The National Institute of Standards and Technology today released version 2.0 of its Cybersecurity Framework, or CSF, a guidance document for helping organizations reduce their cybersecurity risk. The agency also released resources to help organizations achieve their cybersecurity goals, with added emphasis on governance and supply chains.
The updated CSF is applicable to organizations in any sector, according to NIST. It contains a new focus on governance, stating that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside other factors, such as finance and reputation. The agency also released a CSF 2.0 reference tool for helping organizations implement the guidelines, and quick-start guides.