Previewing the Upcoming Changes in NIST CSF v2.0
For those who haven’t heard, NIST is in the process of updating the Cybersecurity Framework (CSF) to version 2.0, targeting a quarter 1 of 2024 release. Since its original issue in 2014, the CSF has been a very effective foundational framework for critical infrastructure cybersecurity. For most verticals and most maturity levels, the CSF works well. Compared with other security-controls focused standards, the CSF supports faster (if more high level) baselining, allowing the focus to remain on driving cybersecurity improvement instead of prematurely fussing over controls interpretations and over-exerting on assessments. After all, if your cybersecurity program is yet to be established, there is no garden for your security controls to live and thrive in the first place.