Today, NIST is officially unveiling our new Cybersecurity Framework (CSF) 2.0 Reference Tool. This resource allows users to explore the Draft CSF 2.0 Core (Functions, Categories, Subcategories, Implementation Examples) and offers human and machine-readable versions of the draft Core (in both JSON and Excel formats). Currently, the tool allows users to view and export portions of the Core using key search terms. This tool will ultimately enable users to create their own version of the CSF 2.0 Core with selected Informative References and will provide a simple and streamlined way for users to explore different aspects of the CSF Core.
NIST will continue to add additional features to the CSF 2.0 Reference Tool in the coming months (for example, Informative References will be added once CSF 2.0 is finalized in early 2024, which will help to show the connection between the CSF and other cybersecurity frameworks, standards, guidelines, and resources).
Other Important News:
- Last week, NIST released a Draft of the NIST Cybersecurity Framework 2.0. The CSF 2.0 draft reflects several major changes, including: an expanded scope, the addition of a sixth function, Govern, and improved and expanded guidance on implementing the CSF—especially for creating profiles. Public comments will be accepted via cyberframework@nist.gov until Friday, November 4, 2023.
- NIST also released a separate discussion draft of the Implementation Examples included in the CSF 2.0 Draft Core. Public comments will be accepted via cyberframework@nist.gov until Friday, November 4, 2023.
- Save the Date: A hybrid Fall workshop will be held on September 19-20, 2023—and will include options for virtual and in-person attendance—at the NIST National Cybersecurity Center of Excellence (registration will open soon).The workshop will serve as another opportunity for the public to provide feedback and comment.
Thank you for sharing in our excitement and for being such an important part of this process. As always, please continue to visit our Journey to CSF 2.0 website for important news, updates, and documents in the coming months—and follow us on X via @NISTcyber.
