The National Institute for Standards and Technology (NIST) has released its Cybersecurity Framework 2.0. The draft was released last year.
NIST released its first CSF in 2014, at the direction of a presidential executive order to help organizations, specifically critical infrastructure, mitigate cybersecurity risk.
This framework builds on its long-standing cyber risk reducing recommendations to include the concerns of organizations outside of its initial focus on critical infrastructure.
The CSF 2.0 builds on the existing five basic functions (Identify, Protect, Detect, Respond, and Recover) and has been updated to include a sixth, Govern. NIST’s CSF 2.0 also addresses supply chain risks.
While only federal government agencies are required to follow CSF, many state and local governments and private organizations also find it helpful to voluntarily adopt.
NIST noted CSF 2.0 includes a reference tool cybersecurity teams can use to gather guidance data, as well as a searchable catalog, and a wide offering of references to help organizations of all sizes and sophistication levels implement the new framework.
