The US National Institute of Standards and Technology (NIST) has taken a significant step forward by unveiling a fresh draft of its widely acclaimed security framework, aimed at broadening its horizons and offering more comprehensive directives for effective implementation.
Marking the inaugural update since its inception in 2014, the NIST Cybersecurity Framework (CSF) 2.0 embodies a pivotal stride towards comprehending, mitigating, and communicating cybersecurity risks, according to the standards institution.
An additional pillar, 'govern,' has been integrated into the CSF's structure. Augmenting the existing elements of identify, protect, detect, respond, and recover, this new addition underscores the gravity of cybersecurity as a pervasive enterprise risk. It strives to empower organisations in formulating and executing judicious decisions aligned with their security strategies.
In tandem with its broader spectrum, the draft introduces enhanced and enriched guidance for executing the CSF, manifesting as tailored profiles catering to distinct sectors and use cases. This strategic refinement seeks to facilitate the effective adoption of the framework, particularly among smaller entities.
Eager to consolidate insights, NIST is soliciting input from stakeholders to fine-tune the draft, urging suggestions and opinions until 4 November 2023, after which no further revisions are slated.