This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

New Cybersecurity Framework from NIST

The public agency that sets standards in the tech arena (NIST) has released a new version of its cybersecurity framework to the public. The NIST CSF is a fairly comprehensive framework that can be used as a guide or a starting point for any company that wishes to build a cyber program from the ground up. While few companies follow the model to a tee, it is a commonly known business benchmark and can be seen as an aspirational set of best practices for business to follow.  

Why It Matters

The NIST CSF is influential, and strongly resembles the infosec programs in place at many large organizations. The reality for many smaller companies, though, is that they would probably be overwhelmed if they tried to implement a plan that follows the CSF to the letter. Those companies can think of it instead as a reference manual to what is possible in the field of cybersecurity, and a model to consult if making decisions about specific decisions. More importantly, however, such small companies would do well to choose a few discrete items – such as multifactor authentication and employee training – and incorporate those into their environment rather than try to build the ultimate mousetrap following CSF.  

Subscribe to Taylor English Insights by topic here.

The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which encompasses how organizations make and carry out informed decisions on cybersecurity strategy. The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation.


data security and privacy, hill_mitzi, emerging companies