After several years of deliberation, the National Institute for Standards and Technology (NIST) has released its Cybersecurity Framework 2.0.
THE new framework builds on its long-standing recommendations on cyber risk reduction to include the concerns of organizations outside of its initial focus on critical infrastructure.
NIST released its first CSF in 2014, at the direction of a presidential executive order to help organizations, especially critical infrastructure, mitigate cybersecurity risk. CSF 2.0 builds on the five existing core functions (Identification, Protection, Detection, Response and Recovery) and has been updated to include a sixth, Govern. NIST’s CSF 2.0 also addresses supply chain risks.
“Developed by working closely with stakeholders and reflecting the latest cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a broader range of users in the United States and abroad,” according to a statement by Kevin Stinehead of NIST’s Applied Cybersecurity Division.
NIST noted that CSF 2.0 includes a reference tool that cybersecurity teams can use to gather guidance data, as well as a searchable catalog and broad reference offering to help organizations of all sizes and levels of sophistication implement the new framework.