Be on the Lookout for NIST 2.0 in 2024
Last Updated: January 8, 2024
What is NIST CSF 1.1?
The NIST CSF 1.1 refers to the National Institute of Standards and Technology Cybersecurity Framework (CSF) version 1.1. The CSF is a set of guidelines, standards, and best practices designed to help organizations manage and improve their cybersecurity posture. It provides a flexible framework that organizations of any size and in any sector can use to assess and enhance their cybersecurity capabilities.
The NIST CSF 1.1, released in April 2018, is an update to the original version (1.0) and incorporates feedback from various stakeholders. It includes additional details on managing cybersecurity within the supply chain, clarifies key terms, and provides more guidance on how to use and implement the framework effectively.
The framework is structured around the core functions of Identify, Protect, Detect, Respond, and Recover, providing a holistic approach to managing and mitigating cybersecurity risks. Organizations can use the NIST CSF as a tool to assess their current cybersecurity practices, establish a cybersecurity program, and communicate about cybersecurity both internally and externally.
NIST Cybersecurity Framework Annotated Guide
It can be challenging to break down all the information within the NIST framework, so we designed this annotated guide to walk you through a risk-based approach that will help organizations of all sizes and maturity levels operationalize and monitor how they’re meeting these guidelines.
What’s Changing in NIST 2.0
Throughout 2023, NIST and the cyber community have been working hard to update v1.1 to v2.0 to address the changing landscape of cybersecurity, including future challenges for organizations. The goal of 2.0 is to make it easier for organizations of all sizes to use the best practice framework to prioritize their cyber efforts by taking a risk-based approach.
NIST 2.0 will include:
- Additional implementation examples
- More commonly used language
- Additional function (Govern)
- Larger focus on ways organizations may respond to threats that can impact their organizations.
- Increase industry inclusion
- Additional referencing and cross-mapping
- Better cyber maturity measurements and performance
Be on the lookout for NIST 2.0 in early 2024!