NIST debuts the finalized update to its Cybersecurity Framework
February 26, 2024 – Published on NextGov
The revamp of a nationally recognized cybersecurity standards blueprint urges board rooms to adopt robust governance practices, arguing it will help them face down ever-evolving cyber risks targeting both public and private sectors.
The National Institute of Standards and Technology released its finalized Cybersecurity Framework 2.0 on Monday after a two-year engagement period with stakeholders.
The first version of the CSF was released in 2014 through an Obama-era executive order that focused mainly on steps that critical infrastructure operators can take to defend against cyberattacks. Over time, analysts and officials worked to evolve the framework into a cross-sector guide that aimed to use cyber management language easy for any leader to understand. The agency issued a public call in early 2022 to inform that evolution, followed by a draft of the CSF 2.0 in January 2023.
The core tenets of the guidance were updated in version 2.0 to include cybersecurity governance, which focuses on how firms navigate cybersecurity strategy in their business practices.
“NIST CSF 2.0 now applies to all audiences, industry sectors, and organization types instead of just critical infrastructure owners,” Patrick Gillespie, who leads GuidePoint Security’s operational technology practice, said in a written statement, adding that the framework also addresses emerging threats rooted in artificial intelligence and quantum computing.
Read More HERE.