TLDR:
- The NIST Cybersecurity Framework has been updated to reflect the evolving role of technology infrastructure on organizational objectives.
- The new version, CSF2, includes a function focused on governance and a dedicated section on supply chain cybersecurity.
In the article “The Updated NIST Cybersecurity Framework,” Joel Lanz discusses the key changes and enhancements in the updated version of the NIST Cybersecurity Framework (CSF). The original framework consisted of five functions – identify, protect, detect, respond, and recover – aimed at enhancing cybersecurity practices in organizations. The updated version, CSF2, introduces a new function focused on governance, providing guidance on cybersecurity oversight for senior executives, risk management strategy, and supply chain cybersecurity.
CPAs have already been using the existing CSF to enhance client service delivery, provide assurance services, and manage cybersecurity risks. The article highlights how CPAs can utilize the CSF in various aspects of their work, such as in management accounting, cybersecurity advisory services, and compliance with IRS data protection regulations.
With the new enhancements in CSF2, financial managers, senior executives, and those with financial management oversight responsibilities will find valuable guidance on cybersecurity governance and supply chain risk management. The article emphasizes the importance of the updated framework for CPAs involved in cybersecurity, as it provides a foundational ability to combat evolving threats and demonstrate due diligence in mitigating legal risks.
The NIST has developed tools and guides to facilitate the adoption and implementation of CSF2 by diverse users and organizations, making it more accessible and user-friendly. CPAs are encouraged to leverage the new framework to deliver expertise, enhance risk oversight, and demonstrate necessary due diligence in managing cybersecurity risks.