- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
NIST Releases Final Version of Cybersecurity Framework 2.0
The US National Institute of Standards and Technology (NIST) has released the final version of version 2.0 of its popular Cybersecurity Framework (CSF).
The new framework is now available to be used by all organizations to help them manage and reduce cyber risks.
A draft of the updated version was published in August 2023, inviting feedback from the cybersecurity community.
This version contains significant changes to the previous iteration, most notably expanding the CSF’s scope beyond critical infrastructure to all organizations and industries.
In addition, a new ‘Govern’ pillar has been added to cover organizational context – in particular, roles, responsibilities and authorities across areas like risk management and the supply chain.
This pillar adds to the six key functions already in place – Identify, Protect, Detect, Respond and Recover.
Version 2.0 also cross links the framework to other relevant NIST special publications, making them easier for organizations to find.
Read here: NIST’s Cybersecurity Framework 2.0: Shaping the Future of Cyber Resilience
NIST Makes Changes Following Public Comments
NIST said it received “numerous comments” on the draft. In response, the agency has expanded the CSF’s core guidance and developed related resources to help different organizations put the framework into action in the finalized version.
This includes allowing users to browse, search and export data and details from the CSF’s core guidance in human-consumable and machine-readable formats.
These formats are available through the NIST CSF website.
Additionally, there will be a searchable catalog of informative references to demonstrate how organizations’ current actions map onto the CSF.
Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio, noted: “The CSF has been a vital tool for many organizations, helping them anticipate and deal with cybersecurity threats.
“CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve.”
Version 2.0 represents the first major update to the framework since its creation in 2014. The framework has been utilized internationally, with Versions 1.1 and 1.0 translated into 13 languages.
