The National Institute of Standards and Technology (NIST) has released Version 2.0 of its Cybersecurity Framework (CSF). CSF 2.0—the framework’s first major update since its creation in 2014—reflects discussions and public input over the past several years aimed at making the framework more effective.
The CSF allows organizations—regardless of size, degree of cyber risk, or cybersecurity sophistication—to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure.
NIST’s CSF was released in 2014 as a result of the Executive Order, "Improving Critical Infrastructure Cybersecurity." Intended to be a living document that is refined, improved, and evolves over time, the Framework was created through collaboration between industry and government. NIST unveiled CSF 1.1 in April 2018.
With CSF 2.0, NIST has updated the CSF’s core guidance and created a suite of resources to help all organizations achieve their cybersecurity goals, with added emphasis on governance as well as supply chains. The resources are designed to provide different stakeholders with tailored pathways into the CSF, making the framework easier to put into action.
“The CSF has been a vital tool for many organizations, helping them anticipate and deal with cybersecurity threats,” said Under Secretary of Commerce for Standards and Technology and NIST director Laurie E. Locascio. “CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve.”
Some of the resources included in CSF 2.0 include:
Learn more and access CSF 2.0 on NIST’s website.
