New NIST Cybersecurity Framework 2.0 – Draft Publication – What are possible changes?

As of 8 August 2023, NIST released the draft new version of their flagship framework. Since 2014 the framework has been used widely to reduce cyber security risks and remains an effective framework for addressing cyber risks.

Brief Explanation of NIST Cyber Security Framework

The NIST Cybersecurity Framework is a set of guidelines designed to help organizations manage and reduce cybersecurity risk. Developed by the National Institute of Standards and Technology (NIST) in the United States, the framework is voluntary but widely used across different industries.

The Core provides activities and outcomes describing what an organization’s cybersecurity program should achieve. It is divided into five functions, which are further divided into categories and subcategories:

• Identify: Understand the organizational systems, assets, data, and capabilities that need protection.
• Protect: Implement safeguards to ensure the delivery of critical infrastructure services.
• Detect: Implement activities to identify the occurrence of a cybersecurity event.
• Respond: Implement activities to take action once a cybersecurity event is detected.