NIST Releases Updated Version of Cybersecurity Framework

March 6, 2024

Last week, the National Institute of Standards and Technology (NIST) released version 2.0 of its widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk. This is the first major update since the framework was initially launched in 2014 to help organizations understand, mitigate, and communicate cybersecurity-related risks.

CSF 2.0 includes two major updates:

• It is designed for all audiences, industry sectors, and organization types, ranging from small nonprofits to large agencies and corporations.
• The updated framework now includes a new key function of governance to assist organizations in implementing decisions related to cybersecurity strategy.

NIST’s expansion of the CSF to include all industries and all audiences reinforces the growing importance of reducing cybersecurity risks. The financial services industry is particularly susceptible to cybersecurity attacks. NIST and its CSF are routinely referenced among best practices promoted within the financial services industry, as well as among policies and procedures templates.

An added CSF 2.0 Reference Tool assists with organizations’ implementation of CSF 2.0. Users are able to browse, search, and export data and details from CSF’s core guidance.

What does this mean for me?

Fairview will be incorporating the updated guidance in risk assessments going forward. We recommend that everyone in the financial services industry, and particularly those in compliance roles, familiarize themselves with the Cybersecurity Framework. NIST will continue to enhance its resources available to organizations to further mitigate cybersecurity risks.

Fairview’s Cyber Solutions practice assists firms in addressing and mitigating cybersecurity risks. Contact us today if you need assistance.