NIST Cybersecurity Framework 2.0 Officially Released

NIST on Feb 26th announced the official release of version 2.0 of its Cybersecurity Framework (CSF), the first major update since its creation a decade ago.

The cybersecurity framework was originally aimed at critical infrastructure organizations, but it has been widely used and widely recommended and NIST highlighted that CSF 2.0 is designed to help all organizations reduce risks, regardless of sector, size, or level of security sophistication. 

Based on the feedback it received on the draft of the Cybersecurity Framework 2.0, NIST expanded the core guidance and created additional resources to help organizations use the CSF to its full potential. 

Users are provided implementation examples and quick-start guides that are tailored to their specific needs. The CSF 2.0 also offers a searchable catalog of references that enables organizations to map guidance to over 50 other relevant cybersecurity documents.

“The CSF has been a vital tool for many organizations, helping them anticipate and deal with cybersecurity threats,” said NIST Director Laurie E. Locascio. “CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve.” 

Security Week 02/27/2024