Idaho National Lab and Cyber Florida Adopt NIST CSF 2.0 to Support Florida's Public and Private Sectors By Bryan J. Langley , Senior Executive Advisor , Cyber Florida: The Florida Center for Cybersecurity
C yber Florida, in partnership Infrastructure Protection (CIP) program to align with the recently released National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, widely used to reduce cybersecurity risk across public and private sectors and subsectors. Cyber Florida’s multi-assessment platform leverages the Department of Homeland Security’s Cyber with Idaho National Laboratory (INL), has updated its Critical Security Evaluation Tool’s (CSET®) containing both the NIST 2.0 CSF Standard Question Set and Ransomware Readiness Assessment modules. The tools and resources available through the CIP program are state-funded and provided at no charge for Florida’s private and public critical infrastructure organizations. NIST CSF 2.0 is designed for all audiences, businesses, critical infrastructure (CI) sectors, and organizations, regardless of their degree of cybersecurity sophistication. NIST CSF 2.0 has added governance to the CSF’s core guidance to help organizations assess and achieve their cybersecurity goals. The State of Florida’s Legislature funded the risk assessment effort to support the state’s public and private sector entities with numerous, no- cost benefits for participating organizations, companies, and
businesses. The assessment covers the NIST CSF 2.0 desired outcomes and provides several reports detailing an
organization’s strengths and weaknesses to determine and
leverage cyber risk reduction resources from Florida agencies, universities, and
quality cybersecurity resources, training, and support to defend against evolving cyber risks and recover from incidents. The resources available on the platform include the following: • A 20-question NIST CSF and DHS Ransomware Readiness Assessment (RRA) aligned entry-level assessment based on the most-reported cybersecurity gaps from the initial statewide risk assessment period between October 2022 and June 2023. • A Cybersecurity Incident Response Plan Template to help organizations think through and plan how to recover from a cyber incident. • A 154-question assessment that covers key cybersecurity desired outcomes and practices outlined in the NIST CSF 2.0 and the DHS RRA.
colleges. Measuring success comes from both the improvements made by the participants based on their individual reports and using the customized statewide dashboard (visualization tool) developed by INL to analyze CI sector/subsector risk across the state. The CIP program is intended to assist small and medium-sized enterprises and resource- constrained county and municipal government entities in implementing basic cybersecurity protocols and policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is designed to fortify the cybersecurity resilience of public and private critical infrastructure across the state. In an era of increasing cyber threats and incidents, safeguarding critical infrastructure is paramount. The CIP program aims to empower organizations by providing high-
26 – Florida Technology Magazine – 2024 Fall Edition
Powered by FlippingBook