The US NIST ( National Institute of Standards and Technology) is actively considering significant changes to its CSF, the Cyber Security Framework. It is the first time in five years. Secondly, it is the most significant change ever.
The NIST’s CSF has been in operation since 2014. Later, in 2018, version 1.1 was published. The framework is made to be adaptable rather than prescriptive.
READ MORE: The C2 Framework Is Now Widely in Use by Hackers
Also, the framework is equally popular in and out of the U.S. The framework is a significant reference for several government agencies and enterprises while enabling cyber security programs.
“There have been changes in cybersecurity standards, including those published by NIST, but elsewhere, there have been significant changes in the risk landscape and technologies. And so, even though most of our respondents said they still liked the framework, there were several changes that folks are looking for. So we thought it was time for us to do a refresh,” says Cherilyn Pascoe, NIST’s Cybersecurity Framework Program lead.
READ MORE: Recent Microsoft Misconfiguration Made Unauthenticated Data Access Possible
The changes were inevitable, says NIST. The recent changes in the cyber security landscape and organizational structure, risk management, and enterprise security called for a reform in the CSF. Otherwise, many of the users were quite satisfied with the existing reforms.