NIST released its Cybersecurity Framework 2.0 (CFS 2.0) on Monday, introducing a new core structure, resource catalog and overall scope of application to the already widely used resource.
The highly anticipated final version of CFS 2.0 draws from years of collaboration and feedback across industry, academia and government agencies both in the United States and around the world, according to NIST, and includes changes that aim to address continuously evolving cybersecurity risks, needs and technologies.
The document and its accompanying resources were also informed by public comments submitted for a draft version of the framework that was published in August.
“The NIST Cybersecurity Framework is considered by many to be the grandfather of frameworks defining what must exist in a cybersecurity program,” Ken Dunham, cyber threat director at Qualys’ Threat Research Unit, said in an email to SC Media. “Significant technology changes have occurred since the inception of the framework, in addition to a need for improvements in clarity, alignment, and implementation towards consistent use.”
Here are three key takeaways from NIST’s CFS 2.0 and the changes it makes toward these…