NIST CSF 2.0 Compliance with BeyondTrust

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) is a set of guidelines designed to help organizations improve their cybersecurity posture, better manage IT security risks, and enhance cyber-resilience.

In 2024, NIST released version 2.0 of their Cybersecurity Framework. This updated guidance represents the first major update since NIST CSF was originally published in 2014. The updates in NIST CSF 2.0 incorporates feedback from users to better reflect the modern cybersecurity landscape and to address emerging threats and technologies. The revisions aim to ensure the framework remains relevant, effective, and can assist organizations in enhancing their cybersecurity posture.

While many organizations have adopted NIST CSF guidance, the original scope was focused on protection of critical infrastructure, such as for enterprises within the energy, industrial, and financial services (i.e. banking), and medical industries. NIST CSF 2.0 expands the scope of security controls guidance to all industries, and organizations of all sizes. In broadening the reach, CSF has also provided clearer guidance that makes it more straightforward and consumable for those looking to implement the framework.

Significantly, version 2.0 adds a "Govern" function into its core framework—bringing the total to six functions. Governance is an important addition as it can have a synergistic impact across the framework, improving the operationalization of cyber risk management.

The new version elevates emphasis on cloud security, supply chain risks, and the threats associated with emerging technologies, like artificial intelligence, the Internet of Things (IoT), and identity-based risks.

The updated framework also acknowledges the interconnection between cybersecurity and privacy and integrates privacy considerations, ensuring a more holistic approach to information security based on data and access.

The CSF Core Functions - Govern, Identify, Protect, Detect, Respond, Recover - provide a structured approach to cybersecurity, so organizations may transition from strategy formulation to risk management and operational resilience. Here is a detailed list of each function's role in this framework.

Since the launch of the NIST CSF in 2014, BeyondTrust has provided solutions and guidance to help customers align with the framework. The BeyondTrust team stands ready to help you operationalize essential security controls and practices of NIST CSF 2.0.

With BeyondTrust, benefit from the ability to:

• Manage and audit privileged accounts, DevOps secrets, keys, certificates, and more

• Enforce least privilege and just-in time access across Windows, macOS, and Linux endpoints

• Secure access and protect sessions for workforce identities, anywhere

• Intelligently detect and respond to threats across your entire identity infrastructure

• Extend PAM security best practices to remote support and the service desk

BeyondTrust helps NIST CSF 2.0 adoption, reduce risk, and improve operational efficiency through measurable, outcome driven controls. Additionally, with the AI-driven Beyondtrust Pathfinder Platform, you can instantly identify, prioritize, and act on the most impactful risks across your identity estate. The platform automates escalation of detections and streamlines collaborative remediation to accelerate risk reduction.