"NIST's Cybersecurity Framework Gets 'Significant Update'"

The National Institute of Standards and Technology (NIST) is updating its Cybersecurity Framework (CSF) in order to better incorporate topics such as supply chain risk management and governance. The framework, first released in 2014, is a set of standards aimed at helping organizations assess, understand, manage, and mitigate security risks. While voluntary for the private sector, the framework serves as the foundation for many government policies worldwide, and the 2017 executive order "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure" made it mandatory for US federal agencies. In addition, certain insurance companies have made the framework mandatory for specific industries, and organizations can also require the framework to be used within their supply chain. Previously, the framework was lightly updated every three to five years, with CSF 1.1 released in 2018. However, with significant changes in the cybersecurity landscape since then, NIST has considered a more significant overhaul for its framework that includes newer security and privacy resources and addresses recent changes in technologies and risks such as supply chain security. This article continues to discuss the update of NIST's CSF. 

Decipher reports "NIST's Cybersecurity Framework Gets 'Significant Update'"