Revolutionizing Cybersecurity: NIST Unveils Biggest Reform
Yet for Cybersecurity Framework

The US National Institute of Standards and Technology (NIST) is preparing to make substantial changes to its Cybersecurity Framework (CSF), which is considered the most significant reform in the past five years. The CSF, which was first published in 2014 and updated to version 1.1 in 2018, provides guidelines and best practices for managing cybersecurity risks, and it is widely used by organizations and government agencies globally.

The framework is designed to be flexible and adaptable rather than prescriptive, allowing organizations to create cybersecurity programs tailored to their specific needs. After conducting a lengthy consultation process, NIST has published a concept paper (pdf) for CSF 2.0 and has opened it up to further review. The feedback received will be used to develop a final draft of the revised framework, which is expected to be released sometime this summer.

According to Cherilyn Pascoe, senior technology policy advisor at NIST and Cybersecurity Framework Program lead, “We think that there’s been enough changes in the cybersecurity landscape to warrant a significant update this time around. There have been changes in cybersecurity standards, including those published by NIST but also elsewhere; there’s been significant changes in the risk landscape and in technologies. And so even though the vast majority of our respondents said they still like the framework, there were a number of changes that folks are looking for, and so we thought it was time for us to do a refresh.”