NIST Cybersecurity Framework 2.o Published : First Major Update Since Created

The newly updated Cybersecurity Framework (CSF 2.0) offers simplified cybersecurity guidance designed for everyone, from small nonprofits to large corporations.

The Cybersecurity Framework (CSF) underwent a significant overhaul, marking its first major update since its launch in 2014.


CSF 2.0 also emphasizes strong governance, meaning organizations must make informed decisions about their cybersecurity strategy. 

This highlights that cybersecurity is a major business risk, alongside financial and reputational risks.

Following a presidential Executive Order, NIST unveiled the Cybersecurity Framework (CSF) in 2014, designed to aid organizations in handling cybersecurity risk. 

The framework encompasses six fundamental functions: Identify, Protect, Detect, Respond, Recover, and, introduced in CSF 2.0, Govern.

“Developed by working closely with stakeholders and reflecting the most recent cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a wider swath of users in the United States and abroad,” according to Kevin Stine, chief of NIST’s Applied Cybersecurity Division. 

The Cybersecurity Framework (CSF) 2.0 provides a user-friendly catalog of informative references that enable organizations to align their current cybersecurity practices with the CSF.

The catalog is searchable, helps in identifying gaps in cybersecurity measures, and creates a roadmap for improving cybersecurity posture.

This catalog serves as a cross-reference tool for organizations to align the CSF’s cybersecurity guidance with over 50 other related documents.

Among these documents is the SP 800-53 Rev. 5, which provides a comprehensive list of cybersecurity controls that can be utilized to achieve specific security outcomes.

The new CSF 2.0 Reference Tool streamlines the process by allowing users to:

  • Browse, search, and export data
  • Map existing practices to the CSF
  • Access broader guidance

“As users customize the CSF, we hope they will share their examples and successes, because that will allow us to amplify their experiences and help others,” he said.

“That will help organizations, sectors and even entire nations better understand and manage their cybersecurity risk.” Said Kevin Stine, chief of NIST’s Applied Cybersecurity Division.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.