Adrian Johnson
TL;DR:
- The NIST Cybersecurity Framework 2.0 has added a Govern function to strengthen cybersecurity strategies.
- Government agencies face challenges in implementing the framework due to budget constraints, shortage of cybersecurity workers, and potential risks in supply chains.
Much has been written about the updated NIST Cybersecurity Framework 2.0 guidance which now includes a Govern function in addition to the existing five components. This new function aims to involve executive leadership and end users in a more holistic cybersecurity approach. Government agencies, especially those with critical infrastructure responsibilities, are now required to take a more strategic and proactive approach to identifying cybersecurity risks, including those within their supply chains.
The ongoing shortage of cybersecurity workers, budget restrictions, and the constant threat of government shutdowns make it challenging for federal agencies to implement the NIST guidance effectively. To address these issues, agencies should focus on risk management strategies, analyze cybersecurity risks regularly, maintain inventories of hardware and software, and identify and protect against internal and external threats.
By embracing the NIST Cybersecurity Framework alongside other frameworks such as zero trust, government agencies can significantly reduce their cybersecurity risks. While not perfect, the NIST guidelines provide an excellent starting point for organizations to take a proactive approach to cybersecurity and protect their assets and systems effectively.
