It has been almost seven years since the 1.1 update of NIST's Cybersecurity Framework. Since its launch in 2014, the Framework has become one of the most influential references for cybersecurity best practices and planning. In January, the world got a glimpse of the draft Concept Paper that will form the basis of the upcoming version 2.0, which is expected to be released in mid-2023. This new version of the CSF is taking on more ambitious goals, such as increased international collaboration. NIST plans to have the Framework translated into multiple languages and to use it to integrate with and influence global standards bodies such as the ISO. NIST also wants version 2.0 to address other developments in cybersecurity, such as zero trust architecture, 5G Cybersecurity, and Post-Quantum Cryptography migration. Version 2.0 will also expand the list of success stories that demonstrate how the Framework was used by different organizations. Additionally, NIST is looking for industry input on how version 2.0 might expand on the supply chain management category, as directed by the U.S. Government in 2021. This update will also focus on how organizations can assess not only their own risk through a framework but that of their partners. Finally, the Concept Paper also mentions the growing focus on other sectors, such as SMBs and the education sector, which will likely be addressed in future updates.
This Cyber News was published on blog.isc2.org. Publication date: Wed, 08 Feb 2023 21:54:03 +0000