The US National Institute of Standards and Technology (NIST) has released a new draft version of its popular best practice security framework, designed to expand its scope and provide more guidance on implementation.
The NIST Cybersecurity Framework (CSF) 2.0 is the first refresh since it was launched in 2014. It is designed to help organizations “understand, reduce and communicate about cybersecurity risk,” the standards body said.
“With this update, we are trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well,” said the framework’s lead developer, Cherilyn Pascoe.
“The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful everywhere from schools and small businesses to local and foreign governments. We want to make sure that it is a tool that’s useful to all sectors, not just those designated as critical.”
To that end, version 2.0 officially expands the framework’s scope from critical infrastructure to all organizations regardless of type or size. Its official name is now the CSF, rather than the Framework for Improving Critical Infrastructure Cybersecurity.
No tags.
