The National Institute of Standards and Technology (NIST) has recently published for public comment the first draft of its Cybersecurity Framework 2.0 (CSF 2.0).
First published in 2014, the NIST Cybersecurity Framework is a voluntary framework that includes standards, guidelines, and best practices to help organizations more effectively manage cybersecurity risks. The Framework also fosters increased communications between both internal and external stakeholders about risk and cybersecurity issues.
The release of the public draft of CSF 2.0 follows the April release of a “Discussion Draft” of CSF 2.0 that detailed proposed changes to the core elements of the framework.
See the complete draft of NIST’s CSF 2.0. Feedback on the public draft may be submitted to NIST at cyberframework@nist.gov until November 4, 2023.
NIST has also released a reference tool to foster greater access and use of its draft Cybersecurity Framework 2.0 (CSF 2.0). According to NIST, the new “Cybersecurity Framework (CSF) 2.0 Reference Tool” will allow users to explore the core elements of the framework (Functions, Categories, Subcategories, and Implementation Examples) more easily. The Reference Tool also provides both human and machine-readable versions of the draft, enabling users to create their own customized versions of the framework with personally selected information and references.