Cloud Security Simplified: NIST CSF 2.0 Meets Prisma Cloud

Earlier this year, the National Institute of Standards and Technology (NIST) published a major revision to their Cybersecurity Framework (CSF), known as NIST CSF 2.0. For several years Prisma Cloud has offered out-of-the-box cloud configuration checks that help organizations tightly align their cloud security posture with NIST frameworks and compliance standards. Today, these out-of-the-box checks include the NIST CSF 2.0 framework. In this post, I’ll cover what that means for users.

Overview of NIST CSF

Initially published in 2014, the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) offers organizations comprehensive guidelines to improve cybersecurity, manage IT security risks, and defend against cyberthreats.

The 2024 release of version 2.0 marks the framework’s first significant revision. The NIST CSF 2.0 organizes its recommendations into core functions, which are further divided into categories detailing specific outcomes. The structured approach helps organizations improve their security posture and mitigate cyber risks.

Using NIST CSF

The NIST CSF provides a flexible approach, offering broad guidance for cataloging security risks, implementing controls and fostering continual improvement to adapt to evolving threats. The framework serves as a strategic blueprint, enabling security leaders to pinpoint weak or overloaded areas within their protections.

Key objectives of the NIST CSF include:

• Enhancing the ability to manage cybersecurity risks
• Facilitating communication of cybersecurity risks within and between organizations
• Providing a framework for improving cybersecurity posture over time

CSF 2.0 Core

NIST CSF 2.0 is designed to help organizations of all sizes and industries manage and reduce cybersecurity risks. It recognizes that each organization has unique needs and risks, so its implementation is flexible. CSF 2.0 incorporates the latest government-approved best practices and builds on NIST's extensive standards, making it essential for effective cybersecurity management and governance.

As seen in figure 1, CSF 2.0 is structured around six core functions: Govern, Identify, Protect, Detect, Respond and Recover.

Govern (GV)

The Govern function ensures that an organization’s cybersecurity risk management strategy and policies are clearly defined, communicated and monitored. It plays a pivotal role in aligning cybersecurity efforts with the organization’s mission and stakeholder expectations. Govern integrates cybersecurity into the broader enterprise risk management (ERM) strategy, focusing on understanding the organizational context, establishing a cybersecurity strategy, managing supply chain risks, defining roles and responsibilities, setting policies and overseeing the overall cybersecurity strategy.

Identify (ID)

The Identify function enables an organization to comprehend its current cybersecurity risks. By understanding its assets, suppliers and related risks, it can prioritize efforts according to its risk management strategy and needs, as outlined in Govern. This function also identifies opportunities to improve policies, plans, processes, procedures and practices that support cybersecurity risk management across all functions.

Protect (PR)

The Protect function implements safeguards to manage the organization’s cybersecurity risks. After identifying and prioritizing assets and risks, Protect helps secure those assets to prevent or reduce the impact of cyberthreats while also leveraging opportunities. This includes identity management, access control, awareness training, data security, platform security and ensuring the resilience of the technology infrastructure.

Detect (DE)

The Detect function identifies and analyzes potential cybersecurity attacks and compromises. It ensures timely discovery of anomalies and indicators of compromise, helping to detect ongoing cyberthreats. The Detect function supports effective incident response and recovery efforts.

Respond (RS)

The Respond function involves taking action when a cybersecurity incident is detected. It focuses on containing the impact of the incident. Key activities include incident management, analysis, mitigation, reporting and communication.

Recover (RC)

The Recover function focuses on restoring assets and operations after a cybersecurity incident. It ensures a swift return to normal operations and effective communication throughout the recovery process.

All six core functions are divided into categories, as seen in figure 3.

CSF 2.0 Tools

With the release of CSF 2.0, NIST has provided numerous tools, documents, and resources to help with its implementation and management. Below are a few resources.

• Travel Update Blog
• CSF 2.0 homepage

Prisma Cloud & NIST CSF 2.0

Prisma Cloud is a cloud-native application protection platform (CNAPP) that secures applications from code to cloud. The platform is designed to support customers in their journey to align with NIST CSF 2.0 standards.

Security Policy

Prisma Cloud provides out-of-the-box policies identifying configurations across public cloud environments that don’t meet requirements defined in NIST CSF 2.0. This helps organizations to continuously evaluate their compliance with the CSF 2.0 without introducing architecture changes, such as proxies or agents.

Compliance Enforcement

If your environment doesn’t conform to NIST CSF 2.0, Prisma Cloud will identify the necessary actions to resolve noncompliant misconfigurations and provide step-by-step remediation guidance.

Reporting

With detailed reporting and analytics, organizations can export the insights generated by Prisma cloud for further action. The report includes information on control statements of the core functions of CSF 2.0.

With Prisma Cloud, you can quickly gain visibility and improve your compliance posture to meet NIST CSF 2.0 guidelines.

Learn More

Interested in learning more about Prisma Cloud? Take it for a free 30-day test-drive and experience the advantages for yourself.