Released in February 2024, the NIST Cybersecurity Framework (CSF) 2.0 provides guidance on managing cybersecurity risks to industry, U.S. government agencies and other organizations. NIST 2.0 includes a taxonomy of cybersecurity outcomes that can be used to better understand, assess, prioritize and communicate cybersecurity efforts.
A new course from ISC2 – NIST Cybersecurity Framework 2.0 – reviews the non-prescriptive, risk-based approach of NIST CSF 2.0. By examining the components, activities and functions of the newly updated framework, learners will consider how the CSF can be used to prioritize and manage cybersecurity expectations and to implement and maintain cybersecurity programs.
The NIST CSF process was initiated by Executive Order (EO) 13636 in 2013 by U.S. President Barack Obama. The EO called for building a framework for reducing risks to critical infrastructure, which eventually became what we know as the NIST CSF.
Much like the ISC2 certification exams, the framework is continuously updated, refined and improved over time, resulting most recently in NIST CSF 2.0.
Prior knowledge of NIST CFS 2.0 is not required to take the course, but we recommend that learners understand cybersecurity principles, as the course explores higher-level concepts of applying the framework.
Key takeaways from the course include:
- Explaining the importance of adopting NIST Cybersecurity Framework 2.0 for various cybersecurity roles
- Identifying the primary components of the framework, including Core, Tiers and Profiles
- Analyzing the key components and activities of the Govern function introduced in the latest version of the framework
- Examining the importance and implementation of the core functions: Identify, Protect, Detect, Respond and Recover
The new course takes roughly one hour to complete, and those who do so will earn one Group A CPE credit. The course is priced at U.S. $19 for ISC2 Members, or U.S. $23 for those without an ISC2 certification. You can enroll in the course via ISC2.org.