NIST CSWP 29 introduces the NIST Cybersecurity Framework (CSF) 2.0, a comprehensive update designed to help organizations of all sizes and sectors manage cybersecurity risks more effectively. CSF 2.0 retains the core structure of its predecessor—organized around the main functions of Identify, Protect, Detect, Respond, and Recover—but introduces a significant new function: Govern. This new function elevates governance from a category under Identify in version 1.1 to a full function in its own right, emphasizing the importance of integrating cybersecurity into enterprise risk management and organizational strategy. The framework’s components include the CSF Core (a taxonomy of high-level cybersecurity outcomes), Organizational Profiles (to describe and plan cybersecurity posture), and Tiers (to assess the rigor of risk management practices).
In essence, NIST CSWP 29 and CSF 2.0 serve as a mapping from CSF 1.1 to 2.0, updating and expanding guidance to reflect the evolving threat landscape and the need for stronger governance. The new structure and language make it easier for organizations to align cybersecurity activities with business objectives, regulatory requirements, and risk tolerance, while providing enhanced guidance and resources for implementation
Publication's URL
URL: https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-csf-20/finalPublication's scorecard
Country: USA
Scope: Cyber
Typology: Mapping
Publication's date: February 26, 2024
Category: Governance Framework
Sector: Cross-Sector
Rating:
(1 votes, average: 4.00 out of 5)
Loading...