Significant updates likely in upcoming NIST cybersecurity framework

FedScoop reports that the National Institutes of Standards and Technology is expected to release an update of its Cybersecurity Framework with significant changes by 2024. In a concept paper released on Jan. 19, NIST has proposed to expand the framework beyond critical infrastructure and offer increased implementation guidance, as well as highlight cybersecurity governance and cybersecurity supply chain risk management. "The CSF has been adopted voluntarily and in governmental policies and mandates at all levels around the world, reflecting its enduring and flexible nature to transcend risks, sectors, technologies, and national borders. The CSF is intended to be a living document that is refined and improved over time. The CSF 2.0 version reflects the evolving cybersecurity landscape but community needs will drive the extent and content of the changes," said the paper. NIST will be accepting public comments on the paper with the proposed changes to the Cybersecurity Framework until Mar. 3.