NIST publishes long-awaited Cybersecurity Framework 2.0

The National Institute for Standards and Technology (NIST) has published the long-awaited Cybersecurity Framework 2.0 (CSF 2.0).

The updated framework expands upon its traditional focus on critical infrastructure to encompass the concerns of a broader spectrum of organisations. Initially introduced in 2014 by a presidential executive order, the Cybersecurity Framework aimed to assist organisations, particularly those in critical infrastructure, in mitigating cyber risks.

Building upon the five basic functions—Identify, Protect, Detect, Respond, and Recover—the CSF 2.0 introduces a sixth function: Govern. This last addition reflects the evolving landscape of cybersecurity and the growing importance of governance in addressing digital threats. The framework also placed emphasis on supply chains.

The framework draws input from various stakeholders and public comments to better align with contemporary cybersecurity challenges and management practices. This way, the updated framework aims to be more inclusive and applicable to a wider domestic and international audience. Kevin Stine, chief of NIST’s Applied Cybersecurity Division, emphasised that this drafting process was to ensure the relevance and effectiveness of the CSF 2.0.

Key features of the Cybersecurity Framework 2.0 include a comprehensive reference tool to aid cybersecurity teams in gathering guidance data, a searchable catalogue, and an extensive array of references tailored to organisations of varying sizes and levels of sophistication.

With cyber threats becoming increasingly sophisticated and pervasive, the Cybersecurity Framework 2.0 is a valuable resource for organisations seeking to enhance their cybersecurity posture and effectively manage digital risks in an ever-changing landscape.