After reviewing more than a year’s worth of community feedback, NIST has released a Draft of The NIST Cybersecurity Framework (CSF) 2.0 for public comment! This draft represents a major update to the CSF—a resource first released in 2014 to help organizations reduce cybersecurity risk. The draft update reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice for all organizations. The CSF 2.0 draft reflects several major changes, including: an expanded scope, the addition of a sixth function, Govern, and improved and expanded guidance on implementing the CSF—especially for creating profiles.
Today, NIST is also releasing a separate Discussion Draft of the Implementation Examples included in the CSF 2.0 Draft Core for public comment. We will also soon share a new CSF 2.0 Reference Tool, which will allow users of the CSF 2.0 to download and search the CSF 2.0 Draft Core. As CSF 2.0 is finalized, the updated Examples and CSF Informative References will be maintained on this site.
Public comments will be accepted on both of these drafts via cyberframework@nist.gov until Friday, November 4, 2023 through 11:59 pm ET Monday, November 6, 2023; feedback will inform the development of the final CSF 2.0, which will be published in early 2024.
Save the Date:
A hybrid Fall workshop will be held on September 19-20, 2023—and will include options for virtual and in-person attendance—at the NIST National Cybersecurity Center of Excellence (registration will open soon).The workshop will serve as another opportunity for the public to provide feedback and comment on the draft.
Thank you for sharing in our excitement and for being such an important part of this process. As always, please continue to visit our Journey to CSF 2.0 website for important news, updates, and documents in the coming months—and follow us on Twitter via @NISTcyber.
