![]() CSF 2.0 will include examples of implementation as part of the subcategories. Industry has requested guidance on how to properly implement CSF. ![]() These updates will provide organizations with additional guidance on changing areas while avoiding tie-ins to specific vendors or technologies. CSF 2.0 will include recent changes in technology, including Zero Trust, Respond and Recover Functions, and Identity Management. They are committed to remaining technology- and vendor-neutral while reflecting evolutions in cybersecurity practices. NIST is moving toward an environment of online, updatable references through CPRT, enabling easy access and updates. NIST is mapping to additional cybersecurity standards, guidelines, and frameworks, and they are seeking submissions for additional guidance on cloud computing, zero trust, and Internet of Things (IoT). NIST will highlight CSF 2.0 using the Cybersecurity and Privacy Reference Tool (CPRT), which includes a user interface for accessing reference data, standards, and tools through an online database. CSF 2.0 will relate to commonly known NIST frameworks, including Risk Management, referencing these as guidance. NIST will retain CSF’s level of detail and status as a global-use framework, but have planned updates to connect to existing standards. Retaining Framework for Contextĭespite a changing cyber landscape, CSF remains a valuable resource for organizations. NIST is seeking information on translations, adaptations, and resources for CSF to enable international engagement. CSF 2.0 will provide guidelines for standardized effective risk management that can be used worldwide. The scope will be reviewed to consider the cybersecurity needs of small businesses and academia, recognizing that CSF is a model framework to address security challenges across organizations of every sector and size.ĬSF 2.0 will focus on international collaboration and information exchanges. The rebranded CSF 2.0 will reflect its intended application across all government, industry, and academia – not just critical infrastructure. ![]() CSF was originally specific to critical infrastructure. The first change involves broadening CSF’s application and scope to cover more use areas, benefit more organizations, and encourage collaboration with international entities. Before publishing a formal draft, NIST is socializing these ideas to obtain feedback and refine updates. In January 2023, the National Institute of Standards and Technology (NIST) released its concept paper outlining proposed changes to the Cybersecurity Framework (CSF).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |