The governing body, which regulates the standards of US cyber security companies announced the second iteration of its draft, meaning that the world’s leading cyber security guidance is getting its first makeover since 2014.
The new version provides guidance to companies regarding how to discuss and consider cybersecurity risks, particularly at the senior executive level, in the push to combay the rising tide of cyber security issues.
The perennial shift in the scope of the document, is that it has now widened its parameters to cover cybersecurity for all organisations, not just those in critical infrastructure sectors such as banking.
NIST’s Cherilyn Pascoe, the framework’s lead developer said: “With this update, we are trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well.
“The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful everywhere from schools and small businesses to local and foreign governments. We want to make sure that it is a tool that’s useful to all sectors, not just those designated as critical.”
NIST is accepting public comment on the draft framework until November 4, however the governing body does not plan to release another draft.
A workshop planned for autumn is expected to be announced shortly and will serve as another opportunity for the public to provide feedback and comments on the draft, ahead of its anticipated early 2024 launch.
In the decade since it was first published, the CSF has been downloaded more than two million times by users across more than 185 countries, and has been translated into at least nine languages.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst