NIST Releases Discussion Draft of NIST CSF 2.0 Core
The National Institute of Standards and Technology (NIST) is in the process of updating the NIST Cybersecurity Framework (CSF) 1.1 and plans to release the complete draft version 2.0 in the summer. A discussion draft has been published that includes updates to the Core elements of the Framework and NIST is seeking concrete suggestions on how the Framework can be improved ahead of the publication of the complete draft. The NIST CSF 2.0 Core covers the outcomes across the 6 Functions, 21 Categories, and 112 Subcategories and includes a sample of potential new CSF 2.0 Informative Examples. The discussion draft is not complete and is preliminary, and has been released to improve transparency and inform the development of the complete draft.
Modifications have been made to the NIST CSF 1.1 to increase clarity, ensure a consistent level of abstraction, address changes in technologies and risks, and improve alignment with national and international cybersecurity standards and practices. NIST has received comments confirming version 1.1 of the Framework is still effective at addressing cybersecurity risks but felt an update was required to make it easier for organizations to address current risks and future cybersecurity challenges more effectively.
NIST received 92 written responses to its January 2023 CSF 2.0 concept paper, feedback from working sessions and workshops, 134 written responses to its February 2022 NIST Cybersecurity RFI, and suggestions at conferences, webinars, roundtables, and meetings around the world. All feedback has been considered when crafting the update to the Framework.
Specifically, NIST seeks feedback on whether the cybersecurity outcomes detailed in the discussion draft address the current challenges faced by organizations, are aligned with existing cybersecurity practices and resources, and whether the updates address the submitted comments. NIST said suggestions can also be submitted on any aspects of the framework where further improvements can be made, including the content, format, and scope of the implementation examples.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
NIST has confirmed that updates will be made to other elements of the Framework and said there is still much work to be done ahead of the planned summer release of the complete draft of NIST CSF 2.0.
