The National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, “…is planning significant changes to its Cybersecurity Framework (CSF) – the first in five years, and the biggest reform yet.
First published in 2014 and updated to version 1.1 in 2018, the CSF provides a set of guidelines and best practices for managing cybersecurity risks. The framework is designed to be flexible and adaptable rather than prescriptive, and is widely used by organizations and government agencies, both within and outside the US, to create cybersecurity programs and measure their maturity.
Following a long consultation, NIST has published a concept paper (pdf) for CSF 2.0 and opened it up to further review. The resulting feedback will be used to develop a final draft of the revised framework, due out sometime this summer.”
More information can be found in Port Swigger’s The Daily Swig (Cybersecurity News and Views) article. Ref: https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework