In February 2024, the U.S. Government’s, National Institute of Standards and Technology released the NIST Cybersecurity Framework 2.0 providing guidance to industry, government agencies, and other organisations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organisation — regardless of its size, sector, or maturity — to better understand, assess, prioritise, and communicate its cybersecurity efforts. The publication explains CSF 2.0 and its components and describes some of the many ways that it can be used.
While the publication describes what desirable cybersecurity outcomes an organisation can aspire to achieve, descriptions of how an organisation can achieve those outcomes are provided in a suite of online resources that complement the CSF. They include:
• CSF 2.0 Informative References that point to sources of guidance on each outcome from existing global standards, guidelines, frameworks, regulations, policies, etc.
• CSF 2.0-Implementation_Examples.xlsx that illustrate potential ways to achieve each outcome
• Navigating NIST’s CSF 2.0 Quick Start Guides that give actionable guidance on using the CSF and its online resources, including transitioning from previous CSF versions to version 2.0
• Community Profiles and Organisational Profile Templates that help an organszation put the CSF into practice and set priorities for managing cybersecurity risks
Access the NIST Cybersecurity Framework here.