Access Alert: NIST publishes Cybersecurity Framework 2.0

Access Alert: NIST publishes Cybersecurity Framework 2.0

The US National Institute of Standards and Technology (NIST) published the final version of its Cybersecurity Framework 2.0 (CSF 2.0) on 26 February 2024. The CSF 2.0 is the culmination of a yearslong undertaking that included multiple public consultations and workshops with key public stakeholders to update the agency’s original cybersecurity framework, which was first published in 2014.

In addition to reflecting changes in the cybersecurity landscape that have taken place over the last decade, the CSF 2.0 features an expanded scope beyond critical infrastructure and complements the US National Cybersecurity Strategy released in March 2023. Whereas the original CSF was built around five key functions for entities to achieve a high level of cyber resilience (identify, protect, detect, respond, and recover), the CSF 2.0 adds a sixth “govern” function. The new function emphasises the importance of developing and maintaining a clear risk management strategy with well-defined roles, responsibilities, policies, procedures, and oversight, along with highlighting the potential legal, financial, and reputational consequences of not having one in place.

The CSF 2.0 provides foundational guidance for audiences and organisations of all sizes. It also offers technological sophistication to help manage and reduce their exposure to cybersecurity risks. To accomplish this level of accessibility, the CSF 2.0 includes case studies for others to emulate along with quick-start guides for a variety of organisation types.

Organisations can also use the CSF 2.0’s searchable catalogue of informative references to map their existing practices onto the CSF itself. Lastly, the CSF 2.0 is included among other NIST guidance documents organisations can refer to and contextualise through the Cybersecurity and Privacy Reference Tool (CPRT), which can be used to communicate best practices to different teams at varying levels of technical specificity.

If you’re seeking clarity on how the NIST Cybersecurity Framework 2.0’s latest updates and expanded scope might impact your organisation’s cybersecurity policies and practices, please contact Jacob Hafey at [email protected].

Related Articles

AI for All in Thailand: Building an AI-ready economy with Google

AI for All in Thailand: Building an AI-ready economy with Google

อ่านบทความนี้เป็นภาษาไทย A doctor in Bangkok analyzes medical images with AI, leading to a faster, more accurate diagnosis for her patient....

19 Dec 2024 AI Policy Lab
The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

This month’s UNCCD COP16 in Riyadh marked a pivotal moment in combating global land degradation and drought, with outcomes including...

13 Dec 2024 Opinion
Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

A recent panel discussion at the Bengaluru Tech Summit 2024 on 20 November 2024 focused on the transformative role of...

29 Nov 2024 Opinion
Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

The rise of deepfakes – AI-generated content that manipulates audio, video, or images to create realistic but false representations –...

29 Nov 2024 Opinion