The Most Important Document for Partners To Read Now: CSF 2.0 -- Redmond Channel Partner

The Evolving MSP by Howard M. Cohen

The Most Important Document for Partners To Read Now: CSF 2.0

Ask your customers this question: "What do you think it means that the National Institute for Standards & Technology (NIST) just expanded the scope of its Cybersecurity Framework (CSF) to go beyond 'critical infrastructure' to instead apply to all companies and organizations?"

Last month, the NIST announced the first upgrade to the CSF since its release 10 years ago. In a blog post, Kevin Stine, chief of the NIST Applied Security Division's Information Technology Laboratory (ITL), noted that the CSF was born out of the 2013 signing of Executive Order (EO)13636, which required the development of a cybersecurity framework to protect "critical infrastructure," such as oil and gas pipelines, rail, aviation and water supplies.

In fact, the original version of the CSF was titled, "Framework for Improving Critical Infrastructure Cybersecurity."

Notably, CSF 2.0 doesn't make the distinction between critical and non-critical infrastructure. One interpretation of that might be that NIST now considers all infrastructure to be critical. The abstract for the CSF 2.0 emphasizes the important expansion of the scope of the document and defines its purpose:

Abstract
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization -- regardless of its size, sector, or maturity -- to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used.

Another Key Expansion
In its original 2014 version, the five pillars of the CSF were:

Identify: The organization's current cybersecurity risks are understood.
Protect: Safeguards to manage the organization's cybersecurity risks are used.
Detect: Possible cybersecurity attacks and compromises are found and analyzed.
Respond: Actions regarding a detected cybersecurity incident are taken.
Recover: Assets and operations affected by a cybersecurity incident are restored.

In the new CSF 2.0, a sixth pillar has been added at the top of the model:

Govern: The organization's cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored.

This important new pillar helps organizations determine what they may do to achieve and prioritize the outcomes of the other five and, as such, serves as a defining mechanism.

The CSF Promotes Superior MSSP Methodologies
Perhaps the most profound evolution we've seen among MSPs has been the elevation from managed services provider to managed security services provider (MSSP). Many of our colleagues have seen the need and the opportunity presented by data and network security services.

For anyone who has already achieved MSSP status, and especially for those working to escalate their MSP practice to MSSP, the NIST CSF 2.0 is a must-read -- and soon.

CSF 2.0 represents tour de force guidance for those who seek to own responsibility for the data and network security of their own company, or that of others. The stated audience resides mainly in the "buy side," of corporations, government agencies, educational institutions and other organizations.

You can be guaranteed that your competition is already reading CSF 2.0 and has already begun planning based on it. The resources made available by this remarkable work are mammoth and will take time to get through, but at the end of that, MSSPs will be able to do something that will grow their profits substantially.

Customers respect methodology. In fact, their investment decisions are in large part influenced by the methodologies of the technology professionals they engage. In essence, they buy methodology. Reading CSF 2.0 and all the related materials will, without fail, dramatically improve your methodologies and impress your customers. It will also increase your profitability by enabling your people to perform related tasks far more efficiently and far more quickly.

This Is the Most Important Announcement You'll Read This Year
You are constantly reading about how this or that security software provider has improved their software, or about the new functions available in this or that security platform.

The CSF 2.0 announcement is all about how you improve you. How you improve the services you provide to your customers. How you earn increased levels of customer satisfaction from them. How you and your tech practice become more valuable. The guidance provided in CSF 2.0 is invaluable, as are all the resources it will lead you to.

So put down this article, pick up CSF 2.0, and start reading.

Posted by Howard M. Cohen on March 04, 2024

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft Making $1.5B Cloud and AI Investment in G42

Microsoft recently announced it is extending the reach of its cloud and AI technologies in the United Arab Emirates.
IBM To Acquire Open Source Software Veteran HashiCorp

In a deal announced Wednesday, Big Blue said it plans to acquire HashiCorp for an estimated $6.4 billion, or $35 per share.
Multinational Partner Cognizant Buys 25,000 Microsoft 365 Copilot Seats

IT services giant Cognizant, which already has a robust Microsoft cloud MSP business, is now also one of the biggest customers of Redmond's Copilot AI product.
In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

Broadcom CEO Hock Tan recently shared his company's motives for controversially changing VMware licensing policies, a move that had been met by widespread backlash.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

The Evolving MSP by Howard M. Cohen

The Most Important Document for Partners To Read Now: CSF 2.0

Featured

Microsoft Making $1.5B Cloud and AI Investment in G42

IBM To Acquire Open Source Software Veteran HashiCorp

Multinational Partner Cognizant Buys 25,000 Microsoft 365 Copilot Seats

In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

Microsoft Making $1.5B Cloud and AI Investment in G42

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

IBM To Acquire Open Source Software Veteran HashiCorp

Microsoft Making $1.5B Cloud and AI Investment in G42

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

IBM To Acquire Open Source Software Veteran HashiCorp

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Coffee Talk: Phishing Awareness Training 101 for Partners

Security Essentials: Empowering MSPs with Datto’s Integrated Solutions

Coffee Talk: Endpoint Security 101: Threats & Strategies SMB Partners Need to Know

Automated Intelligence: Simplifying M365 Governance for MSPs

FREE WHITE PAPERS FROM OUR SPONSORS

A guide to zero trust for MSPs

Microsoft CSP Guide

10 Reasons to Bundle Security with your Managed Services

Battling Business Email Compromise