The much-anticipated National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) version 2.0 draft is live online for public review and feedback. The original CSF outlined five core functions to reduce cybersecurity risks: Identify, Protect, Detect, Respond, Recover. Functions are further described with categories related to specific cybersecurity outcomes, and associated subcategories geared toward technical and management outcomes.
The team behind the CSF 2.0 revisions spent more than a year associating new ideas and potential updates with other government officials, industry proponents, and cybersecurity solution providers. The most significant changes to the 2.0 version include an additional “Govern” function, as well as Implementation Examples and Informative Resources.
The NIST CSF 2.0 has 6 explicit goals:
- Recognize broad use of the Framework
- Relate CSF to other Frameworks and resources
- Increase guidance on CSF implementation
- Emphasize cybersecurity governance
- Emphasize cybersecurity supply chain risk management
- Clarify understanding of cybersecurity measurement and assessment
With these overarching goals in mind, below are two truths and a lie about the latest 2.0 draft...Read More!
