The U.S. federal government has been very active the past year, particularly with the cybersecurity executive order (EO) and associated tasks and goals that have come out of it. One framework and industry source that has been getting increased attention is the NIST Cybersecurity Framework (CSF).
The CSF came out of another EO, 13636, which is from 2013 and directed NIST to work with stakeholders to develop a voluntary framework for reducing risk to critical infrastructure. It was produced through coordinated efforts with industry and government, which have both widely adopted the framework.
Here’s how the CSF is composed, how aspects of it can help meet some of the recent cybersecurity EO objectives, and how any organization can use it to better map risk to threats.
More Stories
Redline Stealer: A Novel Approach
A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious...
Linux Cerber Ransomware Variant Exploits Atlassian Servers
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server Read More
North Korean Group Kimsuky Exploits DMARC and Web Beacons
Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations Read More
US Government and OpenSSF Partner on New SBOM Management Tool
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for...
How to Protect Yourself Against AI Voice Cloning Attacks
Imagine receiving a call from a loved one, only to discover it’s not them but a convincing replica created by...
Using AI-Generated Legislative Amendments as a Delaying Technique
Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many...