Skylight Cyber unveils free NIST CSF 2.0 converter tool
Skylight Cyber has revealed a free, first-of-its-kind NIST CSF 2.0 tool converter. This practical tool is designed to aid cyber security teams in moving from version 1.1 to the newly released version 2.0. The NIST CSF is employed by the majority of Australian companies to manage their cyber risks and controls. The launch of the 2.0 version marks the first significant update since 2014, addressing key limitations of the original framework. The new iteration offers several enhancements which render it simpler to use whilst addressing contemporary and evolving risks and placing a focus on governance.
The NIST CSF 2.0 has been developed to meet the distinct needs of all organisations, irrespective of size and industry, catering for the varied technological landscapes they inhabit. One of the most substantial enhancements includes expanded core guidance and resources, along with the introduction of the "Govern" function, which reinforces the role of governance and informed decision-making in cybersecurity strategy. This evolution highlights how cybersecurity is increasingly recognised as a crucial enterprise risk that needs to be integrated with wider organisational priorities.
Jennifer Vu, Head of Advisory Services at Skylight, commented, "Given the majority of Australian companies use NIST CSF and the significant improvements made with the latest release, we encourage organisations to transition sooner rather than later. The first step is establishing a v2.0 baseline. This free tool aids you to quickly obtain your new scores and identify areas of focus, effectively negating the need for a full assessment from scratch, which could potentially be a lengthy and costly exercise."
The NIST CSF 2.0 Converter Tool builds upon the resources offered by NIST by offering a sophisticated maturity converter. This facility allows for the input of v1.1 scores to be converted to v2.0, creating new baseline scores and highlighting areas for focus. The new tool enables organisations to swiftly establish their baseline 2.0 scores without conducting a complete assessment as well as self-assess the new 16 sub-categories as opposed to the entire 106. It also aids in identifying key areas on which to concentrate cybersecurity uplift against the new framework.
Version 1.1 of the NIST CSF faced several issues, most prominently its complexity, which often proved overwhelming for small to medium-sized enterprises that lacked the resources and expertise for extensive implementation. Various external factors also necessitated a significant update. With emergent cyber threats and technologies, such as the elevated risk of supply chain attacks, the framework needed to be updated to manage these evolving risks.
Once organisations have established their baseline scores, the transition to NIST CSF 2.0 can continue through several steps. These include assessing the existing cybersecurity posture, understanding the key changes in version 2.0, updating relevant policies and procedures, implementing employee training, integrating new security controls and best practices, constantly monitoring progress, maintaining comprehensive transition documents, and performing regular reviews for ongoing improvement.