A new ultimate guide for cyber defenders: NIST releases Framework 2.0


After multiple years in the making, NIST has released the 2.0 edition of its cybersecurity framework (CSF). CSF is internationally recognized and one of the most important blueprints for protecting organizations.

The updated version has expanded its scope beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector.

The distilled knowledge of cybersecurity defense aims to help all organizations achieve their cybersecurity goals, with added emphasis on governance and supply chains.

The Framework now features quick-start guides aimed at specific audiences, success stories outlining other organizations’ implementations, and a searchable catalog of informative references that allows users to cross-reference the framework’s guidance to more than 50 other cybersecurity documents, according to NIST’s press release.

The new 2.0 edition is designed for all audiences, industry sectors, and organization types, from the smallest schools and nonprofits to the largest agencies and corporations – regardless of their degree of cybersecurity sophistication,” NIST said.

“A new CSF 2.0 Reference Tool now simplifies the way organizations can implement the CSF, allowing users to browse, search and export data and details from the CSF’s core guidance in human-consumable and machine-readable formats.”

Cybersecurity has become a major source of enterprise risk, and NIST believes that senior leaders should consider it alongside others, such as finance and reputation.

“CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.

The first CSF was released in 2014 to help organizations understand, reduce, and communicate about cybersecurity risk.

Framework’s core is now updated with a sixth key function: Identify, Protect, Detect, Respond, and Recover functions are extended with the newly added Govern function.

NIST plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users, including the feedback from the community.