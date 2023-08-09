The National Institute of Standards and Technology (NIST) launched the first draft of its Cybersecurity Framework 2.0, featuring big changes in its scope. In addition to the previous five pillars of the framework’s recommended cybersecurity program, which are “Recover,” “Identify,” “Respond,” “Detect,” and “Protect,” NIST added a sixth pillar, “Govern.” This new function aims to promote new framework integration methods and refocuses the process on individuals’ roles and responsibilities in an organization’s cybersecurity risk management posture.

Other major updates to the 1.1 version of the framework aim to clarify how to assess and measure cybersecurity improvement in an organization’s digital system. NIST’s new framework also promotes the integration of other guidance documents into an entity’s cybersecurity posture. The Cybersecurity Framework 2.0 is still a voluntary set of best practices that organizations of any size and industry can adopt, and not a regulatory regime. The final version of the Cybersecurity Framework 2.0 is set to be released in early 2024.

Read more: https://www.nextgov.com/cybersecurity/2023/08/updated-nist-cyber-framework-focuses-governance/389225/