Public Comment for NIST Cybersecurity Framework (CSF) Update

The National Institute of Standards and Technology (NIST) has released a draft version of the Cybersecurity Framework (CSF) 2.0, which it first released in 2014 to help organizations understand, reduce and communicate about cybersecurity risk.This is the first significant revision since 2014 and reflects changes in the cybersecurity landscape to make it easier for organizations to implement the CSF. The most significant portion of the revision is the addition of “govern” as an over-arching element of the CSF, i.e., the CSF incorporates an appropriate recognition by the governing body of the importance of cybersecurity.

NIST is accepting public comment on the draft framework until Nov. 4, 2023. NIST does not plan to release another draft. A workshop planned for the fall will be announced shortly and will serve as another opportunity for the public to provide feedback and comments on the draft. The developers plan to publish the final version of CSF 2.0 in early 2024.

View the Cybersecurity Framework (CSF) 2.0 here: CSWP 29, The NIST Cybersecurity Framework 2.0 | CSRC

Feedback on this CSF 2.0 Public Draft and the related Implementation Examples draft may be submitted to by Friday, November 4, 2023.