After a multiyear update process, the National Institute of Standards and Technology (NIST) has updated its Cybersecurity Framework (CSF) guidance document.
Updates include a new set of implementation examples and quick-start guides designed for specific types of users, such as small businesses, enterprise risk managers, and organizations seeking to secure their supply chains.
The new 2.0 edition is the framework’s first major update since its creation in 2014 and comes after numerous discussions and public feedback on an earlier draft. CSF 2.0 is designed for all audiences, regardless of their cybersecurity knowledge, and expands the core guidance to help users get the most out of the framework.
“CSF 2.0, which builds on previous versions, is not just about one document,” says Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve.”
