CSF 2.0 blueprint offered up for public review
ANALYSIS The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity Framework (CSF) – the first in five years, and the biggest reform yet.
First published in 2014 and updated to version 1.1 in 2018, the CSF provides a set of guidelines and best practices for managing cybersecurity risks. The framework is designed to be flexible and adaptable rather than prescriptive, and is widely used by organizations and government agencies, both within and outside the US, to create cybersecurity programs and measure their maturity.
Following a long consultation, NIST has published a concept paper (pdf) for CSF 2.0 and opened it up to further review. The resulting feedback will be used to develop a final draft of the revised framework, due out sometime this summer.
“We think that there’s been enough changes in the cybersecurity landscape to warrant a significant update this time around,” says Cherilyn Pascoe, senior technology policy advisor at NIST and Cybersecurity Framework Program lead.
“There have been changes in cybersecurity standards, including those published by NIST but also elsewhere; there’s been significant changes in the risk landscape and in technologies. And so even though the vast majority of our respondents said they still like the framework, there were a number of changes that folks are looking for, and so we thought it was time for us to do a refresh.”
Cherilyn Pascoe, senior technology policy advisor at NIST and Cybersecurity Framework Program lead
Expanded audience
One notable change is who the framework is aimed towards. Since the publication of CSF 1.1, the US Congress has explicitly directed NIST to consider the needs of small businesses and ..
Support the originator by clicking the read the rest link below.
