United States of America: Adopted Cybersecurity Framework 2.0

On 26 February 2024, the National Institute of Standards and Technology (NIST) issued the updated version of its Cybersecurity Framework (CSF 2.0). The updated framework aims to assist organisations of all sizes and sectors in managing and reducing cybersecurity risks. CSF 2.0 expands on the core guidance of the previous version and introduces new resources to aid in the implementation of the framework. It comprises three components: core, profiles, and tiers. The CSF core is structured into the functions: govern, identify, protect, detect, respond, and recover. The framework is designed as a set of outcomes, and CSF profiles describe an organisation's current and targeted cybersecurity posture using the CSF Core's outcomes to guide the implementation and impact of these strategies. The CSF tiers are used to communicate the level of rigour and provide an overview of cybersecurity risk management practices, ranging from partial to adaptive, to inform the current and target profiles. Additionally, a guide for communication and integration of risk management aims to manage cybersecurity capabilities both internally and externally with third parties. Finally, CSF 2.0 supports the implementation of the National Cybersecurity Strategy.