Cloud Controls Matrix

Hi All,

NIST is updating the Cybersecurity Framework (CSF) which is widely used to help organizations better understand, manage, reduce, and communicate cybersecurity risks. This recently released CSF 2.0 Core discussion draft identifies the potential Functions, Categories, and Subcategories (also called cybersecurity outcomes) of the NIST CSF 2.0 Core.

This draft Core is preliminary and is intended to increase the overall transparency of the CSF update process, while also provoking discussion about improvements to potential changes to the CSF. Progress updates about NIST's CSF 2.0 effort, as well as ways to engage, FAQs, and resources can be found on the NIST CSF 2.0 webpage (https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20).

Feedback on this Core discussion draft can be submitted via [email protected] at any time and will inform the NIST CSF 2.0 Draft, which is anticipated this summer.

------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------

Michael,
Thank you for posting.

A quick follow up to mention that the CCM WG has recently completed a mapping and gap analysis between CCM V4 and NIST CSF V1.1.
The CCM WG, NIST and Weaver team (project leader) joined forces to conduct the mapping and more importantly identify an'Addendum' to CSF v1.1, that is a set of CCM V4 cloud security requirements missing in CSF v1.1, that can be used by NIST as useful input towards the development of a CSF v1.1 Cloud Profile and to consider including in CSF v2.0.

The CCM V4.0 - CSF V1.1 Mapping is made publicly available here above, under the Library section (CCMV4.0 Development/Mappings).
It is expected to be published with CCM V4.0.8 by end of May.

Thanks,
Lefteris

------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------

Original Message:
Sent: Apr 24, 2023 01:25:14 PM
From: Michael Roza
Subject: NIST CSF 2.0 Core - Discussion Draft

Hi All,

NIST is updating the Cybersecurity Framework (CSF) which is widely used to help organizations better understand, manage, reduce, and communicate cybersecurity risks. This recently released CSF 2.0 Core discussion draft identifies the potential Functions, Categories, and Subcategories (also called cybersecurity outcomes) of the NIST CSF 2.0 Core.

This draft Core is preliminary and is intended to increase the overall transparency of the CSF update process, while also provoking discussion about improvements to potential changes to the CSF. Progress updates about NIST's CSF 2.0 effort, as well as ways to engage, FAQs, and resources can be found on the NIST CSF 2.0 webpage (https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20).

Feedback on this Core discussion draft can be submitted via [email protected] at any time and will inform the NIST CSF 2.0 Draft, which is anticipated this summer.

------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------