Jayden Hood <\/p>\n\n\n\n
Professor Duvall<\/p>\n\n\n\n
CYSE-200T<\/p>\n\n\n\n
9\/21\/25 <\/p>\n\n\n\n
NIST CSF 1.1 vs 2.0: Key Differences<\/strong><\/p>\n\n\n\n <\/p>\n\n\n\n BLUF (Bottom Line Up Front):<\/strong><\/p>\n\n\n\n Jayden Hood Professor Duvall CYSE-200T 9\/21\/25 NIST CSF 1.1 vs 2.0: Key Differences BLUF (Bottom Line Up Front): In 2024, NIST released CSF 2.0, a major update to its widely adopted Cybersecurity Framework. This revision broadens the framework\u2019s applicability to… Continue Reading →<\/a><\/p>\n","protected":false},"author":29905,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/pages\/12"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/users\/29905"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/comments?post=12"}],"version-history":[{"count":3,"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/pages\/12\/revisions"}],"predecessor-version":[{"id":61,"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/pages\/12\/revisions\/61"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/cyse008\/wp-json\/wp\/v2\/media?parent=12"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}In 2024, NIST released CSF 2.0, a major update to its widely adopted Cybersecurity Framework. This revision broadens the framework\u2019s applicability to all organizations, introduces a new Govern function, and enhances guidance to better address modern cybersecurity risks, including supply chain security, cloud, IoT, and ransomware.<\/h3>\n\n\n\n
\n\n\n\n\u2705 What Stayed the Same in NIST CSF 2.0<\/strong><\/h2>\n\n\n\n
1. Core Functions (5 Original)<\/strong><\/h3>\n\n\n\n
\n
2. Profiles<\/strong><\/h3>\n\n\n\n
\n
3. Voluntary & Non-Prescriptive<\/strong><\/h3>\n\n\n\n
\n
4. Risk-Based Approach<\/strong><\/h3>\n\n\n\n
\n
\ud83d\udd10Key Differences<\/strong><\/h2>\n\n\n\n
Area<\/strong><\/td> CSF 1.1 <\/strong><\/td> CSF 2.0<\/strong><\/td><\/tr> Supply Chain Risk <\/strong>Why did it need to change? Events like SolarWinds uncovered third-party vulnerabilities. CSF 2.0 helps with the management of these threats by integrating them with governance and operations.<\/strong><\/td>
Mentioned, but not central
<\/td>Stronger emphasis in Govern function and integrated throughout<\/td><\/tr>
Modern Threat Focus<\/strong>
Why was this change needed? Threats have evolved. CSF 2.0 helps organizations respond to today\u2019s complex and fast-changing attack landscape.<\/td>Limited mention of cloud, IoT, or ransomware<\/td> Updated to address cloud security, zero trust, nation-state threats, and emerging tech risks<\/td><\/tr>
Continuous Improvement<\/strong>Why was the change needed? Cybersecurity maturity has no end point. CSF 2.0 encourages iteration, monitoring progress, and regular updating.<\/strong><\/td>
Less emphasized
<\/td>Encourages ongoing evaluation, metrics, and continuous improvement<\/td><\/tr>
Core Functions<\/strong>
Why was this change needed?Good cybersecurity starts with leadership. The new role specifies roles, strategy, and management<\/strong><\/td>
5 Functions: Identify, Protect, Detect, Respond, Recover<\/td>
6 Functions: Adds Govern to emphasize leadership, roles, oversight, and risk strategy<\/td><\/tr>
Implementation Guidance<\/strong>
Why was this change needed? Far too many organizations found CSF 1.1 too theoretical. CSF 2.0 offers practical tools for easier adoption.<\/strong><\/td>
Less practical guidance; no examples
<\/td>
Includes implementation examples, quick-start guides, and reference tools
<\/td><\/tr>
Terminology & Title<\/strong>
Why was this change needed? The update includes its broader use across industries and nations\u2014not just U.S. critical infrastructure.<\/strong><\/td>Called “Framework for Improving Critical Infrastructure Cybersecurity”<\/td> Renamed to “Cybersecurity Framework” \u2014 broader and more inclusive<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udee1\ufe0fWhy the Update Matters<\/strong><\/h2>\n\n\n\n
1.Stronger Governance<\/strong><\/h3>\n\n\n\n
\n
2. Broader Adoption<\/strong><\/h3>\n\n\n\n
\n
3. Enhanced Supply Chain Security<\/strong><\/h3>\n\n\n\n
\n
4. Alignment with Modern Threats<\/strong><\/h3>\n\n\n\n
\n
\n\n\n\nConclusion<\/strong><\/h2>\n\n\n\n
NIST CSF 2.0 represents a strategic evolution of the framework, making it more accessible, globally applicable, and better aligned with today\u2019s cybersecurity needs. With stronger leadership focus, improved guidance, and broader applicability, CSF 2.0 is designed to help organizations of all sizes manage cybersecurity as an enterprise-wide priority.<\/h3>\n","protected":false},"excerpt":{"rendered":"