On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of version 2.0 of the Voluntary Cybersecurity Framework (“CSF”).
The first edition of the CSF was released in 2014 as a result of an executive order to help organizations understand, manage, and mitigate cybersecurity risks. His original CSF was developed for organizations in critical infrastructure sectors such as hospitals and power plants, but has since been implemented voluntarily across a variety of sectors and industries, including schools and local government.
The final version of CSF 2.0 builds on the draft version released in 2023 and incorporates stakeholder feedback NIST received in public comments. CSF 2.0 is designed to apply to all organizations, not just those considered critical infrastructure. The framework includes six key capabilities related to cybersecurity risk (identify, protect, detect, respond, and recover) and new additions that provide guidance on how organizations can manage internal cybersecurity decisions. It is structured around the governance that has been established. In addition to the latest CSF guidance, NIST has released a series of resources to help organizations manage their cybersecurity. These resources can be accessed through NIST's CSF 2.0 Resource Center.
Listen to this article here.
