On February 26, 2024, the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, released Version 2.0 of its Cybersecurity Framework (CSF), the first major update since its 2014 release.[1] Version 2.0 emphasizes the importance of governance by adding a sixth Core Function to the framework. In addition, Version 2.0 expands the CSF beyond critical infrastructure, promotes secure supply chains, and includes a new suite of additional guidance to assist with implementation.
NIST: A Standard for Managing Cybersecurity Risk
The NIST CSF is the landmark guidance on reducing cybersecurity risk. It was released as part of a broader federal initiative to improve cybersecurity and has served as benchmark for large companies and organizations since it was first published. It aims to help organizations understand, reduce, and communicate about cybersecurity risk.
While the NIST CSF may be adopted voluntarily, it has been incorporated into government policies and mandates both within and outside the United States. Companies regularly use the NIST CSF to navigate complex and overlapping cybersecurity regulatory regimes. By way of…
