NIST Releases Cybersecurity Framework 2.0

New guidance expands the framework to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecurity.

Dark Reading Staff, Dark Reading

February 26, 2024

1 Min Read
NIST letters written over circuit board
Source: Borka Kiss via Alamy Stock Photo

After several years of deliberation, the National Institute for Standards and Technology (NIST) has released its Cybersecurity Framework 2.0.

The new framework builds on its long-standing, cyber-risk-reducing recommendations to include the concerns of organizations outside of its initial focus on critical infrastructure.

NIST released its first CSF in 2014, at the direction of a presidential executive order to help organizations, specifically critical infrastructure, mitigate cybersecurity risk. The CSF 2.0 builds on the existing five basic functions (Identify, Protect, Detect, Respond, and Recover) and has been updated to include a sixth, Govern. NIST's CSF 2.0 also addresses supply chain risks.

"Developed by working closely with stakeholders and reflecting the most recent cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a wider swath of users in the United States and abroad," according to a statement from Kevin Stine, chief of NIST's Applied Cybersecurity Division. 

NIST noted CSF 2.0 includes a reference tool cybersecurity teams can use to gather guidance data, as well as a searchable catalog, and a wide offering of references to help organizations of all sizes and sophistication levels implement the new framework.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights