect, Detect, Respond, and Recover.
(Want to learn more about CSF 1.1’s 5 steps? Download our NIST CSF checklist here!)
…
Changes to CSF 2.0, with a Focus on Continuous Improvement
In February 2024, NIST released CSF 2.0. The goal of this new version is to help CCSF become more adaptable and thus widely adopted across a wider range of organizations. Any organization looking to adopt CSF for the first time should use this newer version and organizations already using it can continue to do so but with an eye to adopt 2.0 in the future.
…
CSF and CTEM – Better Together
Today, there are multiple actionable frameworks and tools designed to work within the parameters of the high-level CSF guidelines. For example, the Continuous Threat Exposure Management (CTEM) is highly complementary to CSF. Released in 2022 by Gartner, the CTEM framework is a major shift in how organizations handle threat exposure management. While CSF provides a high-level framework for identifying, assessing, and managing cyber risks, CTEM focuses on the continuous monitoring and assessment of threats to the organization’s security posture – the very threats that constitute risk itself.
…
The Bottom Line
The NIST Cybersecurity Framework (CSF) and Continuous Threat Exposure Management (CTEM) program are truly brothers in arms – working together to defend organizations against cyberthreats. CSF provides a comprehensive roadmap for managing cybersecurity risks, while CTEM offers a dynamic and data-driven approach to threat detection and mitigation.
The CSF-CTEM alignment is especially evident in how CTEM’s focus on continuous monitoring and threat assessment comes together seamlessly with CSF’s core functions. By adopting CTEM, organizations significantly enhance their compliance with CSF – while also gaining valuable insights into their attack surface and proactively mitigating vulnerabilities.