A full decade has passed since the National Institute of Standards and Technology (NIST) unveiled its Cybersecurity Framework (CSF) 1.0. Originating from an Executive Order in 2013, NIST was commissioned to craft a volunteer cybersecurity framework that could aid organizations in managing cyber threats, providing direction based on established norms and finest methodologies. Although the first edition was primarily tailored for Critical infrastructure, the 2018 iteration 1.1 was formulated for any entity seeking to tackle cybersecurity risk management.
CSF serves as a crucial instrument for organizations aiming to evaluate and enhance their security stance. This framework assists security stakeholders in comprehending and evaluating their current security protocols, arranging and prioritizing actions to handle risks, and enhancing communication both within and outside entities through a shared vocabulary. It encompasses a comprehensive array of directives, premier practices, and recommendations, categorized into five core functions: Recognize, Safeguard, Detect, React, and Restore. Each function comprises multiple sections and subsections, especially:
- Recognize – Acknowledge which assets require protection.
- Safeguard – Enforce measures to safeguard assets sufficiently and effectively.
- Detect – Establish mechanisms for identifying intrusions or vulnerabilities.
- React – Construct detailed schemes for informing affected individuals concerning data breaches, recent incidents that might imperil data, and routinely verify response plans to minimize the fallout of attacks.
- Restore – Implement procedures to restore operations post-assault.
(Keen to discover more about the 5 steps of CSF 1.1? Grab our NIST CSF checklist here!)
Revisions in CSF 2.0, Emphasizing Continuous Enhancement
In February 2024, NIST unveiled CSF 2.0. The objective of this fresh iteration is to facilitate CCSF in becoming more flexible and therefore widely embraced across a broader spectrum of organizations. Any entity keen on adopting CSF for the first time ought to leverage this latest version, while entities already onboarded can persist in usage with an inclination towards integrating 2.0 in their future strategies.
Version 2.0 brings forth several modifications; notably, it integrates “Govern” as the initial step since, according to ISC.2.org, “the governance aspect of CSF underscores that cybersecurity stands as a significant source of business risk that senior leadership ought to contemplate alongside other factors like finance and reputation. The primary aims are to merge cybersecurity with broader enterprise risk management, assign roles and responsibilities, oversee policies and guidelines within organizations, and enhance the delivery of cybersecurity risk information to executives.”
Furthermore, it boasts an expanded breadth, enhanced clarity, and user-friendliness, and most crucially (pertaining to this article’s context), it lays a strong emphasis on emerging threats and zeroes in on a continual and proactive approach to cybersecurity through the fresh inclusion of the Improvement Category within the Recognize Function. Adopting a continual approach urges entities to evaluate, reevaluate, and later update cybersecurity practices periodically. This empowers entities to respond swiftly and with increased accuracy to incidents, thereby mitigating their impact.
CSF and CTEM – A Perfect Match
Presently, numerous executable frameworks and tools have been crafted to operate within the realms of the overarching CSF directives. For instance, the Continuous Threat Exposure Management (CTEM) correlates harmoniously with CSF. Launched in 2022 by Gartner, the CTEM framework heralds a significant shift in how entities manage threat exposure. While CSF furnishes a high-level framework for recognizing, assessing, and managing cyber risks, CTEM hones in on the perpetual monitoring and assessment of threats to the entity’s security stance – the very threats that constitute risk per se.
The fundamental functions of CSF align seamlessly with the CTEM methodology, which entails identifying and prioritizing threats, evaluating the entity’s susceptibility to those threats, and perpetually monitoring signs of compromise. Embracing CTEM empowers cybersecurity leaders to considerably advance their entity’s adherence to NIST CSF.
Prior to CTEM, conducting periodic vulnerability assessments and penetration tests to discover and rectify vulnerabilities was viewed as the pinnacle of threat exposure management. However, the predicament was that these methodologies merely offered a static view of the security stance – one that was typically obsolete before it could even be fully recognized.
analyzed.
All of this has been altered by CTEM. The program outlines methods for obtaining continuous understandings into the organization’s attack surface, actively recognizing and lessening vulnerabilities and exposures before they are taken advantage of by attackers. To facilitate this, CTEM programs incorporate cutting-edge technology such as exposure assessment, security validation, automated security validation, attack surface management, and risk prioritization. This fits seamlessly with NIST CSF 1.1, and delivers concrete advantages across all five main CSF functions:
- Recognize – CTEM insists that organizations diligently recognize and catalog assets, systems, and data. This frequently reveals unidentified or overlooked assets that present security dangers. This enhanced visibility is crucial for establishing a solid base for cybersecurity management, as detailed in the Recognize function of the NIST CSF.
- Safeguard – CTEM programs proactively identify vulnerabilities and misconfigurations before they can be exploited. Prioritizing risks based on their true potential consequences and probability of exploitation, CTEM assists organizations in tackling the most vital vulnerabilities first. Moreover, utilizing CTEM’s attack path modeling aids organizations in reducing the risk of compromise. All these aspects significantly influence the Safeguard function of the CSF program.
- Discover – CTEM mandates continuous monitoring of the external attack surface, affecting the Detect function of CSF by providing early alerts of potential threats. By pinpointing alterations in the attack surface, like new vulnerabilities or exposed services, CTEM enables organizations to promptly detect and counteract possible attacks before they inflict harm.
- React – In the event of a security incident, CTEM’s risk prioritization stipulations guide organizations in prioritizing responses, ensuring that the most crucial incidents are dealt with first. Additionally, CTEM-prescribed attack path modeling assists organizations in comprehending how attackers could have breached their systems. This influences the React function of the CSF by enabling organizations to execute targeted measures to contain and eradicate the threat.
- Restore – Through its continuous monitoring and risk prioritization, CTEM plays a pivotal role in the CSF Restore function. By facilitating organizations to swiftly recognize and address vulnerabilities, CTEM helps reduce the impact of security incidents and accelerates recovery. Additionally, attack path modeling enables organizations to pinpoint and remedy weaknesses in their recovery procedures.
The Takeaway
The NIST Cybersecurity Framework (CSF) and Continuous Threat Exposure Management (CTEM) program are truly partners – cooperating to shield organizations against cyber threats. CSF presents an extensive guide for managing cybersecurity risks, while CTEM provides a flexible and data-driven strategy for detecting and mitigating threats.
The alignment of CSF and CTEM is particularly noticeable in how CTEM focuses on consistent monitoring and threat assessment harmonizes seamlessly with the core functions of CSF. By embracing CTEM, organizations vastly improve their adherence to CSF – while also acquiring invaluable insights into their attack surface and proactively addressing vulnerabilities.
About Author
