NIST Issues Updated Cybersecurity Framework With Expanded Core Guidance

The National Institute of Standards and Technology has released its updated Cybersecurity Framework designed for all organizations in any sector, large or small. 

CSF 2.0, which supersedes the first framework NIST issued in 2014, added the Govern function to the previous guidepost’s five key functions: Identify, Protect, Detect, Respond and Recover. The expanded core guidance provides related resources and tailored pathways to help maximize users’ benefits and ease cybersecurity strategy implementation, NIST said Monday.

The updated framework, which supports the National Cybersecurity Strategy implementation, has a broader scope beyond critical infrastructure protection, with a focus on governance encompassing ways with which organizations formulate and implement cybersecurity strategy. 

Its governance element underscores cyberattacks as a major enterprise risk for senior organization leaders to consider along with other factors such as finance and corporate reputation.

Anticipating CSF 2.0 users’ varying needs and cybersecurity experience, the framework contains best practices for users to select as patterns for implementation strategies. It also features quick-start guides for specific users, such as small enterprises and organizations eying cybersecurity for their supply chains.

Kevin Stine, NIST Applied Cybersecurity Division chief, said the updates were developed with input from stakeholders and considered current cybersecurity concerns and management practices, making CSF 2.0 applicable to a wider range of users.