The world of cyber threats is continually evolving, and the range of targets is constantly expanding. Fortunately, cybersecurity is rapidly progressing as well. In August 2023, two different U.S. government organizations published new reports about what to expect moving ahead, suggesting regulations and standards: CISA's Strategic Plan for FY24- FY26 and NIST SP 800-204D.
While these publications originate from two different U.S. agencies, both point to the same overarching path to securing our vital infrastructure and enterprise applications into the future. CISA lays out a broad vision with measurable goals we should be striving towards, whereas NIST provides actionable, tactical procedures. When read side by side, these publications suggest the next few years will bring a focus on hardening our defenses, improving our tooling for faster detection and remediation of threats, and transparent measurement with attestation.