The National Institute of Standards and Technology (NIST) released the long-awaited version 2.0 of its Cybersecurity Framework (CSF), marking the most significant update to the framework since its inception a decade ago. The organization has updated the CSF’s core guidance and created a suite of resources to help organizations strengthen their cybersecurity.
First introduced in 2014, the CSF was initially tailored for critical infrastructure entities but now aims to help all organizations.
“The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s newly added Govern function. When considered together, these functions provide a comprehensive view of the life cycle for managing cybersecurity risk,” NIST said.
CSF 2.0 introduces a comprehensive reference tool designed to streamline the implementation process for organizations. This tool empowers users to navigate, search, and extract data and insights from the CSF's core guidance in both human-readable and machine-readable formats, facilitating smoother integration into existing cybersecurity frameworks.
CSF 2.0 also incorporates a searchable catalog of informative references, allowing organizations to align their current cybersecurity practices with the framework's guidelines. With over 50 cybersecurity documents, organizations can leverage this catalog to map their actions to specific cybersecurity outcomes and identify areas for improvement.
“NIST plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users,” the organization said, noting that feedback from the community will be crucial.