The U.S. federal government has been very active the past year, particularly with the cybersecurity executive order (EO) and associated tasks and goals that have come out of it. One framework and industry source that has been getting increased attention is the NIST Cybersecurity Framework (CSF).
The CSF came out of another EO, 13636, which is from 2013 and directed NIST to work with stakeholders to develop a voluntary framework for reducing risk to critical infrastructure. It was produced through coordinated efforts with industry and government, which have both widely adopted the framework.
Here’s how the CSF is composed, how aspects of it can help meet some of the recent cybersecurity EO objectives, and how any organization can use it to better map risk to threats.
More Stories
Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure
Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes,...
Age Verification Using Facial Scans
Discord is testing the feature: “We’re currently running tests in select regions to age-gate access to certain spaces or user...
NTLM Hash Exploit Targets Poland and Romania Days After Patch
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the...
Senators Urge Cyber-Threat Sharing Law Extension Before Deadline
Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years Read More
Identity Attacks Now Comprise a Third of Intrusions
IBM warns of infostealer surge as attackers automate credential theft and adopt AI to generate highly convincing phishing emails en...
Microsoft Thwarts $4bn in Fraud Attempts
Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use Read More