The National Institute of Standards and Technology (NIST) has published a draft of the Cybersecurity Framework 2.0 (CSF 2.0) for public comment. NIST has been collecting and reviewing subject matter expert recommendations for an updated framework for the past year. The initial Cybersecurity Framework was released in 2014 to help organizations reduce cyber risk.
The second iteration of the framework includes a sixth function, “Govern”, and inherits all five prior functions.
Cybersecurity Framework 2.0 Updated for Modern Cyber Threats
The goal of an updated framework is to help organizations confront modern-day cybersecurity challenges, align with best practices and guidance resources, and anticipate future cyber threats.
NIST actively seeks feedback on what types of implementation examples would be most helpful. Additionally, the organization is also requesting feedback on how often implementation examples and guidance should be updated, as cyber threats continually evolve.
In 2014, cyber threats such as ransomware, and nation-state sponsored advanced persistent threats were only in their infancy. Today, it is a global, continuous threat to private and public organizations.
Feedback on the CSF 2.0 Public Draft (PDF), as well as the related Implementation Examples draft, may be submitted to cyberframework@nist.gov by Friday, November 4, 2023.
Any suggestions or recommendations on this draft will inform the development of the final CSF 2.0 published in early 2024.
