NIST has expanded the CSF’s core guidance and developed related resources to help users get the most out of the framework.
“The NIST CSF 2.0 update significantly impacts the security of software supply chains, addressing the integration of open source, commercial components, in-house developed software, and Commercial Off-The-Shelf products. NIST CSF 2.0 could be a key instrument for helping CISOs better define and build up controls that will improve security outcomes, providing direction to address critical asset protection, reduce or eliminate risk of material impact, and prevent any breach of duty for failing to adhere to regulatory and compliance regulations,” Saša Zdjelar, Chief Trust Officer at ReversingLabs, told Help Net Security.
The CSF 2.0, which supports the implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector.
The updated framework anticipates that organizations will come to the CSF with varying needs and degrees of experience implementing cybersecurity tools.
A new CSF 2.0 Reference Tool now simplifies the way organizations can implement the CSF, allowing users to browse, search and export data and details from the CSF’s core guidance in human-consumable and machine-readable formats.
Organizations can also consult the Cybersecurity and Privacy Reference Tool, which contains an interrelated, browsable and downloadable set of NIST guidance documents that contextualizes these NIST resources, including the CSF, with other popular resources.
