NIST Revises Framework to Benefit All Sectors

by | Nov 2, 2023 | Blog, Press Release

Press Release
For Immediate Release: November 1, 2023
Kindsey Haynes, Chief Marketing Officer
Kirkham, Inc.

Kirkham IronTech Champions The National Institute of Standards and Technology (NIST) Cybersecurity Framework Update that will Benefit All Sectors

Last Opportunity: NIST Accepting Public Comment on the Draft Framework Until Nov. 6, 2023

Fort Smith, Ark. – The world’s leading cybersecurity guidance is getting its first complete makeover since its release nearly a decade ago. With this update, NIST is trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well.

The National Institute of Standards and Technology (NIST) has released a draft version of the Cybersecurity Framework (CSF) 2.0, a new version of a tool it first released in 2014 to help organizations understand, reduce and communicate about cybersecurity risk. The draft update, which NIST has released for public comment, reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice — for all organizations.

The NIST Cybersecurity Framework (NIST CSF) provides guidance on how to manage and reduce IT infrastructure security risk. The CSF is made up of standards, guidelines and practices that can be used to prevent, detect, and respond to cyberattacks. The Framework helps guide key decision points about risk management activities through all levels of an organization from senior executives, to business and process level, and implementation and operations.

“Kirkham IronTech has long championed the importance of cybersecurity as a lifeblood in the current business landscape,” says Kirkham IronTech CEO, CISO, and founder, Tom Kirkham. “When we launched Kirkham IronTech in 2000, we knew even then that corporate governance and asset protection for organizations was increasingly important. We targeted business sectors we believed to be high risk. It has become clear that even though the CSF was developed for critical infrastructure like the banking and energy industries, it has proved useful everywhere from schools and small businesses to local and foreign governments. Our team at Kirkham IronTech wants to make sure that it is a tool that’s useful to all sectors, not just those designated as critical.”

To the five main pillars of a successful cybersecurity program, NIST now has added a sixth, the “govern” function, which emphasizes that cybersecurity is a major source of enterprise risk and a consideration for senior leadership.

image2 33

Kirkham continued, “In the spirit of the CSF, we make ongoing investments in our team, and provide our clients with security orchestration, using a defense in depth, layered security approach combined with only best-of-breed policies, controls and vendors. We teach constant vigilance as the most effective line of defense which we are finding effective. We are proud that our clients have suffered no major breaches since Kirkham IronTech joined their teams.”

The CSF provides high-level guidance, including a common language and a systematic methodology for managing cybersecurity risk across sectors and aiding communication between technical and nontechnical staff. It includes activities that can be incorporated into cybersecurity programs and tailored to meet an organization’s particular needs. In the decade since it was first published, the CSF has been downloaded more than two million times by users across more than 185 countries and has been translated into at least nine languages.

While responses to NIST’s February 2022 request for information about the CSF indicated that the framework remains an effective tool for reducing cybersecurity risk, many respondents also suggested that an update could help users adjust to technological innovation as well as a rapidly evolving threat landscape.

According to NIST, numerous commenters said NIST should maintain and build on the key attributes of the CSF, including its flexible and voluntary nature. At the same time, many requested more guidance on implementing the CSF and making sure it could address emerging cybersecurity issues, such as supply chain risks and the widespread threat of ransomware.

The CSF 2.0 draft reflects major changes, including:

  • The framework’s scope has expanded from protecting critical infrastructure, such as hospitals and power plants, to providing cybersecurity for all organizations regardless of type or size. This difference is reflected in the CSF’s official title, which has changed to “The Cybersecurity Framework.
  • Until now, the CSF has described the main pillars of a successful and holistic cybersecurity program using five main functions: identify, protect, detect, respond and recover. To these, NIST now has added a sixth, the govern function, which covers how an organization can make and execute its own internal decisions to support its cybersecurity strategy. It emphasizes that cybersecurity is a major source of enterprise risk, ranking alongside legal, financial and other risks as considerations for senior leadership.
  • The draft provides improved and expanded guidance on implementing the CSF, especially for creating profiles to tailor the CSF for particular situations. The cybersecurity community has requested assistance in using it for specific economic sectors and use cases, where profiles can help. Importantly, the draft now includes implementation examples for each function’s subcategories to help organizations, especially smaller firms, to use the framework effectively.

A major goal of CSF 2.0 is to explain how organizations can leverage other technology frameworks, standards and guidelines, from NIST and elsewhere, to implement the CSF.

Comments on this discussion draft are due by Nov. 6, 2023 and may be submitted to

For more information on Kirkham IronTech and its offerings, visit

Tom Kirkham, founder and CEO of Kirkham IronTech leads a team that provides cybersecurity defense systems and focuses on educating and encouraging organizations to establish a security-first environment with cybersecurity training programs to prevent successful attacks. Kirkham IronTech, a security first company, provides a wide range of services to meet their clients’ needs, ranging from simple technical support and maintenance to advanced cybersecurity protection and vulnerability remediation. Its team of certified professionals are highly trained and well-experienced with the latest technologies, making the company the perfect choice for any business that wants to ensure their data remains secure and safe. Kirkham IronTech’s commitment to quality service has made them one of the leading providers of outsourced IT and cybersecurity services in the country.

Don’t Let It Be Too Late!

Get a FREE Security and Infrastructure Assessment

Cybersecurity threats are always transforming, and that’s why we need to stay prepared. Now is the best time for you to take advantage of our FREE Security and Infrastructure Assessment /strong> taking place on this blog post. We guarantee positive results in recognizing areas where your business can improve. Time waits for no one; don’t hesitate or else you risk losing absolutely everything.

Reach out today by emailing or call 479-434-1400.

Tom Kirkham
CEO & Founder of Kirkham IronTech

Tom brings more than three decades of software design, network administration, and cybersecurity knowledge to organizations around the country. During his career, Tom has received multiple software design awards and founded other acclaimed technology businesses. Learn more about Tom at

Related Posts

Discover the Benefits of MSP Services in Oklahoma for Your Business

Discover the Benefits of MSP Services in Oklahoma for Your Business

In an increasingly interconnected digital world, businesses are facing escalating challenges in managing their IT infrastructure. Maintaining up-to-date systems, ensuring network security, optimizing performance, and staying compliant with regulations are just a few of these complexities.

Why Your Business Should Outsource IT and Cybersecurity Services

Why Your Business Should Outsource IT and Cybersecurity Services

Why Your Business Should Outsource IT and Cybersecurity Services: In today’s digital world, every business is exposed to various types of cybersecurity threats like malware, phishing, ransomware, and many more. So, it’s essential to implement robust cybersecurity measures to protect your company’s sensitive data and assets. However, with limited resources and expertise, businesses often struggle to manage their IT and cybersecurity operations in-house.