Many cybersecurity best practices and frameworks are available; among the best to consider are those provided by the National Institute of Standards and Technology (NIST). As of early August 2023, the NIST has a new version of its framework.
On August 8, the NIST announced the release of the public draft of NIST Cybersecurity Framework (CSF) 2.0. It’s the first complete update of the framework since it was first published in 2014 and follows a year’s worth of community feedback.
The CSF includes a common language and a systematic methodology for managing cybersecurity risk across sectors and facilitating communication between technical and non-technical staff. It includes customizable activities that can be incorporated into cybersecurity programs to meet organizations’ specific needs.
CSF 2.0 takes into account the changing cybersecurity landscape and makes it easier for organizations of all sizes and across all industries to put the framework into practice. NIST is accepting public comment on the draft framework until Nov. 4, 2023. The final version is planned for release in early 2024.
The CSF 2.0 draft features a number of major changes. Among them:
The framework’s scope has expanded from protecting critical infrastructure, such as hospitals and power plants, to providing cybersecurity for all organizations regardless of type or size.
A sixth function — govern — has been added to the CSF’s previously noted five main functions (using identify, protect, detect, respond and recover) of a successful and holistic cybersecurity program. The govern function covers how an organization can make and act on its own internal decisions to support its cybersecurity strategy.
It provides improved and expanded guidance on implementing the CSF. It now includes implementation examples for each function’s subcategories to help organizations, especially smaller ones, use the framework effectively.
The CSF 2.0 Reference Tool has been launched. The online resource allows users to browse, search, and export the CSF Core data in human-consumable and machine-readable formats. (More updates to this tool will be coming in the near future.
You’ll find more in-depth information about CSF 2.0 here. Contact us to learn how US Signal can help you implement tools and technologies to help your organization adopt the new framework.