Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
USA: NIST publishes Cyber Security Framework 2.0 small business guide
On May 1, 2024, the National Institute of Standards and Technology (NIST) published a Quick Start Guide for Small Businesses under the NIST Cyber Security Framework 2.0 (CSF 2.0). In particular, NIST highlighted that the CSF 2.0, which was published in February 2024, provides voluntary guidance for organizations to understand, assess, prioritize, and communicate their cybersecurity efforts.
The guide is targeted at small-to-medium businesses (SMBs) that have modest or no cybersecurity plans in place. Six cybersecurity outcomes are provided which help SMBs understand, prioritize, and communicate cybersecurity efforts, including:
- govern - cybersecurity risk management strategy and policy;
- identify - understanding the organizations' cybersecurity risks;
- protect - managing the organization's cybersecurity risks;
- detect - finding and analyzing possible cybersecurity attacks;
- respond - taking action on detected cybersecurity incidents; and
- recover - restoring operations affected by a cybersecurity incident.
NIST clarified that the guide is not aimed to replace the CSF 2.0, but is instead an introduction to its larger provisions.