Official Release of NIST Cybersecurity Framework 2.0

https://www.nist.gov/news-events/news/2024/02/nist-releases-version-20-landmark-cybersecurity-framework

Official Release of NIST Cybersecurity Framework 2.0

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency in the United States. In 2014, NIST released its Cybersecurity Framework (CSF) Version 1.0.

A voluntary framework was established to help organisations, primarily those in critical infrastructure sectors, mitigate their cybersecurity risks.

The NIST CSF serves as a high-level, comprehensive, and universal guideline so that small and large organisations can understand their overarching cybersecurity posture and potential gaps, regardless of technical expertise. Furthermore, it describes how to communicate internally and externally, in addition to remediation and prioritisation of cyber risks.

With an evolving threat landscape, the importance of cybersecurity across all sectors? heightened. In response, NIST released CSF Version 1.1 in 2018.

This provided clarification on aspects such as authentication, as well as the applicability of the framework beyond the critical infrastructure sector.

As of the end of February, NIST have now officially released their CSF 2.0.

To outline the major changes:

• NIST CSF’s core guidance now explicitly aims to help all organisations. This ranges for varying industries as well as different organisation sizes and types.
• A suite of resources has been created to further aid organisations in following through with bolstering their cybersecurity. These are freely available online and designed with the user experience in mind.
• A new focus has been placed on governance and decision-making with strategy.