Major Changes Coming to NIST Cybersecurity Framework
It is hard to believe NIST first released its Cybersecurity Framework back in 2014. Beginning last year, NIST collected community feedback and began developing a draft version of the Cybersecurity Framework (CSF) 2.0. This draft update reflects changes in the cybersecurity landscape and makes it more realistic for organizations to adopt the CSF. They are still accepting feedback on this draft version until the end of the year and then the final version of CSF 2.0 will be released early 2024.
- The scope expanded from protecting critical infrastructure to providing cybersecurity for all organizations regardless of size and industry.
- A sixth main pillar of a successful and holistic cybersecurity program has been added. They are identify, protect, detect, respond, recover, and now govern. The govern function is guidance around decision making to support a cybersecurity strategy.
- Implementation examples are now included for each function’s subcategories to help organizations use the framework more effectively.
Since its’ inception in 2014, many new frameworks and standards have been created to join NIST, so it only seems appropriate that CSF 2.0 considers how those should be used in conjunction with NIST.
If you are not yet familiar with the NIST Cybersecurity Framework, now is the time to start. These frameworks and standards were put in place to help organizations stay safe.
2W Tech’s experience as a long-time technology solutions provider, we can assist you in meeting various security compliance standards and the other alphabet soup of regulatory requirements.