NIST 2.0 as a Framework for All
Architecture and Governance, Monday, April 29th, 2024
Originally developed for federal use, the National Institute for Standards and Technology (NIST) Cybersecurity Framework (CSF) has been widely adopted across the world (and translated into numerous languages) by organisations to mitigate information security and organisational risk.
It lends itself to a variety of risk assessments by helping to identify and prioritise risk. It is typically used for risk profiling, measuring cyber maturity and developing cybersecurity improvement programmes. In fact, it's proven so popular that when it came to revising the standard a decade after its inception, NIST decided to make it applicable to anyone involved in managing risk to help guide their cybersecurity decision making.
NIST 2.0 was launched at the end of February 2024 with a remit to help organisations 'of all sizes and sectors' to manage cybersecurity risk, reflecting the ubiquitous nature of cyber threats and the potential impact they can have on any business, even those not traditionally considered 'critical'. It's a recognition of the fact that the framework is now widely applicable due to the vastly different digital ecosystem and threat landscape compared to ten years ago.