InfoSecBulletin Cybersecurity for mankind
NIST has released its Cybersecurity Framework 2.0 after several years of consideration. The new framework expands its recommendations to cover the concerns of organizations beyond critical infrastructure.
NIST issued the first CSF in 2014, in response to a presidential executive order, to assist organizations, particularly critical infrastructure, in managing cybersecurity risk. CSF 2.0 expands on the original five functions (Identify, Protect, Detect, Respond, and Recover) and adds a new one, Govern. The updated CSF also covers supply chain risks.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
“Developed by working closely with stakeholders and reflecting the most recent cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a wider swath of users in the United States and abroad,” according to a statement from Kevin Stine, chief of NIST’s Applied Cybersecurity Division.
NIST included a reference tool in CSF 2.0 to help cybersecurity teams find guidance data. It also has a searchable catalog and many references to help organizations of all sizes implement the new framework.
