author photo
By Drew Todd
Read more about the author
Mon | Jan 23, 2023 | 3:02 PM PST

The U.S. National Institute of Standards and Technology (NIST) has announced plans to update its Cybersecurity Framework (CSF) to reflect changes in the evolving cybersecurity landscape. 

The CSF, which was first published in 2014 and last updated in 2018, is widely used by organizations of all shapes and sizes to identify, assess, and manage cybersecurity risks. It provides a set of guidelines and best practices for managing cybersecurity risks in an organization.

The "CSF 2.0" will focus on inclusivity across all economic sectors and will be based on feedback from workshops and a corresponding Request for Information published in early 2022.

Here's what NIST said about the CSF 2.0 in a recent concept paper:

"The CSF is intended to be a living document that is refined and improved over time. The statutory authority for the CSF directs NIST to 'facilitate and support the development' of the Framework and 'coordinate closely and regularly' with relevant organizations....

The CSF is being updated in an open manner with input from government, academia, and industry, including through workshops, public review and comment, and other forms of engagement. With this update, NIST is open to making more substantial changes than
in the previous update."

NIST also provided a timeline showing what has gone into drafting the CSF 2.0 and when to expect the final copy:

So, what are the potential big changes coming to the CSF? NIST highlights six things:

  1. "CSF 2.0 will explicitly recognize the CSF's broad use to clarify its potential applications."

  2. "CSF 2.0 will remain a framework, providing context and connections to existing standards and resources."

  3. "CSF 2.0 (and companion resources) will include updated and expanded guidance on Framework implementation."

  4. "CSF 2.0 will emphasize the importance of cybersecurity governance."

  5. "CSF 2.0 will emphasize the importance of cybersecurity supply chain risk management (C-SCRM)."

  6. "CSF 2.0 will advance understanding of cybersecurity measurement and assessment."

NIST makes it clear in the concept paper that it is actively looking for additional input on the structure and direction of the CSF, so if you have any input to offer, direct your feedback and comments to cyberframework@nist.gov by March 3, 2023.

The changes proposed in the concept paper will be discussed at the upcoming second CSF 2.0 virtual workshop on February 15, 2023, and during CSF 2.0 in-person working sessions on February 22-23, 2023.

See the NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework for more information.

Follow SecureWorld News for more stories related to cybersecurity.
Tags: NIST Cybersecurity Framework,
Most Recent
Supply Chains

'Cybersecure My Business' Program Trains SMB Owners to Manage Cyber Risk

Most Popular
Online Scams

Hong Kong Clerk Defrauded of $25 Million in Sophisticated Deepfake Scam

More Like This
Risk Management

NIST Unveils Cybersecurity Framework 2.0 with Key Upgrades

Comments