Get a deep understanding of the upcoming NIST CSF 2.0. As a cybersecurity professional, this is something you should know.
As we approach the implementation of the National Institute of Standards and Technology Cybersecurity Framework 2.0 (CSF 2.0), scheduled for 2024, anticipation for the changes is at a fever pitch. After a public debate that ended in May, the public’s views were formally reflected. Now, it’s important to understand what these changes mean and what you can expect from the updated framework.
The foundation of CSF 2.0 is its alignment with the Biden Administration’s National Cybersecurity Strategy. This was confirmed by Cherilyn Pascoe, NIST’s Senior Technology Policy Advisor, in her talk at the 2023 RSA Conference. These adjustments position his improved CSF to effectively design risk management blueprints.
When used as a risk management tool, the CSF embodies the five pivotal pillars of the National Cybersecurity Strategy detailed by Pasco.
- Protect your critical infrastructure.
- Derailing and dismantling cyber attackers.
- Shape market dynamics to emphasize security and resilience.
- Prioritize investments for a robust cyber future.
- Build global collaboration to achieve common cybersecurity goals.
The primary purpose of CSF has always been to provide organizations with a scaffolding for designing their cybersecurity strategies. This helps pinpoint potential risks and refine procedures to manage them. Given the evolving and complex nature of today’s cybersecurity threats, the new version emphasizes the urgency of enhanced risk management.
Learn more: Governance features
A notable change in CSF 2.0 is the introduction of a sixth feature titled “govern.”