The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.
Since Version 1.0’s initial release in 2014, the NIST CSF has undergone two major updates: Version 1.1 in 2018 and Version 2.0 in 2024. Let’s explore what the Framework is and does and how it has changed over the years.
NIST Cybersecurity Framework Version 1.0 (2014)
While not published until 2014, NIST CSF Version 1.0’s history begins a year earlier, in February 2013. In response to the increasing threat of cyberattacks on critical infrastructure, President Barack Obama issued Executive Order 13636, titled “Improving Critical Infrastructure,” which directed NIST to develop a framework to improve the cybersecurity of critical infrastructure in the United States.
Following an extensive, collaborative process with various relevant stakeholders and several drafts and revisions, NIST released CSF Version…
