SPOTLIGHT ON The NEWS
The National Institute of Standards and Technology https://www.nist.gov (NIST) has released a draft version of their "Cybersecurity Framework (CSF) 2.0" which is a new version of a tool first released in 2014.
Since it was first published, the CSF has been downloaded more than two million times by users across more than 185 countries and translated into at least nine languages.
This current draft update which NIST has released for public comment, reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice. The CSF provides high level guidance, including a common language and a systematic methodology for managing cybersecurity risk across sectors.
The CSF 2.0 Draft reflects major changes such as:
1) The framework's scope has expanded from protecting critical infrastructure, to providing cybersecurity for all organizations regardless of type or size
领英推荐
2) So far, the CSF has described the main pillars of a successful cybersecurity program using 5 main functions. Now NIST has added a sixth function called the govern functions which covers how an organization can make and execute their own internal decisions to support their cyber security strategy
3) The draft includes implementation examples for each function's subcategories to help organizations, especially smaller firms use the framework effectively
NIST plans to launch a CSF 2.0 reference tool in a few weeks. This online resource will allow users to browse, search, and export the CSF core data in human consumable and machine readable formats.
NIST is accepting public comments and ideas on draft framework until Nov. 4, 2023. NIST does not plan to release another draft. A workshop planned for the fall will be announced shortly and will serve as another opportunity for the public to provide feedback and comments on the draft. The plan is to publish the final version of CSF 2.0 early 2024.
Go to https://csrc.nist.gov/pubs/cswp/20/the-nist-cybersecurity-framework-20/ipd for the draft version of the Cybersecurity Framework (CSF) 2.0 to provide comments. For more information, email [email protected]