The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity Framework (CSF) – the first in five years, and the biggest reform yet.
The National Institute of Standards and Technology (NIST) has indicated that the updated version will focus on improving supply chain security, better accounting for privacy and new technologies, and addressing feedback from stakeholders.
Here are some potential changes or additions that could be included in NIST CSF 2.0:
1) Supply Chain Security: NIST CSF 2.0 is expected to include guidance on managing risks to the supply chain, as this is an area of growing concern for many organizations. This may involve assessing and managing third-party risks, ensuring the security of software and hardware components, and implementing controls to prevent tampering with products during transit or storage.
2) Privacy: The updated framework may address privacy concerns more explicitly, including how to manage and protect sensitive data, comply with data protection regulations, and implement privacy controls that align with the CSF's overall risk management approach.
3) Emerging Technologies: NIST CSF 2.0 may also provide guidance on securing emerging technologies, such as cloud computing, the Internet of Things (IoT), and artificial intelligence (AI). This could include recommendations for assessing risks associated with these technologies, implementing security controls, and ensuring that security is integrated into the design of these technologies
4) Stakeholder Feedback: NIST has indicated that the updated framework will incorporate feedback from stakeholders, including public and private sector organizations, cybersecurity experts, and other interested parties. This may result in changes to the structure or content of the framework, as well as additional guidance on specific topics or areas of concern.
It's worth noting that these are just potential changes, and we won't know for sure what NIST CSF 2.0 will include until it is released. However, it's likely that the updated framework will address some of the most pressing cybersecurity issues facing organizations today, and provide practical guidance for managing cyber risks in an increasingly complex and interconnected environment.