The National Institute of Standards and Technology (“NIST”) released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues.
On February 26, 2024, NIST released its updated Cybersecurity Framework 2.0 (“CSF 2.0”), which is the first major update to the original 2014 framework. This development has significant legal ramifications as entities have increasingly turned to the NIST framework to design and implement cybersecurity programs and measure their effectiveness. While the original framework was intended for critical infrastructure organizations, CSF 2.0 focuses on a range of organizations of all sizes, sectors, and cybersecurity maturity, and presents an evolution of best practices and methodologies adapted to address new and evolving issues in cybersecurity management. While CSF 2.0 preserves the original components, it extends its reach to include guidelines on cyber governance and risk management, artificial intelligence, supply chain and third party risk management, zero-trust architecture, and IoT security.
The key major change is the introduction of cybersecurity…
