The National Institute of Standards and Technology’s Cybersecurity Framework is being revised nearly 10 years after its initial release.
NIST on Tuesday published a draft of Cybersecurity Framework 2.0 in an effort to adapt to the changing landscape of cyber defense.
The new version incorporates feedback from a request for information issued by the institute in February 2022. It retains key attributes of the framework, while providing additional guidance about evolving ransomware threats and supply chain risks stemming from online vulnerabilities.
Extending its scope beyond critical infrastructure, the latest edition attempts to cater to all types and sizes of organizations. CSF 2.0 now has six main functions: to identify, protect, detect, respond, recover and—the newest addition—govern.
The draft is open to public comment until Nov. 4, with a finalized version to be released in early 2024.
