The NIST Cybersecurity Framework (CSF) development process all started with Executive Order (EO)13636 over a decade ago, which called for building a set of approaches (a framework) for reducing risks to critical infrast
The NIST Cybersecurity Framework (CSF) development process all started with Executive Order (EO)13636 over a decade ago, which called for building a set of approaches (a framework) for reducing risks to critical infrastructure.
Through this EO, NIST was tasked with developing a “Cybersecurity Framework.”
To address current and future cybersecurity challenges and improvements, NIST says it set out on the journey of developing the CSF 2.0.
NIST adds that it has solicited input via formal Requests for Information, workshops and smaller meetings, suggestions from users and non-users alike, and draft documents for public comment.
This all resulted in CSF Versions 1.0 and 1.1 and, most recently, a draft of CSF 2.0.
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.