The NIST Cybersecurity Framework 2.0 Draft is Now Available!

August 28, 2023
IT Security

Many cybersecurity best practices and frameworks are available; among the best to consider are those provided by the National Institute of Standards and Technology (NIST). As of early August 2023, the NIST has a new version of its framework.

On August 8, the NIST announced the release of the public draft of NIST Cybersecurity Framework (CSF) 2.0. It’s the first complete update of the framework since it was first published in 2014 and follows a year’s worth of community feedback.

The CSF includes a common language and a systematic methodology for managing cybersecurity risk across sectors and facilitating communication between technical and non-technical staff. It includes customizable activities that can be incorporated into cybersecurity programs to meet organizations’ specific needs.

CSF 2.0 takes into account the changing cybersecurity landscape and makes it easier for organizations of all sizes and across all industries to put the framework into practice. NIST is accepting public comment on the draft framework until Nov. 4, 2023. The final version is planned for release in early 2024.

The CSF 2.0 draft features a number of major changes. Among them:

The framework’s scope has expanded from protecting critical infrastructure, such as hospitals and power plants, to providing cybersecurity for all organizations regardless of type or size.
A sixth function — govern — has been added to the CSF’s previously noted five main functions (using identify, protect, detect, respond and recover) of a successful and holistic cybersecurity program. The govern function covers how an organization can make and act on its own internal decisions to support its cybersecurity strategy.
It provides improved and expanded guidance on implementing the CSF. It now includes implementation examples for each function’s subcategories to help organizations, especially smaller ones, use the framework effectively.
The CSF 2.0 Reference Tool has been launched. The online resource allows users to browse, search, and export the CSF Core data in human-consumable and machine-readable formats. (More updates to this tool will be coming in the near future.

You’ll find more in-depth information about CSF 2.0 here. Contact us to learn how US Signal can help you implement tools and technologies to help your organization adopt the new framework.

What to Know About DR in the Cloud

It used to be that an organization’s IT disaster recovery (DR) plan entailed simple data backup (on disk or tape) or, budget-allowing, a secondary data center that it could failover to if a disaster occurred. The introduction of cloud DR has expanded the options. Choosing what’s best for your company requires [...]

AI and the Changing Cybersecurity Landscape in 2024

Expect to see the cybersecurity landscape continue to change throughout 2024. There will likely be increased regulatory scrutiny at the federal and state levels over the coming year as government authorities seek to encourage prompt, accurate, and complete disclosure of security threats and management-level preparedness. [...]

The People Side of Tech Support at US Signal

A majority of our daily lives involve interacting with various technologies. And in the course of those interactions, most of us seldom think about the actual technologies involved — unless they aren’t working or need to work better or faster. In those instances, we expect some form of “tech support” to help. [...]

Blog

The NIST Cybersecurity Framework 2.0 Draft is Now Available!

Related Blog Posts

What to Know About DR in the Cloud

AI and the Changing Cybersecurity Landscape in 2024

The People Side of Tech Support at US Signal