NIST Cybersecurity Framework 2.0: What’s Changed and Why It Matters

0
329

Cyber threats never sleep, which means neither can your defenses. That’s why the US Government’s National Institute of Standards and Technology (NIST) recently updated its Cybersecurity Framework (CSF) to version 2.0, the first major update since the creation of the CSF a decade ago.

The biggest addition is the Govern function, emphasizing the importance of governance in managing cyber risks. Things like policies, procedures, oversight, and resource allocation now have a home in the framework.

Another big shift in the new framework is its expanded scope beyond critical infrastructure sectors. While the original 2014 version focused on industries like energy, finance, and transportation, this new iteration is designed to help organizations of all types and sizes.

Let’s dive further into the key updates of version 2.0, but before we do that, let’s walk through why the framework was established in the first place and what it covers at a high level.

Overview of the NIST CSF

NIST CSF was formed to provide guidance to help organizations manage cyber risks. When it was first introduced back in 2014, it outlined 5 core functions that remain central to the framework today:…

Read More…