Expel Unveils Updated NIST CSF 2.0
March 2024 by Marc Jacob
Expel unveiled the updated version of its National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) Getting Started toolkit. The kit, which includes a "getting started" guide and a self-scoring spreadsheet, helps security leaders and operators assess their cybersecurity postures, aligned with the recently released version 2.0 of the NIST CSF.
A recent research study conducted by the SANS Institute (sponsored by Expel) found that almost three-quarters (74%) of companies that use a framework use the NIST CSF. Version 2.0 of the frameworks expands on the previous iteration, introducing a new "Govern" function that offers a better understanding of how to prioritise investments to improve risk posture across the CSF’s other function areas—Identify, Protect, Detect, Response, and Recover. The latest update also adds Framework Tiers, which characterise the typical rigour of cybersecurity risk governance and management practices throughout an organisation.
Expel’s NIST CSF guide helps security leaders and operators understand how to approach the framework and make sense of its functions, categories, subcategories, and tiers. The self-scoring spreadsheet allows users to evaluate their current, future, and goal states for each outcome in the CSF, while also offering clear charts for resource allocation guidance.