NIST Expands Cybersecurity Framework with Release of Version 2.0

Sheppard Mullin Richter & Hampton LLP
Contact

Sheppard Mullin Richter & Hampton LLP

In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and provides guidance to industry, government agencies, and other organizations on how to manage cybersecurity risks. While voluntary, the CSF has been a popular compliance resource within the private sector, both domestically and internationally, and has increasingly appeared in state and federal regulations as well as federal grants and grant incentive programs. The revised guidance, therefore, potentially has significant implications for organizations managing cybersecurity risks.

Version 2.0 is the result of a multiyear process reflecting discussion with and input from the public on how the CSF can better advise companies on how to identify, prevent, and recover from cyberattacks. Key developments in CSF 2.0 include:

  • Expanded audience. While the prior CSF was primarily aimed at cybersecurity professionals working in organizations providing or supporting critical infrastructure like hospitals or power plants, CSF 2.0 is designed for all audiences regardless of sector, organization type, or cybersecurity sophistication. As such, 2.0 comes with a number of implementation examples and quick-start guides to better assist a diverse set of users in implementing NIST’s cybersecurity recommendations.
  • Emphasis on governance. CSF 2.0 increases emphasis on governance with a new “Govern” core function, augmenting the existing Identify, Protect, Detect, Respond, and Recover functions. Govern encompasses how organizations make and carry out informed decisions regarding cybersecurity as a component within an organization’s broader enterprise risk management strategy.
  • New tools. A suite of tools accompanies the updated framework intended to assist companies in implementing and customizing the CSF. For example, a new reference tool allows users to browse, search, and export data and details from the CSF’s core guidance. A new searchable catalog contains informative references that show how an organization’s current actions map onto the CSF, including the ability to cross-reference the CSF’s guidance onto other cybersecurity documents.

Putting It Into Practice: NIST intends to continue to update and enhance its resource to make the CSF as useful as possible to the broadest set of users. This will occur, in significant part, through community feedback and NIST hopes users will share their experiences and successes with NIST as they customize the CSF to fit their organizations.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Sheppard Mullin Richter & Hampton LLP

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide