The National Institute of Standards and Technology (NIST) recently issued a draft version of the Cybersecurity Framework for public comment. Working with the ORX Cyber Community, we'll be coordinating a consolidated response to the update.
NIST releases new draft of Cybersecurity Framework
The National Institute of Standards and Technology (NIST) has issued a draft version of the Cybersecurity Framework (CSF) 2.0, a new version of a tool it first released in 2014 to help organisations understand, reduce and communicate about cybersecurity risk. This draft update has been released for public comment, along with a separate document for comment specifically on implementation examples.
The updates proposed by NIST are of particular relevance to the ORX Cyber community given the use of NIST controls within the cyber events data exchange and the cyber controls and indicators benchmarking.
Overview of changes
The changes proposed by NIST for the CSF 2.0 are significant, including:
- An expanded scope, reflecting use by all organisation rather than the original emphasis on critical infrastructure
- The introduction of a sixth function Govern, “to cover organisational context; risk management strategy; cybersecurity supply chain risk management; roles, responsibilities, and authorities; policies, processes, and procedures; and oversight.”
- Changes to the core CSF categories and subcategories
- Updated implementation examples for each of the CSF subcategories
- Improved and expanded guidance
Have your say in the ORX Cyber Community responsetrue
All ORX Cyber subscribers can join our consolidated response.
If your firm subscribes to ORX Cyber, log in or register to read the full post.