NIST Announces Cybersecurity Framework (CSF) 2.0

The National Institute of Standards and Technology (NIST) recently released its Cybersecurity Framework (CSF) 2.0, which provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks.

NIST has revised the framework for the first time in nearly a decade. The last update occurred in 2014 following a presidential Executive Order.

CSF 2.0 comes after an extensive multi-year process of collecting feedback and public comments on the revised framework.

“CSF 2.0, which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.

The new framework is aligned with the National Cybersecurity Strategy, broadens its scope from safeguarding critical infrastructure to encompassing all sectors.

It introduces a governance focus, emphasizing informed decision-making in cybersecurity strategy. Recognizing cybersecurity as a pivotal enterprise risk, CSF urges senior leaders to prioritize it alongside finance and reputation.

Recently, NIST also signed a two-year agreement with non-profit Engineering Biology Research Consortium (EBRC) to construct safety measures against AI-driven nucleic acid synthesis, a field in synthetic biology harboring both promise and peril.

This collaboration, prompted by a task in the recent Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence, mandates NIST, among other agencies, to establish standards, best practices, and implementation guidelines for nucleic acid synthesis in light of AI advancements.