The history behind the NIST CSF
The 2000s and 2010s were a mess for IT and cybersecurity. Though the thought of implementing a cybersecurity program was far from people’s minds, the concept started to grow. During the 2000s, we had viruses such as SQL Slammer, Code Red, Blaster, and Conficker, to name a few. These computer viruses wreaked havoc across many organizations, governments, and higher education institutions. When the 2010s came around, we had Stuxnet and Flame. However, in 2013, we began to see ransomware take hold with CryptoLocker.
Due to businesses being hit by malicious payloads, and many not knowing what to do or how to protect themselves, the Obama administration stepped in. In February 2013, the president signed Executive Order 13636, named “Improving Critical Infrastructure Cybersecurity,” directing NIST to develop a new framework for cybersecurity. In 2014, we saw the first edition of the CSF.
The early version of the CSF was aimed specifically...
