Explore the NIST Cybersecurity Framework (CSF) and how organizations use its core functions — Identify, Protect, Detect, Respond, and Recover — to manage cybersecurity risk. Our articles break down NIST CSF implementation strategies, maturity assessments, and alignment with business objectives.
posts
The Framework Everyone References but Few Actually Implement In 2023, the MOVEit Transfer breach ripped through over 2,600 organizations worldwide. Many of those companies had compliance checklists. Many referenced NIST standards in their security policies. And yet, basic access controls and patch management — core tenets of NIST guidance — were
800 Pages of Security Guidance — and Most Teams Read None of It In 2023, the MOVEit Transfer breach compromised data from over 2,600 organizations worldwide. Many of those organizations claimed compliance with major frameworks. The problem wasn't that NIST standards didn't cover the vulnerability class
In February 2024, NIST released version 2.0 of its Cybersecurity Framework — the biggest overhaul in a decade. Within weeks, I watched organizations scramble to figure out what changed and what they needed to do about it. Most of them were still struggling to implement version 1.1. Here'
When Change Healthcare suffered its catastrophic ransomware attack in early 2024 — disrupting pharmacy operations across the United States for weeks — investigators found a familiar culprit: stolen credentials and no multi-factor authentication on a critical system. The company's parent, UnitedHealth Group, eventually disclosed the breach affected roughly 100 million
