NIST Cybersecurity Framework Gets First Refresh

The National Institute of Standards and Technology (NIST) has released an update to its Cybersecurity Framework — the first since the guidance document was issued in 2014.

Cybersecurity Framework (CSF) 2.0's biggest change is the scope. While the government agency's original framework focused on securing critical infrastructure, 2.0 expands to include guidance for all organizations and enterprises — no matter their size or focus. NIST said the expansion was due to public sentiment on expanding the purpose of the Cybersecurity Framework to help provide personalized guidance for all against current threats.

[Click on image for larger view.] Figure 1. Breakdown of what is new in the Cybersecurity Framework 2.0.

"The CSF has been a vital tool for many organizations, helping them anticipate and deal with cybersecurity threats," said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. "CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve."

CSF 2.0 will provide quick-start guides for different types of organizations, implementation examples, and a suite of resources to assist in the adoption of the framework. New for 2.0 is the Reference Tool, designed to simplify the implementation process by allowing users to browse, search, and export information from the framework in both human and machine-readable formats.

Also arriving for 2.0 is a searchable catalog of informative references, enabling organizations to map their cybersecurity activities against the CSF and reference over 50 other cybersecurity documents. According to the government agency, the new resource expansion will be able to cater to both cybersecurity beginners and pros.

"As users customize the CSF, we hope they will share their examples and successes, because that will allow us to amplify their experiences and help others. That will help organizations, sectors and even entire nations better understand and manage their cybersecurity risk," said Kevin Stine, chief of NIST’s Applied Cybersecurity Division. 

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • glowing blue nodes connected by thin lines in an abstract network on a dark gray to black gradient background

    Report: Generative AI Taking Over SD-WAN Management

    In a few years, nearly three quarters of network operators will use generative AI for SD-WAN management, according to a new report from research firm Gartner.

  • abstract pattern with interconnected blue nodes and lines forming neural network shapes, overlaid with semi-transparent bars and circular data points

    Data, AI Lead Educause Top 10 List for 2025

    Educause recently released its annual Top 10 list of the most important technology issues facing colleges and universities in the coming year, with a familiar trio leading the bunch: data, analytics, and AI. But the report presents these critical technologies through a new lens: restoring trust in higher education.

  • abstract image representing AI tools for reading and writing

    McGraw Hill Introduces 2 Gen AI Learning Tools

    Global education company McGraw Hill has added two new generative AI tools to help personalize learning experiences for both K–12 and higher ed students, according to a news release.

  • abstract image of fragmented, floating geometric shapes with holographic lock icons and encrypted code, set against a dark, glitchy background with intersecting circuits and swirling light trails

    Education Sector a Top Target for Mobile Malware Attacks

    Mobile and IoT/OT cyber threats continue to grow in number and complexity, becoming more targeted and sophisticated, according to a new report from Zscaler.