NIST Cybersecurity Framework 2.0

From OpenCommons
Jump to navigation Jump to search

Title NIST Cybersecurity Framework 2.0
Type report
Topic Cybersecurity and Privacy Risk Management
Publisher NIST
Issue 2024-02-26
Date Accessed 2024-03-01
doi 10.6028/NIST.CSWP.29
File Paper

The National Institute of Standards and Technology (NIST) has updated the widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk. The new 2.0 edition is designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations — regardless of their degree of cybersecurity sophistication.

Major changes to the document include these:

  • Explicitly aims to help all organizations — not just those in critical infrastructure, its original target audience — to manage and reduce risks.
  • Updates the CSF’s core guidance and includes a suite of resources to help all organizations achieve their cybersecurity goals, with added emphasis on governance as well as supply chains.
  • Is based on the outcome of a multiyear process of discussions and public comments aimed at making the framework more effective