Skip to content

ORX Cyber to respond to NIST Cybersecurity Framework update


The National Institute of Standards and Technology (NIST) recently issued a draft version of the Cybersecurity Framework for public comment. Working with the ORX Cyber Community, we'll be coordinating a consolidated response to the update.

NIST releases new draft of Cybersecurity Framework 

The National Institute of Standards and Technology (NIST) has issued a draft version of the Cybersecurity Framework (CSF) 2.0, a new version of a tool it first released in 2014 to help organisations understand, reduce and communicate about cybersecurity risk. This draft update has been released for public comment, along with a separate document for comment specifically on implementation examples.

The updates proposed by NIST are of particular relevance to the ORX Cyber community given the use of NIST controls within the cyber events data exchange and the cyber controls and indicators benchmarking.

Overview of changes

The changes proposed by NIST for the CSF 2.0 are significant, including:

  • An expanded scope, reflecting use by all organisation rather than the original emphasis on critical infrastructure
  • The introduction of a sixth function Govern, “to cover organisational context; risk management strategy; cybersecurity supply chain risk management; roles, responsibilities, and authorities; policies, processes, and procedures; and oversight.”
  • Changes to the core CSF categories and subcategories
  • Updated implementation examples for each of the CSF subcategories
  • Improved and expanded guidance

Have your say in the ORX Cyber Community response


All ORX Cyber subscribers can join our consolidated response.

If your firm subscribes to ORX Cyber, log in or register to read the full post.

Log into the ORX website

Register for the site

Not a subscriber? Talk to us today about joining the ORX Cyber community.

Speak to an expert


ORX Cyber

Find out more about our service designed specifically for cyber risk managers.

ORX Cyber