Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,493
- Points
- 113
What can businesses expect from version 2.0?
The US National Institute of Standards and Technology (NIST) is developing an update to its popular Cybersecurity Framework ("Cybersecurity Framework"). The guide was released about ten years ago as technical recommendations for large industries: energy, banking, healthcare, chemical industry, etc. The new version 2.0, which is still under development, expands this list.
In addition to the five basic functions (identification, protection, detection, response, and recovery), the new Framework includes the sixth — management. According to NIST, the addition emphasizes that cybersecurity is a serious source of risk for any enterprise. As well as legal, financial and other risks that management should consider.
There are recommendations for the public sector and industry. Experts also added ways to apply the standards, such as risk assessment, communication with suppliers, and auditing. The Identification section has been expanded, and new categories of data and configuration management have been added.
The standards will help organizations of all types and sizes, not just the critical infrastructures they were originally designed for. According to developer Cherilyn Pascoe, the new version takes into account both the current practice of using this standard and the prospects for its future application in a wide variety of organizations — from schools and small businesses to government agencies.
Since only a "draft" version of the document is currently available, NIST accepts suggestions and comments until November 4, 2023.
The US National Institute of Standards and Technology (NIST) is developing an update to its popular Cybersecurity Framework ("Cybersecurity Framework"). The guide was released about ten years ago as technical recommendations for large industries: energy, banking, healthcare, chemical industry, etc. The new version 2.0, which is still under development, expands this list.
In addition to the five basic functions (identification, protection, detection, response, and recovery), the new Framework includes the sixth — management. According to NIST, the addition emphasizes that cybersecurity is a serious source of risk for any enterprise. As well as legal, financial and other risks that management should consider.
There are recommendations for the public sector and industry. Experts also added ways to apply the standards, such as risk assessment, communication with suppliers, and auditing. The Identification section has been expanded, and new categories of data and configuration management have been added.
The standards will help organizations of all types and sizes, not just the critical infrastructures they were originally designed for. According to developer Cherilyn Pascoe, the new version takes into account both the current practice of using this standard and the prospects for its future application in a wide variety of organizations — from schools and small businesses to government agencies.
Since only a "draft" version of the document is currently available, NIST accepts suggestions and comments until November 4, 2023.
