On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which was last updated in April 2018 (version 1.1) (CSF 1.1). Risk governance and supply chain risk management comprise the most significant changes from CSF 1.1 to 2.0. In this blog post, we look at what the CSF 2.0 means for organizations, and what executives and cybersecurity professionals should be thinking about as they integrate this new guidance into existing cybersecurity risk management programs. We note that NIST is also seeking public comments on a guide for developing Community Profiles by May 3, 2024.
What is the CSF?
CSF 2.0 is the culmination of years of collaborative work between NIST, the private sector, and other government agencies around the world. Like its predecessor, CSF 2.0 is intended to provide risk-based, flexible guidance for organizations to manage cybersecurity risks. It outlines a set of cybersecurity activities, outcomes, and informative references that are common across organizations. Although not intended by NIST to be…
